lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f83c0ce1-b1b2-31f4-60c8-15567b87a8ff@redhat.com>
Date:   Tue, 28 Apr 2020 10:59:14 +1000
From:   Gavin Shan <gshan@...hat.com>
To:     Mark Rutland <mark.rutland@....com>
Cc:     catalin.marinas@....com, linux-kernel@...r.kernel.org,
        Steven Rostedt <rostedt@...dmis.org>, shan.gavin@...il.com,
        will@...nel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] arm64/mm: Reject invalid NUMA option

Hi Mark,

On 4/24/20 8:11 PM, Mark Rutland wrote:
> [Adding Steve, who added str_has_prefix()]
> 
> On Fri, Apr 24, 2020 at 02:53:14PM +1000, Gavin Shan wrote:
>> The NUMA option is parsed by str_has_prefix() and the invalid option
>> like "numa=o" can be regarded as "numa=off" wrongly.
> 
> Are you certain that can pass? If that can happen, str_has_prefix() is
> misnamed and does not seem to do what its kerneldoc says it does, as
> "off" is not a prefix of "o".
> 

Yes, It's possible. str_has_prefix() depends on strncmp(). In this particular
case, it's equal to the snippet of code as below: strncmp() returns zero.
str_has_prefix() returns 3.

int strncmp(const char *cs, const char *ct, size_t count)
{
         unsigned char c1, c2;

         while (count) {
                 c1 = *cs++;
                 c2 = *ct++;
                 if (c1 != c2)
                         return c1 < c2 ? -1 : 1;
                 if (!c1)                             /* break after first character is compared */
                         break;
                 count--;
         }
         return 0;                                    /* 0 returned */
}

static __always_inline size_t str_has_prefix(const char *str, const char *prefix)
{
         size_t len = strlen("o");
         return strncmp("o", "off", 1) == 0 ? len : 0;
}

>> This fixes the issue with sysfs_streq(), which have more sanity checks,
>> to avoid accepting the invalid options.
> 
> That doesn't sound immediately right, since this is an early parameter,
> which has nothing to do with sysfs. Perhaps that's just a misleading
> name?
> 

sysfs_streq() was introduced to compare the parameters received from sysfs
entry, but I don't think it has to be necessarily tied with sysfs entry.
So the name is bit misleading. Alternatively, we also can fix it in another
way (as below) if we try to avoid using sysfs_streq().

diff --git a/arch/arm64/mm/numa.c b/arch/arm64/mm/numa.c
index 4decf1659700..b0c1ec78f50f 100644
--- a/arch/arm64/mm/numa.c
+++ b/arch/arm64/mm/numa.c
@@ -29,9 +29,13 @@ static __init int numa_parse_early_param(char *opt)
  {
         if (!opt)
                 return -EINVAL;
-       if (str_has_prefix(opt, "off"))
+
+       if (strlen(opt) >= 3 && str_has_prefix(opt, "off"))
                 numa_off = true;

> Thanks,
> Mark.
> 

Thanks,
Gavin

>> Signed-off-by: Gavin Shan <gshan@...hat.com>
>> ---
>>   arch/arm64/mm/numa.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/mm/numa.c b/arch/arm64/mm/numa.c
>> index 4decf1659700..bd458b28616a 100644
>> --- a/arch/arm64/mm/numa.c
>> +++ b/arch/arm64/mm/numa.c
>> @@ -29,7 +29,8 @@ static __init int numa_parse_early_param(char *opt)
>>   {
>>   	if (!opt)
>>   		return -EINVAL;
>> -	if (str_has_prefix(opt, "off"))
>> +
>> +	if (sysfs_streq(opt, "off"))
>>   		numa_off = true;
>>   
>>   	return 0;
>> -- 
>> 2.23.0
>>
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ