lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b22f1750-c53d-481f-8233-12adac30a807@gmail.com>
Date: Sun, 6 Oct 2024 12:28:56 +0530
From: Suraj Sonawane <surajsonawane0215@...il.com>
To: John Garry <john.g.garry@...cle.com>, hch@...radead.org
Cc: axboe@...nel.dk, linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Explanation on Uninitialized Variable bio in blk_rq_prep_clone

On 04/10/24 20:03, John Garry wrote:
> On 04/10/2024 15:10, SurajSonawane2415 wrote:
>> Explaination of how bio could be used uninitialized in this function:
>>
>> In the function blk_rq_prep_clone, the variable bio is declared but 
>> can remain uninitialized
>> if the allocation with bio_alloc_clone fails. This can lead to 
>> undefined behavior when the
>> function attempts to free bio in the error handling section using 
>> bio_put(bio).
>> By initializing bio to NULL at declaration, we ensure that the cleanup 
>> code will only
>> interact with bio if it has been successfully allocated.
>>
>>
> 
> What about if rq_src->bio is NULL for blk_rq_prep_clone() -> 
> __rq_for_each_bio(,rq_src):
> 
> #define __rq_for_each_bio(_bio, rq)    \
>      if ((rq->bio))            \
>          for (_bio = (rq)->bio; _bio; _bio = _bio->bi_next)
> 
> Then I don't think bio it get init'ed. Whether this is possible 
> (rq_src->bio is NULL) is another question.

Hi Keith,

You're right to bring this up. If rq_src->bio is NULL, the 
__rq_for_each_bio macro will skip the loop, meaning the bio variable 
won't be used at all. So, even if bio isn’t initialized, it won't cause 
any issues in that case.

Thanks for pointing that out.

Best regards,
Suraj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ