lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZLBQCFbBOaBUTQmB@yury-ThinkPad>
Date:   Thu, 13 Jul 2023 12:27:15 -0700
From:   Yury Norov <yury.norov@...il.com>
To:     Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc:     Alexander Potapenko <glider@...gle.com>, catalin.marinas@....com,
        will@...nel.org, pcc@...gle.com, andreyknvl@...il.com,
        linux@...musvillemoes.dk, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, eugenis@...gle.com
Subject: Re: [v2 3/5] arm64: mte: implement CONFIG_ARM64_MTE_COMP

> > +		bitmap_set_value_unaligned((unsigned long *)buf, largest_idx,
> > +					   bit_pos, 4);
> 
> > +		bitmap_set_value_unaligned((unsigned long *)buf, largest_idx,
> > +					   bit_pos, 6);
> 
> > +		bitmap_set_value_unaligned((unsigned long *)buf, tags[i],
> > +					   bit_pos, 4);
> 
> > +		bitmap_set_value_unaligned((unsigned long *)buf, 0, bit_pos, 4);
> 
> > +		bitmap_set_value_unaligned((unsigned long *)buf, sizes[i],
> > +					   bit_pos, 7);
> 
> > +	largest_idx = bitmap_get_value_unaligned((unsigned long *)buf, bit_pos,
> > +						 l_bits);
> 
> > +		r_tags[i] = bitmap_get_value_unaligned((unsigned long *)buf,
> > +						       bit_pos, 4);
> 
> > +		r_sizes[i] = bitmap_get_value_unaligned((unsigned long *)buf,
> > +							bit_pos, 7);
> 
> These castings is a red flag. bitmap API shouldn't be used like this. Something
> is not okay here.

Big-endian arches are not OK. Out-of-boundary access is not OK when
the buf is not exactly a multiple of words.

> > +void ea0_release_handle(u64 handle)
> > +{
> > +	void *storage = ea0_storage(handle);
> > +	int size = ea0_storage_size(handle);
> > +	struct kmem_cache *c;
> 
> > +	if (!handle || !storage)
> > +		return;
> 
> You use handle before this check. Haven't you run static analysers?

This approach is called 'defensive programming' as I learned from
previous iteration. Another interesting thing is that the only caller
of the function in patch #5 explicitly checks the handle for NULL, so
we're surely double-defensed here.

        +void _mte_free_saved_tags(void *storage)
        +{
        +       unsigned long handle = xa_to_value(storage);
        +       int size;
        +
        +       if (!handle)
        +               return;
        +       size = ea0_storage_size(handle);
        +       ea0_release_handle(handle);
        +}

_mte_free_saved_tags() calculates size, but doesn't use it in any form,
just to calculate it again in callee...

Thanks,
Yury

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ