lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241120190318.GCZz4ydl5z5mUHrJd4@fat_crate.local>
Date: Wed, 20 Nov 2024 20:03:18 +0100
From: Borislav Petkov <bp@...en8.de>
To: Shresth Prasad <shresthprasad7@...il.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86/sev: Fix dereference NULL return value

On Wed, Nov 20, 2024 at 06:23:09PM +0530, Shresth Prasad wrote:
> lookup_address() does return NULL in some paths so I do assume that it

You assume?

Well, do you know or not? You can simply read lookup_address() and more
specifically lookup_address_in_pgd_attr() and see whether it can return NULL
or not.

As to this particular case, I don't think it would return a NULL. Otherwise
something else is very very wrong so perhaps it is better to crash'n'burn
there.

What would happen if you continue instead on a NULL ptr? Would that make sense
either?

Basically, I'm trying to make you think before you send patches. Just because
some silly tool says something is wrong, it doesn't mean you should trust it
blindly.

You analyze the situation and *then* you send a patch, only when it is really
an issue.

> can happen, unless there's a logical reason why it can't (please let me know
> if that's the case). I've also seen it be checked this way in a couple other
> places.

Kernel programming is not voodoo. You read the code and think.

> I'm not sure why you can't open the page but would it help if I was more
> descriptive in the commit message?

SYNOPSYS

Username:
Password:

is what I get.

> Really sorry about that, I completely overlooked it. I'll CC them
> when I resend the patch.

Before you do, I'd like you to turn on brain and think about the questions
above.

And I'd like you to please read

https://kernel.org/doc/html/latest/process/development-process.html

and especially

https://kernel.org/doc/html/latest/process/submitting-patches.html

before you submit more patches.

I'm not typing those to get ignored. I mean, I can ignore emails too if mine
get ignored.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ