| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20141025013352.GE11289@acer.localdomain> Date: Sat, 25 Oct 2014 02:33:52 +0100 From: Patrick McHardy <kaber@...sh.net> To: Cong Wang <cwang@...pensource.com> Cc: John Fastabend <john.fastabend@...il.com>, Wang Bo <wang.bo116@....com.cn>, David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, cui.yunfeng@....com.cn Subject: Re: [PATCH net] net/sched: Fix use of wild pointer in mq_destroy() when qdisc_alloc fail On Fri, Oct 24, 2014 at 05:57:59PM -0700, Cong Wang wrote: > On Fri, Oct 24, 2014 at 5:33 PM, Patrick McHardy <kaber@...sh.net> wrote: > > > > Its about having a sane API. > > I don't see why calling ->destroy() on failure is not sane in qdisc case. > I never want to argue general case. Because it makes things more complicated. You need to keep track of what was actually initialized since you can't assume a consistent state in ->destroy() anymore. If ->init() fails, it knows where it failed, ->destroy() can't know that. Look at htb_destroy() for an example. It starts with cancel_work_sync(&q->work); Was that actually initialized and can be cancled? You don't know. Next comes qdisc_watchdog_cancel(&q->watchdog); Same here, if the error happened before it was initialized, crash. These are just the first two lines. You get the problem. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists