lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.2107261654130.10122@sstabellini-ThinkPad-T480s>
Date:   Mon, 26 Jul 2021 16:54:29 -0700 (PDT)
From:   Stefano Stabellini <sstabellini@...nel.org>
To:     Harshvardhan Jha <harshvardhan.jha@...cle.com>
cc:     Stefano Stabellini <sstabellini@...nel.org>,
        asmadeus@...ewreck.org, ericvh@...il.com, lucho@...kov.net,
        davem@...emloft.net, kuba@...nel.org,
        v9fs-developer@...ts.sourceforge.net, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [External] : Re: [PATCH] 9p/xen: Fix end of loop tests for
 list_for_each_entry

On Tue, 27 Jul 2021, Harshvardhan Jha wrote:
> On 27/07/21 3:00 am, Stefano Stabellini wrote:
> > On Mon, 26 Jul 2021, asmadeus@...ewreck.org wrote:
> > > Harshvardhan Jha wrote on Sun, Jul 25, 2021 at 11:21:03PM +0530:
> > > > The list_for_each_entry() iterator, "priv" in this code, can never be
> > > > NULL so the warning would never be printed.
> > > 
> > > hm? priv won't be NULL but priv->client won't be client, so it will
> > > return -EINVAL alright in practice?
> > > 
> > > This does fix an invalid read after the list head, so there's a real
> > > bug, but the commit message needs fixing.
> > 
> > Agreed
> > 
> > 
> > > > Signed-off-by: Harshvardhan Jha <harshvardhan.jha@...cle.com>
> > > > ---
> > > >  From static analysis.  Not tested.
> > > 
> > > +Stefano in To - I also can't test xen right now :/
> > > This looks functional to me but if you have a bit of time to spare just
> > > a mount test can't hurt.
> > 
> > Yes, I did test it successfully. Aside from the commit messaged to be
> > reworded:
> How's this?
> ===========================BEGIN========================================
> 9p/xen: Fix end of loop tests for list_for_each_entry
> 
> This patch addresses the following problems:
>  - priv can never be NULL, so this part of the check is useless
>  - if the loop ran through the whole list, priv->client is invalid and
> it is more appropriate and sufficient to check for the end of
> list_for_each_entry loop condition.
> 
> Signed-off-by: Harshvardhan Jha <harshvardhan.jha@...cle.com>

That's fine


> ---
> From static analysis. Not tested.
> ===========================END==========================================
> > 
> > Reviewed-by: Stefano Stabellini <sstabellini@...nel.org>
> > Tested-by: Stefano Stabellini <sstabellini@...nel.org>
> > 
> > 
> > > > ---
> > > >   net/9p/trans_xen.c | 4 ++--
> > > >   1 file changed, 2 insertions(+), 2 deletions(-)
> > > > 
> > > > diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c
> > > > index f4fea28e05da..3ec1a51a6944 100644
> > > > --- a/net/9p/trans_xen.c
> > > > +++ b/net/9p/trans_xen.c
> > > > @@ -138,7 +138,7 @@ static bool p9_xen_write_todo(struct
> > > > xen_9pfs_dataring *ring, RING_IDX size)
> > > >     static int p9_xen_request(struct p9_client *client, struct p9_req_t
> > > > *p9_req)
> > > >   {
> > > > -	struct xen_9pfs_front_priv *priv = NULL;
> > > > +	struct xen_9pfs_front_priv *priv;
> > > >   	RING_IDX cons, prod, masked_cons, masked_prod;
> > > >   	unsigned long flags;
> > > >   	u32 size = p9_req->tc.size;
> > > > @@ -151,7 +151,7 @@ static int p9_xen_request(struct p9_client *client,
> > > > struct p9_req_t *p9_req)
> > > >   			break;
> > > >   	}
> > > >   	read_unlock(&xen_9pfs_lock);
> > > > -	if (!priv || priv->client != client)
> > > > +	if (list_entry_is_head(priv, &xen_9pfs_devs, list))
> > > >   		return -EINVAL;
> > > >     	num = p9_req->tc.tag % priv->num_rings;
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ