lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Dec 2017 10:36:47 -0800
From:   Alexei Starovoitov <ast@...com>
To:     Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...nel.org>,
        "David S . Miller" <davem@...emloft.net>
CC:     Arnd Bergmann <arnd@...db.de>, <netdev@...r.kernel.org>,
        <kernel-team@...com>
Subject: Re: [PATCH bpf-next] bpf: arm64: fix uninitialized variable

On 12/18/17 10:19 AM, Daniel Borkmann wrote:
> On 12/18/2017 07:09 PM, Alexei Starovoitov wrote:
>> From: Alexei Starovoitov <ast@...com>
>>
>> fix the following issue:
>> arch/arm64/net/bpf_jit_comp.c: In function 'bpf_int_jit_compile':
>> arch/arm64/net/bpf_jit_comp.c:982:18: error: 'image_size' may be used
>> uninitialized in this function [-Werror=maybe-uninitialized]
>>
>> Fixes: db496944fdaa ("bpf: arm64: add JIT support for multi-function programs")
>> Reported-by: Arnd Bergmann <arnd@...db.de>
>> Signed-off-by: Alexei Starovoitov <ast@...nel.org>
>> ---
>>  arch/arm64/net/bpf_jit_comp.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
>> index 396490cf7316..acaa935ed977 100644
>> --- a/arch/arm64/net/bpf_jit_comp.c
>> +++ b/arch/arm64/net/bpf_jit_comp.c
>> @@ -897,6 +897,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>>  		image_ptr = jit_data->image;
>>  		header = jit_data->header;
>>  		extra_pass = true;
>> +		image_size = sizeof(u32) * ctx.idx;
>>  		goto skip_init_ctx;
>>  	}
>>  	memset(&ctx, 0, sizeof(ctx));
>>
>
> I don't really mind, but it feels more complex than it needs to be
> imho, since in the initial pass you fetch 'image_size' in fake pass
> from ctx.idx, then we set ctx.idx to 0 again, do another pass and
> use the cached ctx.idx from that second pass instead of the first
> one where we set 'image_size' originally, so we definitely need to
> take that into consideration in future reviews at least.

not sure what you mean.
This check: ctx.idx != jit_data->ctx.idx matters the most.
After first alloc the 'image_size' variable used for dumping only.
That's why the JITing itself worked fine. We could have removed it
since it's computable from idx, but imo it's fine this way.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ