Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp237599rdb; Tue, 5 Dec 2023 04:16:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IEmXYh+LmCa77cnOkZYZ37uyWUzGDBzQQH+CEjRvm5sg2G3FzyJcs8omAiLg5FXQAXM+dRV X-Received: by 2002:a17:90b:4b52:b0:286:9d41:8347 with SMTP id mi18-20020a17090b4b5200b002869d418347mr883145pjb.17.1701778574658; Tue, 05 Dec 2023 04:16:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701778574; cv=none; d=google.com; s=arc-20160816; b=tH9t17Pup093yQX5f4p3+NOAMQhKTCUxWgU5rczDJTSLZOSphGe5RLU4vj0SEgaOau dJ8oyFKTYQVoqQkgA8cUh7NN0NcH1IgvfcIjKP+2UHhAGGJ7xEH5U4xNPZv5jKO8q0rQ puJ34tt6UlvWO3UsFV9Kviy8dwYQ75scJnsJHfCpTE7YP5pSCXdMzQVvMkIpn6tdwYX9 vxz+strdsO9lVlqIs+nLn5x5W0FvEVazlG73kHlnFZ3a/X7qmG0xFk1GYZN1jsQMUtnk xP909WVEkZwl/pCGMf5p7rEXtOL30elGc5MeiGrL/J+P31wo7ZOY+QX5lHI6LOs9RT2a Kdqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-filter; bh=H7a/FeUhwOKqH2yi6Ii8EYVnQ0T26j0ybsDcPTJaRrU=; fh=+bmW0EzBLNtkb5MMcquFpnCYkPwYkDHHSMjypgPcXmc=; b=fNNwMVbqQMibnjMv2Ax6I2kCGaarQcZMGHeBZ/zHl54IF02SK0HKXMxOoXEmIvIAZV n+o2bA9vK9m57f1x2mHE8tIJQFOyr0sFmU/b6ziPzJCh+y1XB5535Wo1S7y6aRPl9WSz zgp2fMpeZBkayu8XUaLzrQQj3FJ+LiCUIkWLcqEbFEF1A8uEu9s+FhV0ka6A0tOJEBAl rC9m51kZc5CzQarITzFn7JPpZ8430i5nHZhCSf0PnumMfBeA/hoPQ2OE1jq78NJMGUYC z689ie2Bpz9xY01k94OzKb0q4oqpzp8kOB8vfwXdhHpKqmcRLYJtamGpOOwYeHDFyrhx 0smQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ispras.ru header.s=default header.b=GPRU4I6Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id c5-20020a170903234500b001d0a0a9a997si2768293plh.25.2023.12.05.04.16.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 04:16:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@ispras.ru header.s=default header.b=GPRU4I6Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 2F1988095F64; Tue, 5 Dec 2023 04:16:12 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345004AbjLEMP7 (ORCPT + 99 others); Tue, 5 Dec 2023 07:15:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43008 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344974AbjLEMPv (ORCPT ); Tue, 5 Dec 2023 07:15:51 -0500 Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53ABD10DD; Tue, 5 Dec 2023 04:15:46 -0800 (PST) Received: from localhost (unknown [46.242.8.170]) by mail.ispras.ru (Postfix) with ESMTPSA id 82FEF40F1DE8; Tue, 5 Dec 2023 12:15:43 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru 82FEF40F1DE8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru; s=default; t=1701778543; bh=H7a/FeUhwOKqH2yi6Ii8EYVnQ0T26j0ybsDcPTJaRrU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=GPRU4I6ZiaDjYAtv4DcyQ22znV9W92uPHlY70xORi9MjOPLQ5nt/GxUmU6Z9/l3+c QwdPNACxtUuTpcb2/GJBgldM2fQi/BBDQohqGPJffXlpp8cW9rNp5X2II+QaHbKaqa bT0Hmb8KIvnjtF18X14wNwhP/RNYS3wQgqb63vcc= Date: Tue, 5 Dec 2023 15:15:43 +0300 From: Fedor Pchelkin To: Dominique Martinet Cc: Latchesar Ionkov , Eric Van Hensbergen , Christian Schoenebeck , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , v9fs@lists.linux.dev, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Alexey Khoroshilov , lvc-project@linuxtesting.org Subject: Re: [PATCH v2] net: 9p: avoid freeing uninit memory in p9pdu_vreadf Message-ID: <2974507b-57fa-4c9b-a036-055dbf55f6a4-pchelkin@ispras.ru> References: <20231205091952.24754-1-pchelkin@ispras.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 05 Dec 2023 04:16:12 -0800 (PST) On 23/12/05 06:31PM, Dominique Martinet wrote: > Fedor Pchelkin wrote on Tue, Dec 05, 2023 at 12:19:50PM +0300: > > If an error occurs while processing an array of strings in p9pdu_vreadf > > then uninitialized members of *wnames array are freed. > > > > Fix this by iterating over only lower indices of the array. Also handle > > possible uninit *wnames usage if first p9pdu_readf() call inside 'T' case > > fails. > > > > Found by Linux Verification Center (linuxtesting.org). > > > > Fixes: ace51c4dd2f9 ("9p: add new protocol support code") > > Signed-off-by: Fedor Pchelkin > > --- > > v2: I've missed that *wnames can also be left uninitialized. Please > > ignore the patch v1. > > While I agree it's good to initialize it in general, how is that a > problem here? Do we have users that'd ignore the return code and try to > use *wnames? > (The first initialization is required in case the first p9pdu_readf > fails and *wnames had a non-null initial value, but the second is > unrelated) > My initial concern was just about the statement you wrote in parenthesis. Case 'T' can be provided with non-null initial *wnames value, and if the first p9pdu_readf() call there fails then *wnames is invalidly freed in error handling path here: case 'T':{ [...] if (errcode) { if (*wnames) { int i; for (i = 0; i < *nwname; i++) kfree((*wnames)[i]); } kfree(*wnames); *wnames = NULL; } So the first initialization is required to prevent the described error. As for the second initialization (the one located after kfree(*wnames) in error handling path - it was there all the time), I think it's better not to touch it. I've just moved kfree and null-assignment under 'if (*wnames)' statement. The concern you mentioned is about any user that'd ignore the return code and try to use *wnames (so that the second initialization makes some sense). I can't see if there is any such user but, as said before, it's better not to touch that code. > I don't mind the change even if there isn't but let's add a word in the > commit message. > OK, will do in v3. > > As an answer to Dominique's comment: my organization marks this > > statement in all commits. > > Fair enough, I think you'd get more internet points with a 'Reported-by' > but I see plenty of such messages in old commits and this isn't > something I want to argue about -- ok. > > -- > Dominique Martinet | Asmadeus