lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6d3dd8f5-db23-402d-b7c0-d8264bb5a045@linaro.org>
Date: Thu, 16 Jan 2025 11:35:39 +0000
From: James Clark <james.clark@...aro.org>
To: Kuan-Wei Chiu <visitorckw@...il.com>
Cc: mark.rutland@....com, alexander.shishkin@...ux.intel.com,
 jolsa@...nel.org, irogers@...gle.com, adrian.hunter@...el.com,
 kan.liang@...ux.intel.com, Ching-Chun Huang <jserv@...s.ncku.edu.tw>,
 Chun-Ying Huang <chuang@...nycu.edu.tw>, linux-perf-users@...r.kernel.org,
 linux-kernel@...r.kernel.org, stable@...r.kernel.org, peterz@...radead.org,
 mingo@...hat.com, acme@...nel.org, namhyung@...nel.org
Subject: Re: [PATCH v3] perf bench: Fix undefined behavior in cmpworker()



On 16/01/2025 11:08 am, Kuan-Wei Chiu wrote:
> The comparison function cmpworker() violates the C standard's
> requirements for qsort() comparison functions, which mandate symmetry
> and transitivity:
> 
> Symmetry: If x < y, then y > x.
> Transitivity: If x < y and y < z, then x < z.
> 
> In its current implementation, cmpworker() incorrectly returns 0 when
> w1->tid < w2->tid, which breaks both symmetry and transitivity. This
> violation causes undefined behavior, potentially leading to issues such
> as memory corruption in glibc [1].
> 
> Fix the issue by returning -1 when w1->tid < w2->tid, ensuring
> compliance with the C standard and preventing undefined behavior.
> 
> Link: https://www.qualys.com/2024/01/30/qsort.txt [1]
> Fixes: 121dd9ea0116 ("perf bench: Add epoll parallel epoll_wait benchmark")
> Cc: stable@...r.kernel.org
> Signed-off-by: Kuan-Wei Chiu <visitorckw@...il.com>
> ---
> Changes in v3:
> - Perform a full comparison for clarity, as suggested by James.
> 

Reviewed-by: James Clark <james.clark@...aro.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ