lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <bffb665a-f747-421a-833a-a4820927e86c@icloud.com>
Date: Tue, 17 Dec 2024 22:09:48 +0800
From: Zijun Hu <zijun_hu@...oud.com>
To: Jonathan Cameron <Jonathan.Cameron@...wei.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 "Rafael J. Wysocki" <rafael@...nel.org>, Tejun Heo <tj@...nel.org>,
 Josef Bacik <josef@...icpanda.com>, Jens Axboe <axboe@...nel.dk>,
 Boris Burkov <boris@....io>, Davidlohr Bueso <dave@...olabs.net>,
 Dave Jiang <dave.jiang@...el.com>,
 Alison Schofield <alison.schofield@...el.com>,
 Vishal Verma <vishal.l.verma@...el.com>, Ira Weiny <ira.weiny@...el.com>,
 Dan Williams <dan.j.williams@...el.com>, linux-kernel@...r.kernel.org,
 cgroups@...r.kernel.org, linux-block@...r.kernel.org,
 linux-cxl@...r.kernel.org, Zijun Hu <quic_zijuhu@...cinc.com>
Subject: Re: [PATCH v3 1/9] driver core: class: Fix wild pointer dereferences
 in API class_dev_iter_next()

On 2024/12/16 23:36, Jonathan Cameron wrote:
>> Actually, all callers of these APIs have such usage pattern in kernel tree.
>> Fix by:
>> - Initialize output parameter @iter by memset() in class_dev_iter_init()
>>   and give callers prompt by pr_crit() for the error.
>> - Check if @iter is valid in class_dev_iter_next().
>>
>> Fixes: 7b884b7f24b4 ("driver core: class.c: convert to only use class_to_subsys")
>> Signed-off-by: Zijun Hu <quic_zijuhu@...cinc.com>
> This looks fine in general, but over to the core device model folk for which
> element they think should be used as the sentinel and whether zeroing the
> whole thing makes sense or just the one being used as a flag, or even setting
> it to an error pointer.

thank you Jonathan for code review.

i actually ever thought about below change and finally dropped it.

-       if (!sp)
+       if (!sp) {
+               iter->sp = NULL;
                return;
+       }


For such APIs, they return void, and does not any output parameter to
feedback operation results.
it may be good practice to always reset its output parameters firstly.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ