lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 23 Nov 2023 21:39:57 +0800
From: Wen Gu <guwen@...ux.alibaba.com>
To: Simon Horman <horms@...nel.org>
Cc: wintera@...ux.ibm.com, wenjia@...ux.ibm.com, hca@...ux.ibm.com,
 gor@...ux.ibm.com, agordeev@...ux.ibm.com, davem@...emloft.net,
 edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
 kgraul@...ux.ibm.com, jaka@...ux.ibm.com, borntraeger@...ux.ibm.com,
 svens@...ux.ibm.com, alibuda@...ux.alibaba.com, tonylu@...ux.alibaba.com,
 raspl@...ux.ibm.com, schnelle@...ux.ibm.com, linux-s390@...r.kernel.org,
 netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next 5/7] net/smc: compatible with 128-bits extend GID
 of virtual ISM device



On 2023/11/23 03:07, Simon Horman wrote:

> On Sun, Nov 19, 2023 at 09:57:55PM +0800, Wen Gu wrote:
>> According to virtual ISM support feature defined by SMCv2.1, GIDs of
>> virtual ISM device are UUIDs defined by RFC4122, which are 128-bits
>> long. So some adaptation work is required. And note that the GIDs of
>> existing platform firmware ISM devices still remain 64-bits long.
>>
>> Signed-off-by: Wen Gu <guwen@...ux.alibaba.com>
> 
> ...
> 
>> diff --git a/net/smc/smc_core.c b/net/smc/smc_core.c
> 
> ...
> 
>> @@ -1522,7 +1527,10 @@ void smc_smcd_terminate(struct smcd_dev *dev, u64 peer_gid, unsigned short vlan)
>>   	/* run common cleanup function and build free list */
>>   	spin_lock_bh(&dev->lgr_lock);
>>   	list_for_each_entry_safe(lgr, l, &dev->lgr_list, list) {
>> -		if ((!peer_gid || lgr->peer_gid == peer_gid) &&
>> +		if ((!peer_gid->gid ||
> 
> Hi Wen Gu,
> 
> Previously this condition assumed that peer could be NULL,
> and that is still the case in the next condition, a few lines down.
> But with this patch peer is unconditionally dereferenced here.
> 
> As flagged by Smatch.
> 

Hi Simon,

Good catch!

Previously the peer_gid is an u64 type variable and it will be checked if it is 0.

With this patch, peer_gid is an struct smcd_gid type pointer and the function that
calls smc_smcd_terminate will make sure it is not NULL. So it is safe here.

But there is indeed a problem here, see below.

>> +		     (lgr->peer_gid.gid == peer_gid->gid &&
>> +		      !smc_ism_is_virtual(dev) ? 1 :
>> +		      lgr->peer_gid.gid_ext == peer_gid->gid_ext)) &&
>>   		    (vlan == VLAN_VID_MASK || lgr->vlan_id == vlan)) {
>>   			if (peer_gid) /* peer triggered termination */

This if condition should be 'if (peer_gid->gid)'

I will fix this in the next version. Thank you very much.

Regards,
Wen Gu

>>   				lgr->peer_shutdown = 1;
> 
> ...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ