2018-02-23 09:08:11

by SF Markus Elfring

[permalink] [raw]
Subject: Re: [0/8] target-iSCSI: Adjustments for several function implementations

> Calling crypto_free_shash(NULL) is actually fine.

Really?


> It doesn't dereference the parameter, it just does pointer math on it in
> crypto_shash_tfm() and returns if it's NULL in crypto_destroy_tfm().

Can a passed null pointer really work in this function?

https://elixir.bootlin.com/linux/v4.16-rc2/source/include/crypto/hash.h#L684
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/crypto/hash.h?id=0f9da844d87796ac31b04e81ee95e155e9043132#n751

static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
{
return &tfm->base;
}


Regards,
Markus


2018-02-23 10:30:30

by Dan Carpenter

[permalink] [raw]
Subject: Re: [0/8] target-iSCSI: Adjustments for several function implementations

On Fri, Feb 23, 2018 at 10:06:16AM +0100, SF Markus Elfring wrote:
> > Calling crypto_free_shash(NULL) is actually fine.
>
> Really?
>
>
> > It doesn't dereference the parameter, it just does pointer math on it in
> > crypto_shash_tfm() and returns if it's NULL in crypto_destroy_tfm().
>
> Can a passed null pointer really work in this function?
>
> https://elixir.bootlin.com/linux/v4.16-rc2/source/include/crypto/hash.h#L684
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/crypto/hash.h?id=0f9da844d87796ac31b04e81ee95e155e9043132#n751
>
> static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
> {
> return &tfm->base;
> }

Yes. It's not a dereference, it's just doing pointer math to get the
address.

regards,
dan carpenter


2018-02-23 11:57:12

by SF Markus Elfring

[permalink] [raw]
Subject: Re: [0/8] target-iSCSI: Adjustments for several function implementations

>> Can a passed null pointer really work in this function?
>>
>> https://elixir.bootlin.com/linux/v4.16-rc2/source/include/crypto/hash.h#L684
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/crypto/hash.h?id=0f9da844d87796ac31b04e81ee95e155e9043132#n751
>>
>> static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
>> {
>> return &tfm->base;
>> }
>
> Yes. It's not a dereference,

Do any processors treat the zero address still special there?


> it's just doing pointer math to get the address.

Can eventually happen anything unexpected?


Can it be nicer to avoid such a software behaviour concern generally
just by adjusting a few jump labels (as I proposed it)?

Regards,
Markus