| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Jul 2021 16:54:29 -0700 (PDT)
From: Stefano Stabellini <sstabellini@...nel.org>
To: Harshvardhan Jha <harshvardhan.jha@...cle.com>
cc: Stefano Stabellini <sstabellini@...nel.org>,
asmadeus@...ewreck.org, ericvh@...il.com, lucho@...kov.net,
davem@...emloft.net, kuba@...nel.org,
v9fs-developer@...ts.sourceforge.net, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [External] : Re: [PATCH] 9p/xen: Fix end of loop tests for
list_for_each_entry
On Tue, 27 Jul 2021, Harshvardhan Jha wrote:
> On 27/07/21 3:00 am, Stefano Stabellini wrote:
> > On Mon, 26 Jul 2021, asmadeus@...ewreck.org wrote:
> > > Harshvardhan Jha wrote on Sun, Jul 25, 2021 at 11:21:03PM +0530:
> > > > The list_for_each_entry() iterator, "priv" in this code, can never be
> > > > NULL so the warning would never be printed.
> > >
> > > hm? priv won't be NULL but priv->client won't be client, so it will
> > > return -EINVAL alright in practice?
> > >
> > > This does fix an invalid read after the list head, so there's a real
> > > bug, but the commit message needs fixing.
> >
> > Agreed
> >
> >
> > > > Signed-off-by: Harshvardhan Jha <harshvardhan.jha@...cle.com>
> > > > ---
> > > > From static analysis. Not tested.
> > >
> > > +Stefano in To - I also can't test xen right now :/
> > > This looks functional to me but if you have a bit of time to spare just
> > > a mount test can't hurt.
> >
> > Yes, I did test it successfully. Aside from the commit messaged to be
> > reworded:
> How's this?
> ===========================BEGIN========================================
> 9p/xen: Fix end of loop tests for list_for_each_entry
>
> This patch addresses the following problems:
> - priv can never be NULL, so this part of the check is useless
> - if the loop ran through the whole list, priv->client is invalid and
> it is more appropriate and sufficient to check for the end of
> list_for_each_entry loop condition.
>
> Signed-off-by: Harshvardhan Jha <harshvardhan.jha@...cle.com>
That's fine
> ---
> From static analysis. Not tested.
> ===========================END==========================================
> >
> > Reviewed-by: Stefano Stabellini <sstabellini@...nel.org>
> > Tested-by: Stefano Stabellini <sstabellini@...nel.org>
> >
> >
> > > > ---
> > > > net/9p/trans_xen.c | 4 ++--
> > > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c
> > > > index f4fea28e05da..3ec1a51a6944 100644
> > > > --- a/net/9p/trans_xen.c
> > > > +++ b/net/9p/trans_xen.c
> > > > @@ -138,7 +138,7 @@ static bool p9_xen_write_todo(struct
> > > > xen_9pfs_dataring *ring, RING_IDX size)
> > > > static int p9_xen_request(struct p9_client *client, struct p9_req_t
> > > > *p9_req)
> > > > {
> > > > - struct xen_9pfs_front_priv *priv = NULL;
> > > > + struct xen_9pfs_front_priv *priv;
> > > > RING_IDX cons, prod, masked_cons, masked_prod;
> > > > unsigned long flags;
> > > > u32 size = p9_req->tc.size;
> > > > @@ -151,7 +151,7 @@ static int p9_xen_request(struct p9_client *client,
> > > > struct p9_req_t *p9_req)
> > > > break;
> > > > }
> > > > read_unlock(&xen_9pfs_lock);
> > > > - if (!priv || priv->client != client)
> > > > + if (list_entry_is_head(priv, &xen_9pfs_devs, list))
> > > > return -EINVAL;
> > > > num = p9_req->tc.tag % priv->num_rings;
>
Powered by blists - more mailing lists