| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Aug 2022 17:08:10 +0800
From: Jiasheng Jiang <jiasheng@...as.ac.cn>
To: gregkh@...uxfoundation.org
Cc: jirislaby@...nel.org, ilpo.jarvinen@...ux.intel.com,
johan@...nel.org, penguin-kernel@...ove.sakura.ne.jp,
zhangxuezhi1@...lpad.com, xyangxi5@...il.com,
linux-kernel@...r.kernel.org, Jiasheng Jiang <jiasheng@...as.ac.cn>
Subject: Re: Re: [PATCH] tty: vt: Add checks after calling kzalloc
On Wed, Aug 31, 2022 at 03:57:42PM +0800, Jiasheng Jiang wrote:
>> for (currcons = 0; currcons < MIN_NR_CONSOLES; currcons++) {
>> vc_cons[currcons].d = vc = kzalloc(sizeof(struct vc_data), GFP_NOWAIT);
>> + if (!vc) {
>> + console_unlock();
>> + return -ENOMEM;
>> + }
>> INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK);
>> tty_port_init(&vc->port);
>> visual_init(vc, currcons, 1);
>> /* Assuming vc->vc_{cols,rows,screenbuf_size} are sane here. */
>> vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_NOWAIT);
>> + if (!vc->vc_screenbuf) {
>> + console_unlock();
>> + return -ENOMEM;
>> + }
>
> This has been attempted many times in the past, sorry. Unless you can
> prove that this can actually happen in real life, we are going to leave
> these as-is.
>
> Please do not just do random changes like this without actually testing
> to see if it is possible to happen.
As the harm of vulnerabilities is much higher than the cost of fixing them,
it is acceptable to add harmless security checks that guarantee the
vulnerabilities will never be triggered.
Thanks,
Jiang
Powered by blists - more mailing lists