lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1799e36d-2083-4904-8bab-91be64cc9f60@stanley.mountain>
Date: Wed, 9 Oct 2024 17:31:48 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Jason Gunthorpe <jgg@...dia.com>
Cc: Qianqiang Liu <qianqiang.liu@....com>, leon@...nel.org,
	linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] RDMA/nldev: Fix NULL pointer dereferences issue in
 rdma_nl_notify_event

On Fri, Oct 04, 2024 at 05:13:02PM -0300, Jason Gunthorpe wrote:
> On Fri, Sep 27, 2024 at 10:06:13PM +0800, Qianqiang Liu wrote:
> > nlmsg_put() may return a NULL pointer assigned to nlh, which will later
> > be dereferenced in nlmsg_end().
> > 
> > Fixes: 9cbed5aab5ae ("RDMA/nldev: Add support for RDMA monitoring")
> > Signed-off-by: Qianqiang Liu <qianqiang.liu@....com>
> > ---
> >  Changes since v1:
> >  - Add Fixes tag
> > ---
> >  drivers/infiniband/core/nldev.c | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/drivers/infiniband/core/nldev.c b/drivers/infiniband/core/nldev.c
> > index 39f89a4b86498..7dc8e2ec62cc8 100644
> > --- a/drivers/infiniband/core/nldev.c
> > +++ b/drivers/infiniband/core/nldev.c
> > @@ -2816,6 +2816,8 @@ int rdma_nl_notify_event(struct ib_device *device, u32 port_num,
> >  	nlh = nlmsg_put(skb, 0, 0,
> >  			RDMA_NL_GET_TYPE(RDMA_NL_NLDEV, RDMA_NLDEV_CMD_MONITOR),
> >  			0, 0);
> > +	if (!nlh)
> > +		goto err_free;
> 
> It doesn't look to me like nlmsg_put can fail in this usage, but we
> should probbaly put the if to avoid getting static checkers warning on
> it.
> 
> Applied to for-rc, thanks

It's difficult for static checkers to predict when a function can *really*
return NULL or not.  Smatch checks allocation functions and that's basically it.

I suspect there is a heuristic here where it warns if the percent of callers
that check is over 70% or something.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ