| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87k0jjcpgn.ffs@tglx>
Date: Tue, 14 Sep 2021 14:27:04 +0200
From: Thomas Gleixner <tglx@...utronix.de>
To: Jiasheng Jiang <jiasheng@...as.ac.cn>
Cc: linux-kernel@...r.kernel.org
Subject: Re:Re:[PATCH 6/6] irq: Potentially 'offset out of size' bug
On Tue, Sep 14 2021 at 08:48, Jiasheng Jiang wrote:
>> On Fri, Sep 10 2021 at 03:26, Jiasheng Jiang wrote:
>> The find_next_bit() use nr_irqs as size, and using it without
>> any check might cause its returned value out of the sizei
>
> On Fri, Sep 10 2021 at 18:28, tglx wrote:
>> Why exactly is this a problem? The return value has to be checked at the
>> call site anyway.
>
> There is really a check at the call site, but the annotation of the
> irq_get_next_irq() is 'Returns next irq number after offset or nr_irqs
> if none is found', which tells the programmer should not check the
> return value of it. In case of a programmer write a new call for the
> irq_get_next_irq(), he may not check the return value because of the
> annotation said.
The return value has always to be checked because nr_irqs is guaranteed
to be an invalid index.
> Therefore, it had better to add the check inside of irq_get_next_irq()
> to fit for the annotation.
Care to look what find_next_bit(..., size) does?
* Returns the bit number for the next set bit
* If no bits are set, returns @size.
So for:
res = find_next_bit(addr, size, offset);
res is guaranteed to be:
offset < res <= size
IOW. irq_get_next_irq() is doing exactly what the comment says.
So again, which problem are you trying to solve?
Thanks,
tglx
Powered by blists - more mailing lists