lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <9f904e57ca365036b12263b0d0a06b915e6090631df159d17f4e8a9651c1f5ff@mail.kernel.org>
Date: Sat, 24 Jan 2026 01:50:36 +0000 (UTC)
From: bot+bpf-ci@...nel.org
To: wusamuel@...gle.com,rafael@...nel.org,lenb@...nel.org,pavel@...nel.org,gregkh@...uxfoundation.org,dakr@...nel.org,ast@...nel.org,daniel@...earbox.net,andrii@...nel.org,martin.lau@...ux.dev,eddyz87@...il.com,song@...nel.org,yonghong.song@...ux.dev,john.fastabend@...il.com,kpsingh@...nel.org,sdf@...ichev.me,haoluo@...gle.com,jolsa@...nel.org,shuah@...nel.org
Cc: wusamuel@...gle.com,kernel-team@...roid.com,linux-kernel@...r.kernel.org,linux-pm@...r.kernel.org,bpf@...r.kernel.org,linux-kselftest@...r.kernel.org,ast@...nel.org,andrii@...nel.org,daniel@...earbox.net,martin.lau@...nel.org,eddyz87@...il.com,yonghong.song@...ux.dev,clm@...a.com,ihor.solodrai@...ux.dev
Subject: Re: [PATCH bpf-next v3 3/3] selftests/bpf: Add tests for wakeup_sources

> diff --git a/tools/testing/selftests/bpf/prog_tests/wakeup_source_iter.c b/tools/testing/selftests/bpf/prog_tests/wakeup_source_iter.c
> new file mode 100644
> index 000000000000..c8a38717e284
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/wakeup_source_iter.c

[ ... ]

> +static int get_ws_iter_stream(struct wakeup_source_iter *skel, int *iter_fd,
> +			      FILE **iter_file)
> +{
> +	*iter_fd = bpf_iter_create(
> +			bpf_link__fd(skel->links.wakeup_source_collector));
> +	if (!ASSERT_OK_FD(*iter_fd, "iter_create"))
> +		return -1;
> +
> +	*iter_file = fdopen(*iter_fd, "r");
> +	if (!ASSERT_OK_PTR(*iter_file, "fdopen"))
> +		return -1;
> +
> +	return 0;
> +}

If bpf_iter_create() fails above, get_ws_iter_stream() returns -1 without
writing to *iter_file.

> +static void subtest_ws_iter_check_active_count(struct wakeup_source_iter *skel)
> +{

[ ... ]

> +	char *line = NULL;
> +	bool found_ws = false;
> +	FILE *iter_file = NULL;
> +	int iter_fd = -1;

This function correctly initializes iter_file and iter_fd before calling
get_ws_iter_stream().

[ ... ]

> +}
> +
> +static void subtest_ws_iter_check_sleep_times(struct wakeup_source_iter *skel)
> +{
> +	bool found_test_ws = false;
> +	struct WakeupSourceInfo ws_info;
> +	char *line = NULL;
> +	FILE *iter_file;
> +	int iter_fd;

In contrast to subtest_ws_iter_check_active_count(), iter_file and iter_fd
are not initialized here.

> +
> +	if (get_ws_iter_stream(skel, &iter_fd, &iter_file))
> +		goto cleanup;

[ ... ]

> +cleanup:
> +	if (iter_file)
> +		fclose(iter_file);
> +	else if (iter_fd >= 0)
> +		close(iter_fd);
> +}

If get_ws_iter_stream() fails at bpf_iter_create(), can this access
uninitialized iter_file and iter_fd? The cleanup code would then evaluate
garbage values, potentially calling fclose() with an invalid pointer.


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/21306880863

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ