Re: [PATCH][next] cpumask: allocate enough space for string and trailing '\0' char

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 09, 2020 at 11:57:15PM -0500, Paul Gortmaker wrote:
> 
> 
> On 2020-11-09 8:07 p.m., Qian Cai wrote:
> > On Mon, 2020-11-09 at 13:04 +0000, Colin King wrote:
> > > From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> > > 
> > > Currently the allocation of cpulist is based on the length of buf but does
> > > not include the addition end of string '\0' terminator. Static analysis is
> > > reporting this as a potential out-of-bounds access on cpulist. Fix this by
> > > allocating enough space for the additional '\0' terminator.
> > > 
> > > Addresses-Coverity: ("Out-of-bounds access")
> > > Fixes: 65987e67f7ff ("cpumask: add "last" alias for cpu list specifications")
> > 
> > Yeah, this bad commit also introduced KASAN errors everywhere and then will
> > disable lockdep that makes our linux-next CI miserable. Confirmed that this
> > patch will fix it.
> 
> I appreciate the reports reminding me why I hate touching string handling.
> 
> But let us not lose sight of why linux-next exists.  We want to
> encourage code to appear there as a sounding board before it goes
> mainline, so we can fix things and not pollute mainline git history
> with those trivialities.
> 
> If you've decided to internalize linux-next as part of your CI, then
> great, but do note that does not elevate linux-next to some pristine
> status for the world at large.  That only means you have to watch more
> closely what is going on.
> 
> If you want to declare linux-next unbreakable -- well that would scare
> away others to get the multi-arch or multi-config coverage that they may
> not be able to do themselves.  We are not going to do that.
> 
> I have (hopefully) fixed the "bad commit" in v2 -- as part of the
> implicit linux-next rule "you broke it, you better fix it ASAP".
> 
> But "bad" and "miserable" can be things that might scare people off of
> making use of linux-next for what it is meant to be for.  And I am not
> OK with that.

They would need to use much stronger language to scare me off.  That said,
what on earth is the point of running tests if they do not from time to
time find bugs?  ;-)

							Thanx, Paul

> Thanks,
> Paul.
> --
> 
> > 
> > > Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> > > ---
> > >   lib/cpumask.c | 2 +-
> > >   1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/lib/cpumask.c b/lib/cpumask.c
> > > index 34ecb3005941..cb8a3ef0e73e 100644
> > > --- a/lib/cpumask.c
> > > +++ b/lib/cpumask.c
> > > @@ -185,7 +185,7 @@ int __ref cpulist_parse(const char *buf, struct cpumask
> > > *dstp)
> > >   {
> > >   	int r;
> > >   	char *cpulist, last_cpu[5];	/* NR_CPUS <= 9999 */
> > > -	size_t len = strlen(buf);
> > > +	size_t len = strlen(buf) + 1;
> > >   	bool early = !slab_is_available();
> > >   	if (!strcmp(buf, "all")) {
> > 



[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux