| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Feb 2022 23:59:07 +0200
From: Mike Rapoport <rppt@...nel.org>
To: James Bottomley <James.Bottomley@...senPartnership.com>,
Christian König <christian.koenig@....com>,
Linus Torvalds <torvalds@...ux-foundation.org>
CC: Jakob Koschel <jakobkoschel@...il.com>,
alsa-devel@...a-project.org, linux-aspeed@...ts.ozlabs.org,
"Gustavo A. R. Silva" <gustavo@...eddedor.com>,
linux-iio@...r.kernel.org, nouveau@...ts.freedesktop.org,
Rasmus Villemoes <linux@...musvillemoes.dk>,
dri-devel <dri-devel@...ts.freedesktop.org>,
Cristiano Giuffrida <c.giuffrida@...nl>,
amd-gfx list <amd-gfx@...ts.freedesktop.org>,
samba-technical@...ts.samba.org,
linux1394-devel@...ts.sourceforge.net, drbd-dev@...ts.linbit.com,
linux-arch <linux-arch@...r.kernel.org>,
CIFS <linux-cifs@...r.kernel.org>,
KVM list <kvm@...r.kernel.org>,
linux-scsi <linux-scsi@...r.kernel.org>,
linux-rdma <linux-rdma@...r.kernel.org>,
linux-staging@...ts.linux.dev, "Bos, H.J." <h.j.bos@...nl>,
Jason Gunthorpe <jgg@...pe.ca>,
intel-wired-lan@...ts.osuosl.org,
kgdb-bugreport@...ts.sourceforge.net,
bcm-kernel-feedback-list@...adcom.com,
Dan Carpenter <dan.carpenter@...cle.com>,
Linux Media Mailing List <linux-media@...r.kernel.org>,
Kees Cook <keescook@...omium.org>,
Arnd Bergman <arnd@...db.de>,
Linux PM <linux-pm@...r.kernel.org>,
intel-gfx <intel-gfx@...ts.freedesktop.org>,
Brian Johannesmeyer <bjohannesmeyer@...il.com>,
Nathan Chancellor <nathan@...nel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>,
v9fs-developer@...ts.sourceforge.net,
linux-tegra <linux-tegra@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
linux-sgx@...r.kernel.org,
linux-block <linux-block@...r.kernel.org>,
Netdev <netdev@...r.kernel.org>, linux-usb@...r.kernel.org,
linux-wireless <linux-wireless@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux F2FS Dev Mailing List
<linux-f2fs-devel@...ts.sourceforge.net>,
tipc-discussion@...ts.sourceforge.net,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
dma <dmaengine@...r.kernel.org>,
linux-mediatek@...ts.infradead.org,
Andrew Morton <akpm@...ux-foundation.org>,
linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>
Subject: Re: [PATCH 2/6] treewide: remove using list iterator after loop body as a ptr
On February 28, 2022 10:42:53 PM GMT+02:00, James Bottomley <James.Bottomley@...senPartnership.com> wrote:
>On Mon, 2022-02-28 at 21:07 +0100, Christian König wrote:
>> Am 28.02.22 um 20:56 schrieb Linus Torvalds:
>> > On Mon, Feb 28, 2022 at 4:19 AM Christian König
>> > <christian.koenig@....com> wrote:
>> > > I don't think that using the extra variable makes the code in any
>> > > way
>> > > more reliable or easier to read.
>> > So I think the next step is to do the attached patch (which
>> > requires
>> > that "-std=gnu11" that was discussed in the original thread).
>> >
>> > That will guarantee that the 'pos' parameter of
>> > list_for_each_entry()
>> > is only updated INSIDE the for_each_list_entry() loop, and can
>> > never
>> > point to the (wrongly typed) head entry.
>> >
>> > And I would actually hope that it should actually cause compiler
>> > warnings about possibly uninitialized variables if people then use
>> > the
>> > 'pos' pointer outside the loop. Except
>> >
>> > (a) that code in sgx/encl.c currently initializes 'tmp' to NULL
>> > for
>> > inexplicable reasons - possibly because it already expected this
>> > behavior
>> >
>> > (b) when I remove that NULL initializer, I still don't get a
>> > warning,
>> > because we've disabled -Wno-maybe-uninitialized since it results in
>> > so
>> > many false positives.
>> >
>> > Oh well.
>> >
>> > Anyway, give this patch a look, and at least if it's expanded to do
>> > "(pos) = NULL" in the entry statement for the for-loop, it will
>> > avoid the HEAD type confusion that Jakob is working on. And I think
>> > in a cleaner way than the horrid games he plays.
>> >
>> > (But it won't avoid possible CPU speculation of such type
>> > confusion. That, in my opinion, is a completely different issue)
>>
>> Yes, completely agree.
>>
>> > I do wish we could actually poison the 'pos' value after the loop
>> > somehow - but clearly the "might be uninitialized" I was hoping for
>> > isn't the way to do it.
>> >
>> > Anybody have any ideas?
>>
>> I think we should look at the use cases why code is touching (pos)
>> after the loop.
>>
>> Just from skimming over the patches to change this and experience
>> with the drivers/subsystems I help to maintain I think the primary
>> pattern looks something like this:
>>
>> list_for_each_entry(entry, head, member) {
>> if (some_condition_checking(entry))
>> break;
>> }
>> do_something_with(entry);
>
>
>Actually, we usually have a check to see if the loop found anything,
>but in that case it should something like
>
>if (list_entry_is_head(entry, head, member)) {
> return with error;
>}
>do_somethin_with(entry);
>
>Suffice? The list_entry_is_head() macro is designed to cope with the
>bogus entry on head problem.
Won't suffice because the end goal of this work is to limit scope of entry only to loop. Hence the need for additional variable.
Besides, there are no guarantees that people won't do_something_with(entry) without the check or won't compare entry to NULL to check if the loop finished with break or not.
>James
--
Sincerely yours,
Mike
Powered by blists - more mailing lists