lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jun 2020 14:23:15 +0200 From: Jesper Dangaard Brouer <jbrouer@...hat.com> To: Gaurav Singh <gaurav1086@...il.com> Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Jesper Dangaard Brouer <hawk@...nel.org>, John Fastabend <john.fastabend@...il.com>, Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>, Andrii Nakryiko <andriin@...com>, KP Singh <kpsingh@...omium.org>, netdev@...r.kernel.org (open list:XDP (eXpress Data Path)), bpf@...r.kernel.org (open list:XDP (eXpress Data Path)), linux-kernel@...r.kernel.org (open list) Subject: Re: [PATCH] bpf: alloc_record_per_cpu Add null check after malloc On Tue, 9 Jun 2020 08:08:03 -0400 Gaurav Singh <gaurav1086@...il.com> wrote: > The memset call is made right after malloc call. To fix this, add the null check right after malloc and then do memset. > Did you read the section about how long lines should be in desc? > Signed-off-by: Gaurav Singh <gaurav1086@...il.com> > --- > samples/bpf/xdp_rxq_info_user.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/samples/bpf/xdp_rxq_info_user.c b/samples/bpf/xdp_rxq_info_user.c > index 4fe47502ebed..490b07b7df78 100644 > --- a/samples/bpf/xdp_rxq_info_user.c > +++ b/samples/bpf/xdp_rxq_info_user.c > @@ -202,11 +202,11 @@ static struct datarec *alloc_record_per_cpu(void) > > size = sizeof(struct datarec) * nr_cpus; > array = malloc(size); > - memset(array, 0, size); > if (!array) { > fprintf(stderr, "Mem alloc error (nr_cpus:%u)\n", nr_cpus); > exit(EXIT_FAIL_MEM); > } > + memset(array, 0, size); > return array; > } Looking at code, this bug happen in more places. Please fix up all locations. I think this fix should go through the "bpf" tree. Please read: https://github.com/torvalds/linux/blob/master/Documentation/bpf/bpf_devel_QA.rst -- Best regards, Jesper Dangaard Brouer MSc.CS, Principal Kernel Engineer at Red Hat LinkedIn: http://www.linkedin.com/in/brouer
Powered by blists - more mailing lists