lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <749f1036-9ad7-ede0-5412-b9449d9e2cde@linux.intel.com>
Date: Fri, 30 May 2025 18:48:55 +0300 (EEST)
From: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To: stuart hayes <stuart.w.hayes@...il.com>
cc: LKML <linux-kernel@...r.kernel.org>, Hans de Goede <hdegoede@...hat.com>, 
    platform-driver-x86@...r.kernel.org
Subject: Re: [PATCH v3 2/4] platform/x86: dell_rbu: Fix list usage

On Fri, 30 May 2025, stuart hayes wrote:

> On 5/30/2025 10:25 AM, Ilpo Järvinen wrote:
> > On Fri, 30 May 2025, stuart hayes wrote:
> > 
> > > On 5/30/2025 2:54 AM, Ilpo Järvinen wrote:
> > > > On Thu, 29 May 2025, Stuart Hayes wrote:
> > > > 
> > > > > Stop using an entire struct packet_data just for the embedded
> > > > > list_head,
> > > > > and fix usage of that list_head.
> > > > > 
> > > > > Fixes: d19f359fbdc6 ("platform/x86: dell_rbu: don't open code
> > > > > list_for_each_entry*()")
> > > > > Signed-off-by: Stuart Hayes <stuart.w.hayes@...il.com>
> > > > 
> > > > Isn't this just refactor so Fixes tag for this commit is not warranted?
> > > > 
> > > 
> > > No. The patch that this fixes had converted the driver to use
> > > list_for_each_entry*() to loop through the packet list instead of a while
> > > loop. But it passed (&packet_data_head.list)->next to
> > > list_for_each_entry*()
> > > instead of the list head itself.
> > > 
> > > That resulted in to issues. In the function that prints the packets, it
> > > would
> > > start with the wrong packet, and in the function that deletes the packets,
> > > it
> > > would get a null pointer dereference when it tried to zero out the data
> > > associated with the packet that held the actual list head.
> > 
> > Oh, I see that difference now. Good catch.
> > 
> > However, that also means the ->next part is wrong and there are two
> > independent changes here, one that fixes this ->next problem and then the
> > refactoring of packet_data_head to packet_data_list?
> > 
> 
> Correct. Do you want those as two separate patches?

Yes please, and please order the fix patch before the refactor patch as 
stable people will be interested in taking the fix into stable releases.

-- 
 i.

> > > > > ---
> > > > >    drivers/platform/x86/dell/dell_rbu.c | 10 +++++-----
> > > > >    1 file changed, 5 insertions(+), 5 deletions(-)
> > > > > 
> > > > > diff --git a/drivers/platform/x86/dell/dell_rbu.c
> > > > > b/drivers/platform/x86/dell/dell_rbu.c
> > > > > index 7b019fb72e86..c03d4d55fcc1 100644
> > > > > --- a/drivers/platform/x86/dell/dell_rbu.c
> > > > > +++ b/drivers/platform/x86/dell/dell_rbu.c
> > > > > @@ -77,14 +77,14 @@ struct packet_data {
> > > > >    	int ordernum;
> > > > >    };
> > > > >    -static struct packet_data packet_data_head;
> > > > > +static struct list_head packet_data_list;
> > > > >      static struct platform_device *rbu_device;
> > > > >    static int context;
> > > > >      static void init_packet_head(void)
> > > > >    {
> > > > > -	INIT_LIST_HEAD(&packet_data_head.list);
> > > > > +	INIT_LIST_HEAD(&packet_data_list);
> > > > >    	rbu_data.packet_read_count = 0;
> > > > >    	rbu_data.num_packets = 0;
> > > > >    	rbu_data.packetsize = 0;
> > > > > @@ -183,7 +183,7 @@ static int create_packet(void *data, size_t
> > > > > length)
> > > > > __must_hold(&rbu_data.lock)
> > > > >      	/* initialize the newly created packet headers */
> > > > >    	INIT_LIST_HEAD(&newpacket->list);
> > > > > -	list_add_tail(&newpacket->list, &packet_data_head.list);
> > > > > +	list_add_tail(&newpacket->list, &packet_data_list);
> > > > >      	memcpy(newpacket->data, data, length);
> > > > >    @@ -292,7 +292,7 @@ static int packet_read_list(char *data, size_t
> > > > > *
> > > > > pread_length)
> > > > >    	remaining_bytes = *pread_length;
> > > > >    	bytes_read = rbu_data.packet_read_count;
> > > > >    -	list_for_each_entry(newpacket, (&packet_data_head.list)->next,
> > > > > list) {
> > > > > +	list_for_each_entry(newpacket, &packet_data_list, list) {
> > > > >    		bytes_copied = do_packet_read(pdest, newpacket,
> > > > >    			remaining_bytes, bytes_read, &temp_count);
> > > > >    		remaining_bytes -= bytes_copied;
> > > > > @@ -315,7 +315,7 @@ static void packet_empty_list(void)
> > > > >    {
> > > > >    	struct packet_data *newpacket, *tmp;
> > > > >    -	list_for_each_entry_safe(newpacket, tmp,
> > > > > (&packet_data_head.list)->next, list) {
> > > > > +	list_for_each_entry_safe(newpacket, tmp, &packet_data_list,
> > > > > list) {
> > > > >    		list_del(&newpacket->list);
> > > > >      		/*
> > > > > 
> > > > 
> > > 
> > 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ