| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Sep 2020 16:57:33 -0400
From: Tony Krowiak <akrowiak@...ux.ibm.com>
To: Halil Pasic <pasic@...ux.ibm.com>
Cc: linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, freude@...ux.ibm.com, borntraeger@...ibm.com,
cohuck@...hat.com, mjrosato@...ux.ibm.com,
alex.williamson@...hat.com, kwankhede@...dia.com,
fiuczy@...ux.ibm.com, frankja@...ux.ibm.com, david@...hat.com,
imbrenda@...ux.ibm.com, hca@...ux.ibm.com, gor@...ux.ibm.com,
kernel test robot <lkp@...el.com>
Subject: Re: [PATCH v10 02/16] s390/vfio-ap: use new AP bus interface to
search for queue devices
On 9/29/20 9:37 AM, Halil Pasic wrote:
> On Tue, 29 Sep 2020 09:07:40 -0400
> Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
>
>>
>> On 9/24/20 10:27 PM, Halil Pasic wrote:
>>> On Fri, 21 Aug 2020 15:56:02 -0400
>>> Tony Krowiak <akrowiak@...ux.ibm.com> wrote:
>>>
>>>> --- a/drivers/s390/crypto/vfio_ap_ops.c
>>>> +++ b/drivers/s390/crypto/vfio_ap_ops.c
>>>> @@ -26,43 +26,26 @@
>>>>
>>>> static int vfio_ap_mdev_reset_queues(struct mdev_device *mdev);
>>>>
>>>> -static int match_apqn(struct device *dev, const void *data)
>>>> -{
>>>> - struct vfio_ap_queue *q = dev_get_drvdata(dev);
>>>> -
>>>> - return (q->apqn == *(int *)(data)) ? 1 : 0;
>>>> -}
>>>> -
>>>> /**
>>>> - * vfio_ap_get_queue: Retrieve a queue with a specific APQN from a list
>>>> - * @matrix_mdev: the associated mediated matrix
>>>> + * vfio_ap_get_queue: Retrieve a queue with a specific APQN.
>>>> * @apqn: The queue APQN
>>>> *
>>>> - * Retrieve a queue with a specific APQN from the list of the
>>>> - * devices of the vfio_ap_drv.
>>>> - * Verify that the APID and the APQI are set in the matrix.
>>>> + * Retrieve a queue with a specific APQN from the AP queue devices attached to
>>>> + * the AP bus.
>>>> *
>>>> - * Returns the pointer to the associated vfio_ap_queue
>>>> + * Returns the pointer to the vfio_ap_queue with the specified APQN, or NULL.
>>>> */
>>>> -static struct vfio_ap_queue *vfio_ap_get_queue(
>>>> - struct ap_matrix_mdev *matrix_mdev,
>>>> - int apqn)
>>>> +static struct vfio_ap_queue *vfio_ap_get_queue(unsigned long apqn)
>>>> {
>>>> + struct ap_queue *queue;
>>>> struct vfio_ap_queue *q;
>>>> - struct device *dev;
>>>>
>>>> - if (!test_bit_inv(AP_QID_CARD(apqn), matrix_mdev->matrix.apm))
>>>> - return NULL;
>>>> - if (!test_bit_inv(AP_QID_QUEUE(apqn), matrix_mdev->matrix.aqm))
>>>> + queue = ap_get_qdev(apqn);
>>>> + if (!queue)
>>>> return NULL;
>>>>
>>>> - dev = driver_find_device(&matrix_dev->vfio_ap_drv->driver, NULL,
>>>> - &apqn, match_apqn);
>>>> - if (!dev)
>>>> - return NULL;
>>>> - q = dev_get_drvdata(dev);
>>>> - q->matrix_mdev = matrix_mdev;
>>>> - put_device(dev);
>>>> + q = dev_get_drvdata(&queue->ap_dev.device);
>>> Is this cast here safe? (I don't think it is.)
>> In the probe, we execute:
>> dev_set_drvdata(&queue->ap_dev.device, q);
>>
>> I don't get any compile nor execution errors. Why wouldn't it be safe?
>>
> Because the queue may or may not be bound to the vfio_ap driver. AFAICT
> this function can be called with an arbitrary APQN.
>
> If it is bound to another driver then drvdata is not likely to hold a
> struct vfio_ap_queue.
Then the function will return NULL. All callers must check for
NULL before using it which is the case in all places where this
function is called.
>
>
>>>> + put_device(&queue->ap_dev.device);
>>>>
>>>> return q;
>>>> }
Powered by blists - more mailing lists