lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250924000311-mutt-send-email-mst@kernel.org>
Date: Wed, 24 Sep 2025 00:03:39 -0400
From: "Michael S. Tsirkin" <mst@...hat.com>
To: Jason Wang <jasowang@...hat.com>
Cc: netdev@...r.kernel.org
Subject: Re: ptr_ring_unconsume: memory corruption potential?

On Tue, Sep 23, 2025 at 11:58:40PM -0400, Michael S. Tsirkin wrote:
> Jason, guys,
> reading ptr ring code, I noticed:
> 


Pls ignore. ENOTENOUGHCOFFEE. It's a nop.



> static inline void ptr_ring_unconsume(struct ptr_ring *r, void **batch, int n,
>                                       void (*destroy)(void *))
> {
>         unsigned long flags;
>         int head;
>                 
>         spin_lock_irqsave(&r->consumer_lock, flags);
>         spin_lock(&r->producer_lock);
> 
>         if (!r->size)
>                 goto done;
>                 
>         /*
>          * Clean out buffered entries (for simplicity). This way following code
>          * can test entries for NULL and if not assume they are valid.
>          */     
>         head = r->consumer_head - 1;
>         while (likely(head >= r->consumer_tail))
>                 r->queue[head--] = NULL;
>                 __ptr_ring_update(r, head);
>         r->consumer_tail = r->consumer_head;
> 
> 
> ...
> 
> 
> 
> Does not look like this will DTRT if r->consumer_head == 0 .
> In fact it looks like it will go off corrupting memory.
> 
> Why isn't this a concern?
> 
> -- 
> MST

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ