| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Apr 2021 15:19:14 +0200
From: Juergen Gross <jgross@...e.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org
Cc: Aditya Pakki <pakki001@....edu>
Subject: Re: [PATCH 061/190] Revert "xen/grant-table: remove multiple BUG_ON
on gnttab_interface"
On 21.04.21 14:58, Greg Kroah-Hartman wrote:
> This reverts commit d6bd6cf9feb81737f9f64d2c1acf98fdaacebad1.
>
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes. The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
>
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix. Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
>
> Cc: Aditya Pakki <pakki001@....edu>
> Cc: Juergen Gross <jgross@...e.com>
> Cc: Juergen Gross <jgross@...e.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
The reverted patch didn't introduce any issue. I have verified that the
BUG_ON()s are really impossible to trigger, and even if they would have
been triggering, they'd be now replaced by NULL dereferences.
So I believe you can just drop this revert.
Juergen
> ---
> drivers/xen/grant-table.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c
> index 3729bea0c989..5065d36c602e 100644
> --- a/drivers/xen/grant-table.c
> +++ b/drivers/xen/grant-table.c
> @@ -663,6 +663,7 @@ static int grow_gnttab_list(unsigned int more_frames)
> unsigned int nr_glist_frames, new_nr_glist_frames;
> unsigned int grefs_per_frame;
>
> + BUG_ON(gnttab_interface == NULL);
> grefs_per_frame = gnttab_interface->grefs_per_grant_frame;
>
> new_nr_grant_frames = nr_grant_frames + more_frames;
> @@ -1281,6 +1282,7 @@ EXPORT_SYMBOL_GPL(gnttab_unmap_refs_sync);
>
> static unsigned int nr_status_frames(unsigned int nr_grant_frames)
> {
> + BUG_ON(gnttab_interface == NULL);
> return gnttab_frames(nr_grant_frames, SPP);
> }
>
> @@ -1508,6 +1510,7 @@ static int gnttab_expand(unsigned int req_entries)
> int rc;
> unsigned int cur, extra;
>
> + BUG_ON(gnttab_interface == NULL);
> cur = nr_grant_frames;
> extra = ((req_entries + gnttab_interface->grefs_per_grant_frame - 1) /
> gnttab_interface->grefs_per_grant_frame);
> @@ -1542,6 +1545,7 @@ int gnttab_init(void)
> /* Determine the maximum number of frames required for the
> * grant reference free list on the current hypervisor.
> */
> + BUG_ON(gnttab_interface == NULL);
> max_nr_glist_frames = (max_nr_grant_frames *
> gnttab_interface->grefs_per_grant_frame / RPP);
>
>
Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3092 bytes)
Download attachment "OpenPGP_signature" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists