Live-Patching Archive on lore.kernel.org
 help / color / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Joe Lawrence <joe.lawrence@redhat.com>
Cc: pmladek@suse.com, live-patching@vger.kernel.org
Subject: Re: [bug report] livepatch: Initialize shadow variables safely by a custom callback
Date: Tue, 7 Jan 2020 18:23:37 +0300
Message-ID: <20200107152337.GB27042@kadam> (raw)
In-Reply-To: <4affb6d1-699e-af7e-9a1d-364393adc3a8@redhat.com>

On Tue, Jan 07, 2020 at 10:06:21AM -0500, Joe Lawrence wrote:
> On 1/7/20 8:29 AM, Dan Carpenter wrote:
> > Hello Petr Mladek,
> > 
> > The patch e91c2518a5d2: "livepatch: Initialize shadow variables
> > safely by a custom callback" from Apr 16, 2018, leads to the
> > following static checker warning:
> > 
> > 	samples/livepatch/livepatch-shadow-fix1.c:86 livepatch_fix1_dummy_alloc()
> > 	error: 'klp_shadow_alloc()' 'leak' too small (4 vs 8)
> > 
> > samples/livepatch/livepatch-shadow-fix1.c
> >      53  static int shadow_leak_ctor(void *obj, void *shadow_data, void *ctor_data)
> >      54  {
> >      55          void **shadow_leak = shadow_data;
> >      56          void *leak = ctor_data;
> >      57
> >      58          *shadow_leak = leak;
> >      59          return 0;
> >      60  }
> >      61
> >      62  static struct dummy *livepatch_fix1_dummy_alloc(void)
> >      63  {
> >      64          struct dummy *d;
> >      65          void *leak;
> >      66
> >      67          d = kzalloc(sizeof(*d), GFP_KERNEL);
> >      68          if (!d)
> >      69                  return NULL;
> >      70
> >      71          d->jiffies_expire = jiffies +
> >      72                  msecs_to_jiffies(1000 * EXPIRE_PERIOD);
> >      73
> >      74          /*
> >      75           * Patch: save the extra memory location into a SV_LEAK shadow
> >      76           * variable.  A patched dummy_free routine can later fetch this
> >      77           * pointer to handle resource release.
> >      78           */
> >      79          leak = kzalloc(sizeof(int), GFP_KERNEL);
> >      80          if (!leak) {
> >      81                  kfree(d);
> >      82                  return NULL;
> >      83          }
> >      84
> >      85          klp_shadow_alloc(d, SV_LEAK, sizeof(leak), GFP_KERNEL,
> >                                               ^^^^^^^^^^^^
> > This doesn't seem right at all?  Leak is a pointer.  Why is leak a void
> > pointer instead of an int pointer?
> > 
> 
> Hi Dan,
> 
> If I remember this code correctly, the shadow variable is tracking the
> pointer value itself and not its contents, so sizeof(leak) should be correct
> for the shadow variable data size.
> 
> (For kernel/livepatch/shadow.c :: __klp_shadow_get_or_alloc() creates new
> struct klp_shadow with .data[size] to accommodate its meta-data plus the
> desired data).
> 
> Why isn't leak an int pointer?  I don't remember why, according to git
> history it's been that way since the beginning.  I think it was coded to
> say, "Give me some storage, any size an int will do.  I'm not going to touch
> it, but I want to demonstrate a memory leak".
> 
> Would modifying the pointer type satisfy the static code complaint?
> 
> Since the warning is about a size mismatch, what are the parameters that it
> is keying on?  Does it expect to see the typical allocation pattern like:
> 
>   int *foo = alloc(sizeof(*foo))
> 
> and not:
> 
>   int *foo = alloc(sizeof(foo))
> 

It looks at places which call klp_shadow_alloc() and says that sometimes
the third argument is the size of the last argument.  Then it complains
when a caller doesn't match.

I could just make klp_shadow_alloc() an exception.

regards,
dan carpenter


  reply index

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-07 13:29 Dan Carpenter
2020-01-07 15:06 ` Joe Lawrence
2020-01-07 15:23   ` Dan Carpenter [this message]
2020-01-07 15:43     ` Joe Lawrence
2020-01-09  9:29     ` Petr Mladek
2020-01-13 15:11       ` Joe Lawrence

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200107152337.GB27042@kadam \
    --to=dan.carpenter@oracle.com \
    --cc=joe.lawrence@redhat.com \
    --cc=live-patching@vger.kernel.org \
    --cc=pmladek@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Live-Patching Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/live-patching/0 live-patching/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 live-patching live-patching/ https://lore.kernel.org/live-patching \
		live-patching@vger.kernel.org
	public-inbox-index live-patching

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.live-patching


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git