lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAE8VWiKubZ5Z7yEgLh5ourc+0W1OC+54y+vC-i=xLVLYK=_YGA@mail.gmail.com>
Date: Thu, 21 Nov 2024 22:57:59 +0530
From: Shresth Prasad <shresthprasad7@...il.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, 
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86/sev: Fix dereference NULL return value

On Thu, Nov 21, 2024 at 12:33 AM Borislav Petkov <bp@...en8.de> wrote:
>
> On Wed, Nov 20, 2024 at 06:23:09PM +0530, Shresth Prasad wrote:
> > lookup_address() does return NULL in some paths so I do assume that it
>
> You assume?
>
> Well, do you know or not? You can simply read lookup_address() and more
> specifically lookup_address_in_pgd_attr() and see whether it can return NULL
> or not.
>
> As to this particular case, I don't think it would return a NULL. Otherwise
> something else is very very wrong so perhaps it is better to crash'n'burn
> there.
>
> What would happen if you continue instead on a NULL ptr? Would that make sense
> either?
>
> Basically, I'm trying to make you think before you send patches. Just because
> some silly tool says something is wrong, it doesn't mean you should trust it
> blindly.
>
> You analyze the situation and *then* you send a patch, only when it is really
> an issue.
>
> > can happen, unless there's a logical reason why it can't (please let me know
> > if that's the case). I've also seen it be checked this way in a couple other
> > places.
>
> Kernel programming is not voodoo. You read the code and think.
>
> > I'm not sure why you can't open the page but would it help if I was more
> > descriptive in the commit message?
>
> SYNOPSYS
>
> Username:
> Password:
>
> is what I get.
>
> > Really sorry about that, I completely overlooked it. I'll CC them
> > when I resend the patch.
>
> Before you do, I'd like you to turn on brain and think about the questions
> above.
>
> And I'd like you to please read
>
> https://kernel.org/doc/html/latest/process/development-process.html
>
> and especially
>
> https://kernel.org/doc/html/latest/process/submitting-patches.html
>
> before you submit more patches.
>
> I'm not typing those to get ignored. I mean, I can ignore emails too if mine
> get ignored.
>
> --
> Regards/Gruss,
>     Boris.
>
> https://people.kernel.org/tglx/notes-about-netiquette

I apologise, my approach here was incorrect. I'll rethink how I submit
patches from now on.
It wasn't my intention to ignore any part of your message. I
absolutely went through the docs that you linked.

Thank you for your time.

Best Regards,
Shresth

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ