lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <878qiumxqx.fsf@wotan.olymp>
Date: Thu, 04 Sep 2025 09:24:06 +0100
From: Luis Henriques <luis@...lia.com>
To: Joanne Koong <joannelkoong@...il.com>
Cc: "Darrick J. Wong" <djwong@...nel.org>,  Miklos Szeredi
 <miklos@...redi.hu>,  linux-fsdevel@...r.kernel.org,
  linux-kernel@...r.kernel.org,  kernel-dev@...lia.com
Subject: Re: [PATCH v2] fuse: prevent possible NULL pointer dereference in
 fuse_iomap_writeback_{range,submit}()


On Wed, Sep 03 2025, Joanne Koong wrote:

> On Wed, Sep 3, 2025 at 1:48 PM Darrick J. Wong <djwong@...nel.org> wrote:

>> ...because if someone fails to set wpc->wb_ctx, this line will crash the
>> kernel at least as much as the WARN_ON would.  IOWs, the WARN_ONs aren't
>> necessary but I don't think they hurt much.
>>
>
> Oh, I see. Actually, this explanation makes a lot of sense. When I was
> looking at the other WARN_ON usages in fuse, I noticed they were also
> used even if it's logically proven that the code path can never be
> triggered. But I guess what you're saying is that WARN_ONs in general
> should be used if it's otherwise somehow undetectable / non-obvious
> that the condition is violated? That makes sense to me, and checks out
> with the other fuse WARN_ON uses.
>
> I'm fine with just removing the WARN_ON(!data) here and below. I think
> I added some more WARN_ONs in my other fuse iomap patchset, so I'll
> remove those as well when I send out a new version.

I don't have a preference between v1 and v2 of this patch.  v1 removed the
WARNs because I don't think they are useful:

1. the assertions are never true, but
2. if they are, they are useless because we'll hit a NULL pointer
   dereference anyway.

v2 tries to fix the code assuming the assertions can be triggered.

So, yeah I'll just leave the 3 options (v1, v2, or do nothing) on the
table :-)

Cheers,
-- 
Luís

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ