lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200201164235.9749-1-ap420073@gmail.com>
Date:   Sat,  1 Feb 2020 16:42:35 +0000
From:   Taehee Yoo <ap420073@...il.com>
To:     davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org
Cc:     ap420073@...il.com
Subject: [PATCH net v3 0/7] netdevsim: fix several bugs in netdevsim module

This patchset fixes several bugs in netdevsim module.

1. The first patch fixes using uninitialized resources
This patch fixes two similar problems, which is to use uninitialized
resources.
a) In the current code, {new/del}_device_store() use resource,
they are initialized by __init().
But, these functions could be called before __init() is finished.
So, accessing uninitialized data could occur and it eventually makes panic.
b) In the current code, {new/del}_port_store() uses resource,
they are initialized by new_device_store().
But thes functions could be called before new_device_store() is finished.

2. The second patch fixes another race condition.
The main problem is a race condition in {new/del}_port() and devlink reload
function.
These functions would allocate and remove resources. So these functions
should not be executed concurrently.

3. The third patch fixes a panic in nsim_dev_take_snapshot_write().
nsim_dev_take_snapshot_write() uses nsim_dev and nsim_dev->dummy_region.
But these data could be removed by both reload routine and
del_device_store(). And these functions could be executed concurrently.

4. The fourth patch fixes stack-out-of-bound in nsim_dev_debugfs_init().
nsim_dev_debugfs_init() provides only 16bytes for name pointer.
But, there are some case the name length is over 16bytes.
So, stack-out-of-bound occurs.

5. The fifth patch uses IS_ERR instead of IS_ERR_OR_NULL.
debugfs_create_{dir/file} doesn't return NULL.
So, IS_ERR() is more correct.

6. The sixth patch avoids kmalloc warning.
When too large memory allocation is requested by user-space, kmalloc
internally prints warning message.
That warning message is not necessary.
In order to avoid that, it adds __GFP_NOWARN.

7. The last patch removes an unused sdev.c file

Change log:

v2 -> v3:
 - Use smp_load_acquire() and smp_store_release() for flag variables.
 - Change variable names.
 - Fix deadlock in second patch.
 - Update lock variable comment.
 - Add new patch for fixing panic in snapshot_write().
 - Include Reviewed-by tags.
 - Update some log messages and comment.

v1 -> v2: 
 - Splits a fixing race condition patch into two patches.
 - Fix incorrect Fixes tags.
 - Update comments
 - Fix use-after-free
 - Add a new patch, which removes an unused sdev.c file.
 - Remove a patch, which tries to avoid debugfs warning.

Taehee Yoo (7):
  netdevsim: fix using uninitialized resources
  netdevsim: disable devlink reload when resources are being used
  netdevsim: fix panic in nsim_dev_take_snapshot_write()
  netdevsim: fix stack-out-of-bounds in nsim_dev_debugfs_init()
  netdevsim: use IS_ERR instead of IS_ERR_OR_NULL for debugfs
  netdevsim: use __GFP_NOWARN to avoid memalloc warning
  netdevsim: remove unused sdev code

 drivers/net/netdevsim/bpf.c       | 10 +++--
 drivers/net/netdevsim/bus.c       | 64 ++++++++++++++++++++++++++--
 drivers/net/netdevsim/dev.c       | 31 +++++++++-----
 drivers/net/netdevsim/health.c    |  6 +--
 drivers/net/netdevsim/netdevsim.h |  4 ++
 drivers/net/netdevsim/sdev.c      | 69 -------------------------------
 6 files changed, 93 insertions(+), 91 deletions(-)
 delete mode 100644 drivers/net/netdevsim/sdev.c

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ