lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a3a8418a-57f2-4f3e-80a3-011de2af1296@gmail.com>
Date: Mon, 14 Oct 2024 10:49:28 +0200
From: Javier Carrasco <javier.carrasco.cruz@...il.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Florian Fainelli <florian.fainelli@...adcom.com>,
 Broadcom internal kernel review list
 <bcm-kernel-feedback-list@...adcom.com>,
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 Stefan Wahren <wahrenst@....net>, Umang Jain <umang.jain@...asonboard.com>,
 Laurent Pinchart <laurent.pinchart@...asonboard.com>,
 linux-rpi-kernel@...ts.infradead.org, linux-arm-kernel@...ts.infradead.org,
 linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org,
 stable@...r.kernel.org
Subject: Re: [PATCH] staging: vchiq_arm: Fix missing refcount decrement in
 error path for fw_node

On 14/10/2024 10:39, Dan Carpenter wrote:
> On Mon, Oct 14, 2024 at 10:15:25AM +0200, Javier Carrasco wrote:
>> On 14/10/2024 10:12, Dan Carpenter wrote:
>>> On Mon, Oct 14, 2024 at 09:59:49AM +0200, Javier Carrasco wrote:
>>>> This approach is great as long as the maintainer accepts mid-scope
>>>> variable declaration and the goto instructions get refactored, as stated
>>>> in cleanup.h.
>>>>
>>>> The first point is not being that problematic so far, but the second one
>>>> is trickier, and we all have to take special care to avoid such issues,
>>>> even if they don't look dangerous in the current code, because adding a
>>>> goto where there cleanup attribute is already used can be overlooked as
>>>> well.
>>>>
>>>
>>> To be honest, I don't really understand this paragraph.  I think maybe you're
>>> talking about if we declare the variable at the top and forget to initialize it
>>> to NULL?  It leads to an uninitialized variable if we exit the function before
>>> it is initialized.
>>>
>>
>> No, I am talking about declaring the variable mid-scope, and later on
>> adding a goto before that declaration in a different patch, let's say
>> far above the variable declaration. As soon as a goto is added, care
>> must be taken to make sure that we don't have variables with the cleanup
>> attribute in the scope. Just something to take into account.
>>
> 
> Huh.  That's an interesting point.  If you have:
> 
> 	if (ret)
> 		goto done;
> 
> 	struct device_node *fw_node __free(device_node) = something;
> 
> Then fw_node isn't initialized when we get to done.  However, in my simple test
> this triggered a build failure with Clang so I believe we would catch this sort
> of bug pretty quickly.
> 
> regards,
> dan carpenter
> 

Yes, the only pity is that GCC (I guess still the most common compiler
for the Linux kernel) stays silent, and it happily builds a buggy image.
But as you said, the patch will trigger some alarms as soon as it is
sent upstream.

In this particular case, and as Greg pointed out, that is not a real
threat anyway. My digression comes to an end, and v2 is on its way.

Thanks and best regards,
Javier Carrasco

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ