lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aa93722b-100a-c750-cf51-bcaf9defbd03@suse.com>
Date:   Tue, 12 May 2020 11:13:27 +0200
From:   Jürgen Groß <jgross@...e.com>
To:     Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        xen-devel@...ts.xenproject.org, linux-kernel@...r.kernel.org,
        clang-built-linux@...glegroups.com
Cc:     Stefano Stabellini <sstabellini@...nel.org>,
        Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH 1/2] xen/xenbus: avoid large structs and arrays on the
 stack

On 11.05.20 20:01, Boris Ostrovsky wrote:
> On 5/11/20 3:31 AM, Juergen Gross wrote:
>>   
>>   static int xenbus_map_ring_valloc_hvm(struct xenbus_device *dev,
> 
> 
> I wonder whether we can drop valloc/vfree from xenbus_ring_ops' names.

I can do that.

> 
> 
>> +				      struct map_ring_valloc *info,
>>   				      grant_ref_t *gnt_ref,
>>   				      unsigned int nr_grefs,
>>   				      void **vaddr)
>>   {
>> -	struct xenbus_map_node *node;
>> +	struct xenbus_map_node *node = info->node;
>>   	int err;
>>   	void *addr;
>>   	bool leaked = false;
>> -	struct map_ring_valloc_hvm info = {
>> -		.idx = 0,
>> -	};
>>   	unsigned int nr_pages = XENBUS_PAGES(nr_grefs);
>>   
>> -	if (nr_grefs > XENBUS_MAX_RING_GRANTS)
>> -		return -EINVAL;
>> -
>> -	*vaddr = NULL;
>> -
>> -	node = kzalloc(sizeof(*node), GFP_KERNEL);
>> -	if (!node)
>> -		return -ENOMEM;
>> -
>>   	err = alloc_xenballooned_pages(nr_pages, node->hvm.pages);
>>   	if (err)
>>   		goto out_err;
>>   
>>   	gnttab_foreach_grant(node->hvm.pages, nr_grefs,
>>   			     xenbus_map_ring_setup_grant_hvm,
>> -			     &info);
>> +			     info);
>>   
>>   	err = __xenbus_map_ring(dev, gnt_ref, nr_grefs, node->handles,
>> -				info.phys_addrs, GNTMAP_host_map, &leaked);
>> +				info, GNTMAP_host_map, &leaked);
>>   	node->nr_handles = nr_grefs;
>>   
>>   	if (err)
>> @@ -641,11 +654,13 @@ static int xenbus_map_ring_valloc_hvm(struct xenbus_device *dev,
>>   	spin_unlock(&xenbus_valloc_lock);
>>   
>>   	*vaddr = addr;
>> +	info->node = NULL;
> 
> 
> Is this so that xenbus_map_ring_valloc() doesn't free it accidentally?

Yes.


Juergen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ