Re: [PATCH 2/2] crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()

Re: [PATCH 2/2] crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()

[Markus Elfring]

> … So the system will crash
> at last when this memory be used again.

I would prefer a wording with less typos here.


> We can free the resources before calling ->complete to fix this issue.

* An imperative wording can be nicer.
  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=9cb1fd0efd195590b828b9b865421ad345a4a145#n151

* You proposed to move a call of the function “crypto_finalize_skcipher_request”.
  How does this change fit to the mentioned position?

* Would you like to add the tag “Fixes” to the commit message?

Regards,
Markus

Re: [PATCH 2/2] crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()

[Longpeng (Mike, Cloud Infrastructure Service Product Dept.)]

Hi Markus,

On 2020/5/25 14:30, Markus Elfring wrote:
>> … So the system will crash
>> at last when this memory be used again.
> 
> I would prefer a wording with less typos here.
> 
Could you help me to make the sentence better?

> 
>> We can free the resources before calling ->complete to fix this issue.
> 
> * An imperative wording can be nicer.
>   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=9cb1fd0efd195590b828b9b865421ad345a4a145#n151
> 
I'll try.

> * You proposed to move a call of the function “crypto_finalize_skcipher_request”.
>   How does this change fit to the mentioned position?
> 
The resources which need to be freed is not used anymore, but the pointers
of these resources may be changed in the function
"crypto_finalize_skcipher_request", so free these resources before call the
function is suitable.

> * Would you like to add the tag “Fixes” to the commit message?
>
OK.

> Regards,
> Markus
> 

-- 
---
Regards,
Longpeng(Mike)

Re: [2/2] crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()

[Markus Elfring]

> Could you help me to make the sentence better?

How do you think about a wording variant like the following?

  So the system will crash when this memory will be used again.


>> * You proposed to move a call of the function “crypto_finalize_skcipher_request”.
>>   How does this change fit to the mentioned position?
>>
> The resources which need to be freed is not used anymore, but the pointers
> of these resources may be changed in the function
> "crypto_finalize_skcipher_request", so free these resources before call the
> function is suitable.

Another alternative:
  The resources which need to be cleaned up are not used any more.
  But the pointers of these resources may be changed in the
  function “crypto_finalize_skcipher_request”.
  Thus release specific resources before calling this function.

Regards,
Markus

Re: [2/2] crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()

[Longpeng (Mike, Cloud Infrastructure Service Product Dept.)]

On 2020/5/25 15:36, Markus Elfring wrote:
>> Could you help me to make the sentence better?
> 
> How do you think about a wording variant like the following?
> 
>   So the system will crash when this memory will be used again.
> 
Uh, it's much better, thanks.

> 
>>> * You proposed to move a call of the function “crypto_finalize_skcipher_request”.
>>>   How does this change fit to the mentioned position?
>>>
>> The resources which need to be freed is not used anymore, but the pointers
>> of these resources may be changed in the function
>> "crypto_finalize_skcipher_request", so free these resources before call the
>> function is suitable.
> 
> Another alternative:
>   The resources which need to be cleaned up are not used any more.
>   But the pointers of these resources may be changed in the
>   function “crypto_finalize_skcipher_request”.
>   Thus release specific resources before calling this function.
> 
Oh great! Thanks.

> Regards,
> Markus
> 

-- 
---
Regards,
Longpeng(Mike)