lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 07 Apr 2021 22:20:08 +0200
From:   Davide Caratti <dcaratti@...hat.com>
To:     Colin King <colin.king@...onical.com>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Jiri Pirko <jiri@...nulli.us>,
        "David S . Miller" <davem@...emloft.net>,
        Gautam Ramakrishnan <gautamramk@...il.com>,
        "Sachin D . Patil" <sdp.sachin@...il.com>,
        Mohit Bhasi <mohitbhasi1998@...il.com>,
        Leslie Monis <lesliemonis@...il.com>,
        "Mohit P . Tahiliani" <tahiliani@...k.edu.in>,
        netdev@...r.kernel.org
Cc:     kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: sched: Fix potential infinite loop

hello Colin, and thanks for your patch!

On Wed, 2021-04-07 at 17:38 +0100, Colin King wrote:
> From: Colin Ian King <colin.king@...onical.com>
> 
> The for-loop iterates with a u16 loop counter idx and compares this
> with the loop upper limit of q->flows_cnt that is a u32 type.

the value of 'flows_cnt' has 65535 as an upper bound in the ->init()
function, so it should be safe to use an u16 for 'idx'. (BTW, the
infinite loop loop was a real thing, see [1] :) ).

> There is a potential infinite loop if q->flows_cnt is larger than
> the u8 loop counter.

(u16 loop counter, IIUC)

>  Fix this by making the loop counter the same
> type as q->flows_cnt.

the same 'for' loop is in fq_pie_init() and fq_pie_reset(): so, in my
opinion just changing fq_pie_timer() to fix an infinite loop is not very
useful: 'idx' is also used as an index for q->flows[], that's allocated
in [2]. Maybe (but I might be wrong) just allowing bigger values might
potentially cause other covscan warnings. WDYT?

> Addresses-Coverity: ("Infinite loop")
> Fixes: ec97ecf1ebe4 ("net: sched: add Flow Queue PIE packet scheduler")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>

thanks!
-- 
davide


[1] https://lore.kernel.org/netdev/416eb03a8ca70b5dfb5e882e2752b7fc13c42f92.1590537338.git.dcaratti@redhat.com/
[2] https://elixir.bootlin.com/linux/latest/source/net/sched/sch_fq_pie.c#L417

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ