lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <33062b69-466c-8419-5bde-a39d6438abfc@linux.intel.com>
Date: Mon, 30 Sep 2024 16:16:50 +0300 (EEST)
From: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To: Reinette Chatre <reinette.chatre@...el.com>
cc: fenghua.yu@...el.com, shuah@...nel.org, tony.luck@...el.com, 
    peternewman@...gle.com, babu.moger@....com, 
    Maciej Wieczór-Retman <maciej.wieczor-retman@...el.com>, 
    linux-kselftest@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH V2 03/13] selftests/resctrl: Fix memory overflow due to
 unhandled wraparound

On Thu, 12 Sep 2024, Reinette Chatre wrote:

> alloc_buffer() allocates and initializes (with random data) a
> buffer of requested size. The initialization starts from the beginning
> of the allocated buffer and incrementally assigns sizeof(uint64_t) random
> data to each cache line. The initialization uses the size of the
> buffer to control the initialization flow, decrementing the amount of
> buffer needing to be initialized after each iteration.
> 
> The size of the buffer is stored in an unsigned (size_t) variable s64
> and the test "s64 > 0" is used to decide if initialization is complete.
> The problem is that decrementing the buffer size may wrap around
> if the buffer size is not divisible by "CL_SIZE / sizeof(uint64_t)"
> resulting in the "s64 > 0" test being true and memory beyond the buffer
> "initialized".
> 
> Use a signed value for the buffer size to support all buffer sizes.
> 
> Fixes: a2561b12fe39 ("selftests/resctrl: Add built in benchmark")
> Signed-off-by: Reinette Chatre <reinette.chatre@...el.com>
> ---
> Changes since V1:
> - New patch.
> ---
>  tools/testing/selftests/resctrl/fill_buf.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/testing/selftests/resctrl/fill_buf.c b/tools/testing/selftests/resctrl/fill_buf.c
> index ae120f1735c0..34e5df721430 100644
> --- a/tools/testing/selftests/resctrl/fill_buf.c
> +++ b/tools/testing/selftests/resctrl/fill_buf.c
> @@ -127,7 +127,7 @@ unsigned char *alloc_buffer(size_t buf_size, int memflush)
>  {
>  	void *buf = NULL;
>  	uint64_t *p64;
> -	size_t s64;
> +	ssize_t s64;
>  	int ret;
>  
>  	ret = posix_memalign(&buf, PAGE_SIZE, buf_size);

Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>

-- 
 i.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ