lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250923235611-mutt-send-email-mst@kernel.org>
Date: Tue, 23 Sep 2025 23:58:36 -0400
From: "Michael S. Tsirkin" <mst@...hat.com>
To: Jason Wang <jasowang@...hat.com>
Cc: netdev@...r.kernel.org
Subject: ptr_ring_unconsume: memory corruption potential?

Jason, guys,
reading ptr ring code, I noticed:


static inline void ptr_ring_unconsume(struct ptr_ring *r, void **batch, int n,
                                      void (*destroy)(void *))
{
        unsigned long flags;
        int head;
                
        spin_lock_irqsave(&r->consumer_lock, flags);
        spin_lock(&r->producer_lock);

        if (!r->size)
                goto done;
                
        /*
         * Clean out buffered entries (for simplicity). This way following code
         * can test entries for NULL and if not assume they are valid.
         */     
        head = r->consumer_head - 1;
        while (likely(head >= r->consumer_tail))
                r->queue[head--] = NULL;
                __ptr_ring_update(r, head);
        r->consumer_tail = r->consumer_head;


...



Does not look like this will DTRT if r->consumer_head == 0 .
In fact it looks like it will go off corrupting memory.

Why isn't this a concern?

-- 
MST

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ