From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D46CC1B0D8 for ; Wed, 9 Dec 2020 09:31:27 +0000 (UTC) Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6F38023B7B for ; Wed, 9 Dec 2020 09:31:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6F38023B7B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=gmx.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernelnewbies-bounces@kernelnewbies.org Received: from localhost ([::1] helo=shelob.surriel.com) by shelob.surriel.com with esmtp (Exim 4.94) (envelope-from ) id 1kmvoh-0006I5-EX; Wed, 09 Dec 2020 04:31:23 -0500 Received: from mout.gmx.net ([212.227.15.15]) by shelob.surriel.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from ) id 1kmvod-0006Hc-DD for kernelnewbies@kernelnewbies.org; Wed, 09 Dec 2020 04:31:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1607506276; bh=H5z8PAEyc7rzfwvG7iXJbE9kQkqkJT1/dXwSkCikuhU=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:In-Reply-To; b=JXbZdjzMbULA+vEfsWVlFoEdfuoXxoyQDeG9RPyXcPlIlO57M4hf9GAsC0whv87Yr OQocoq2hj4N/xixdUxAMzPlhDcrTLsX5YkDwPVFcZtbPGc04nFh3nSTkQrL2ufYLn/ SoB2kf+bmp/ynIpnoF0E+0Ay4XgMQUoePgn1z2s0= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from ubuntu ([83.52.231.213]) by mail.gmx.com (mrgmx005 [212.227.17.184]) with ESMTPSA (Nemesis) id 1M5fMe-1klG3y0bAQ-007D3N; Wed, 09 Dec 2020 10:31:16 +0100 Date: Wed, 9 Dec 2020 10:31:03 +0100 From: John Wood To: Valdis =?utf-8?Q?Kl=C4=93tnieks?= Subject: Re: [RFC PATCH 2/2] security/brute.c: Protect the stats pointer Message-ID: <20201209093103.GA3254@ubuntu> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <4593.1607438579@turing-police> X-Provags-ID: V03:K1:T+gg5zzCapKf893HFZLOcCfgEIr3ISi2ZGUMuwU/nJF1E+Z4pii p0MkZf/7whSmwUXMM9m0RvEDSxW7iVFgOBbtDoCxQtf7ignHujZ9HV+0XYE1oIz9pgBj7ZG L4deLTAVdTIEDb75nwI7S37D4A150iZYvkRL0HikKq0ZdI4g7SPYdZ1ousRAStURCtgG8ho +vxBBHIMrZphmM9Gk2aEA== X-UI-Out-Filterresults: notjunk:1;V03:K0:YO1oAimAWFo=:J0kpcnOBL7uYTlQ67PP8JV InnlM3EQwqpFXgHKySNZelvd67KkCSagiNdh8XJ8OE2GYO8+axzOxILfaj3cAP68QP/QU8XIK SfFUetbymAaPCBgGKOUa5WsR4ZjqdPVwloE7UarU8h4KUHIHZLSFLPuFL6ucAHB3yIRBuQ1bc 1dSa0KJaD2Lc3MPf26NhiAHBXX2dI/ievgpyiNJbmu2G2Q6IfSrT7bytFhGa+IKBDOkKlbGQV Nb10WL7JIG2AZ9oDPDCxkTe3NS4MXfc2sJo4KFeLGHF8ecIWxK4cNVRmonuwDnSb0UqTb7qBK UQ7eKAtCUjPylNPgKAUKFZ2kPmxWgrBbxQ+gmaxbaZH1K4fa1cE4T++ZkEo+54ZrofiEJNTvN 9WxICO58hEJSJ37ciZ3jNNyfslCuH3vV7Ri1yU8VzSlANSer1zczmbZerkYJ4P5kRz0OMWoip XH/6g3tBu9s+MstKOdJpAJDdcKtgONMthGuDJRSqYyOXPNI7Pt8+OEJbnlVVW+mWlC5FUBSWk NJtwehgu6RdANl+gX3Jg7FXJBt3HBiOukZSOdXvAm7dU4I1kgigBRtSSlFopQ2Zl2Stmkv+wG eZ+W9W67c6M0SrRzeiAtMNYhRAH9ifNxxewy6EbkIm6rNuUQ5laNFsa3ggu+muMYqv2Uyi1yR 2NwJgKO9N1DH+idozwiv8LJbB4miCT1QZFfZvLJkZvPq8Yf96gOfEDS2pDTgCcFGBRzgt5Bid KUqB1qHA4ke/yFPD8USKN4HqwWAS1dhfpyaX2sStMWm8L8UNBYKqe288CDKgAS2Z+kyjau+r5 UTx1KPqRbMZnW4JZNoXQQX2wkiYLlJA++n3ufdgEihLvFTtafprBB1rFbe3TFk5sdSUR78B+Z Ka6c5MvLLnJrA/f6B9uQ== Cc: John Wood , keescook@chromium.org, kernelnewbies@kernelnewbies.org X-BeenThere: kernelnewbies@kernelnewbies.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Learn about the Linux kernel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernelnewbies-bounces@kernelnewbies.org T24gVHVlLCAwOCBEZWMgMjAyMCAwOTo0Mjo1OSAtMDUwMCwgVmFsZGlzIEtsxJN0bmlla3Mgd3Jv dGU6Cj4gT24gVHVlLCAwOCBEZWMgMjAyMCAxMTozNTo1NyArMDEwMCwgSm9obiBXb29kIHNhaWQ6 Cj4gPiBJIHRoaW5rIHRoZSBzdGF0cyBwb2ludGVyIHByZXNlbnQgaW4gdGhlIHRhc2tfc3RydWN0 J3Mgc2VjdXJpdHkgYmxvYgo+ID4gbmVlZHMgdG8gYmUgcHJvdGVjdGVkIGFnYWluc3QgY29uY3Vy cmVuY3kgZm9yIHRoZSBmb2xsb3dpbmcgcmVhc29ucy4KPiA+Cj4gPiAxLi0gVGhlIHNhbWUgcHJv Y2VzcyBmb3JraW5nIGF0IHRoZSBzYW1lIHRpbWUgaW4gdHdvIGRpZmZlcmVudCBDUFVzLgo+ID4g Mi4tIFRoZSBzYW1lIHByb2Nlc3MgZXhlY3ZlKCkgYXQgdGhlIHNhbWUgdGltZSBpbiB0d28gZGlm ZmVyZW50IENQVXMuCj4KPiBPSywgSSdsbCBiaXRlLiAgSG93IHdvdWxkIHRoZXNlIHR3byBjYXNl cyBldmVuIGhhcHBlbj8KPgo+IChOb3RlIHRoYXQgeW91IGNvdWxkIGNvbmNlaXZhYmx5IGlzc3Vl IHRoZSBmb3JrKCkvZXhldmUoKSBvbiBvbmUgQ1BVLCBydW4KPiBrZXJuZWwgY29kZSBmb3IgYSBi aXQgYW5kIHRoZW4gZ2V0IHJlc2NoZWR1bGVkIG9udG8gYSBkaWZmZXJlbnQgQ1BVIHRvIGNvbXBs ZXRlCj4gdGhlIHN5c2NhbGwsIGJ1dCB0aGF0J3MgYSBkaWZmZXJlbnQgY2FjaGUgY29oZXJlbmN5 IGNhbi1vLXdvcm1zIDopCgpUaGFua3MgZm9yIHRoZSByZXBseS4gVW5kZXJzdG9vZC4gVGhlIGZp cnN0IGFuZCBzZWNvbmQgY2FzZXMgY2FuIG5ldmVyIGhhcHBlbi4KCj4gKFlvdXIgY2FzZSAzIG9m IGEgZm9yay9leGVjIHdoaWxlIHlvdSB0cmF2ZXJzZSBpcyBhbiBhY3R1YWwgaXNzdWUuICBOb3Rl IHRoYXQKPiB5b3UgbWlzc2VkIG9uZSBjYXNlIC0gd2hlcmUgdGhlIHByb2Nlc3MgZXZhcG9yYXRl cyBmb3Igc29tZSByZWFzb24gd2hpbGUgeW91IGRvCj4gdGhlIHRyYXZlcnNlIGFuZCB5b3UncmUg bGVmdCB3aXRoIGEgc3RhbGUgcG9pbnRlci4uLikKCk9rLCBzbyBJIHN0aWxsIG5lZWQgcHJvdGVj dGlvbiBmb3IgdGhlIHN0YXRzIHBvaW50ZXIuCgpTaW5jZSB0aGUgMSBhbmQgMiBjYXNlcyBjYW4g bmV2ZXIgaGFwcGVuLCBJIGJlbGlldmUgdGhhdCB0aGVyZSBpcyBubyBuZWVkCnRvIG1ha2UgYWxs IHRoZSBmb3JrLCBleGVjdmUgYW5kIGZyZWUgbWFuYWdlbWVudCBhdG9taWMuIEluIG90aGVyIHdv cmRzLApub3cgSSB0aGluayBJIGNhbiBwcm90ZWN0IHRoZSByZWFkaW5nIGFuZCB0aGUgd3JpdGlu ZyBvcGVyYXRpb25zCnNlcGFyYXRlbHkuIE5vdGUgdGhhdCB0aGUgZm9yayBtYW5hZ2VtZW50IGlz IGF0b21pYyBiZWNhdXNlIGJhc2ljYWxseSBhbGwKdGhlIG9wZXJhdGlvbnMgYXJlIHdyaXRpbmcg YW5kIEkgYmVsaWV2ZSB0aGF0IHRoaXMgd2F5IGlzIGJldHRlciB0aGFuCmFjcXVpcmUgdGhlIGxv Y2sgaW4gcmVhZCBzdGF0ZSwgcmVsZWFzZSBpdCwgYWNxdWlyZSBpbiB3cml0ZSBzdGF0ZSwKcmVs ZWFzZSBpdCwgYWNxdWlyZSBhZ2FpbiBpbiByZWFkIHN0YXRlLCAuLi4KCkFsc28sIHRvIGRlYWwg d2l0aCB0aGUgY2FzZSB3aGVyZSBhIHByb2Nlc3MgZXZhcG9yYXRlcyB3aGlsZSBJIGRvIHRoZQp0 cmF2ZXJzZSwgSSBzZXQgdGhlIHBvaW50ZXIgdG8gTlVMTCBhZnRlciBmcmVlIGl0LiBUaGlzIHdh eSBJIGNhbiBub3RpY2UKdGhpcyBzdGF0ZS4KClRoaXMgaXMgdGhlIHByb3RlY3Rpb24gc3lzdGVt IG5vdy4gV2hhdCBkbyB5b3UgdGhpbms/CkkgaG9wZSB5b3UgYXJlIG5vdCB0b28gaGFyZCBvbiBt eSBjb2RlIDopCgotLS0KIHNlY3VyaXR5L2JydXRlL2JydXRlLmMgfCA0MiArKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKystLS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCAzNiBpbnNlcnRp b25zKCspLCA2IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3NlY3VyaXR5L2JydXRlL2JydXRl LmMgYi9zZWN1cml0eS9icnV0ZS9icnV0ZS5jCmluZGV4IDYwOTQ0YTBmOGRlOC4uMGM2YmViZDli ZjE4IDEwMDY0NAotLS0gYS9zZWN1cml0eS9icnV0ZS9icnV0ZS5jCisrKyBiL3NlY3VyaXR5L2Jy dXRlL2JydXRlLmMKQEAgLTE4LDYgKzE4LDggQEAKICNpbmNsdWRlIDxsaW51eC9zcGlubG9jay5o PgogI2luY2x1ZGUgPGxpbnV4L3R5cGVzLmg+Cgorc3RhdGljIERFRklORV9SV0xPQ0soYnJ1dGVf c3RhdHNfcHRyX2xvY2spOworCiAvKioKICAqIHN0cnVjdCBicnV0ZV9zdGF0cyAtIEZvcmsgYnJ1 dGUgZm9yY2UgYXR0YWNrIHN0YXRpc3RpY3MuCiAgKiBAbG9jazogTG9jayB0byBwcm90ZWN0IHRo ZSBicnV0ZV9zdGF0cyBzdHJ1Y3R1cmUuCkBAIC03NCw3ICs3Niw3IEBAIHN0YXRpYyBzdHJ1Y3Qg YnJ1dGVfc3RhdHMgKmJydXRlX25ld19zdGF0cyh2b2lkKQogewogCXN0cnVjdCBicnV0ZV9zdGF0 cyAqc3RhdHM7CgotCXN0YXRzID0ga21hbGxvYyhzaXplb2Yoc3RydWN0IGJydXRlX3N0YXRzKSwg R0ZQX0tFUk5FTCk7CisJc3RhdHMgPSBrbWFsbG9jKHNpemVvZihzdHJ1Y3QgYnJ1dGVfc3RhdHMp LCBHRlBfQVRPTUlDKTsKIAlpZiAoIXN0YXRzKQogCQlyZXR1cm4gTlVMTDsKCkBAIC0xMzUsMTcg KzEzNywyMiBAQCBzdGF0aWMgaW50IGJydXRlX3Rhc2tfYWxsb2Moc3RydWN0IHRhc2tfc3RydWN0 ICp0YXNrLCB1bnNpZ25lZCBsb25nIGNsb25lX2ZsYWdzKQoKIAlzdGF0cyA9IGJydXRlX3N0YXRz X3B0cih0YXNrKTsKIAlwX3N0YXRzID0gYnJ1dGVfc3RhdHNfcHRyKGN1cnJlbnQpOworCXdyaXRl X2xvY2soJmJydXRlX3N0YXRzX3B0cl9sb2NrKTsKCiAJaWYgKGxpa2VseSgqcF9zdGF0cykpIHsK IAkJYnJ1dGVfc2hhcmVfc3RhdHMocF9zdGF0cywgc3RhdHMpOworCQl3cml0ZV91bmxvY2soJmJy dXRlX3N0YXRzX3B0cl9sb2NrKTsKIAkJcmV0dXJuIDA7CiAJfQoKIAkqc3RhdHMgPSBicnV0ZV9u ZXdfc3RhdHMoKTsKLQlpZiAoISpzdGF0cykKKwlpZiAoISpzdGF0cykgeworCQl3cml0ZV91bmxv Y2soJmJydXRlX3N0YXRzX3B0cl9sb2NrKTsKIAkJcmV0dXJuIC1FTk9NRU07CisJfQoKIAlicnV0 ZV9zaGFyZV9zdGF0cyhzdGF0cywgcF9zdGF0cyk7CisJd3JpdGVfdW5sb2NrKCZicnV0ZV9zdGF0 c19wdHJfbG9jayk7CiAJcmV0dXJuIDA7CiB9CgpAQCAtMTc3LDggKzE4NCwxMiBAQCBzdGF0aWMg dm9pZCBicnV0ZV90YXNrX2V4ZWN2ZShzdHJ1Y3QgbGludXhfYmlucHJtICpicHJtKQogCXVuc2ln bmVkIGxvbmcgZmxhZ3M7CgogCXN0YXRzID0gYnJ1dGVfc3RhdHNfcHRyKGN1cnJlbnQpOwotCWlm IChXQVJOKCEqc3RhdHMsICJObyBzdGF0aXN0aWNhbCBkYXRhXG4iKSkKKwlyZWFkX2xvY2soJmJy dXRlX3N0YXRzX3B0cl9sb2NrKTsKKworCWlmIChXQVJOKCEqc3RhdHMsICJObyBzdGF0aXN0aWNh bCBkYXRhXG4iKSkgeworCQlyZWFkX3VubG9jaygmYnJ1dGVfc3RhdHNfcHRyX2xvY2spOwogCQly ZXR1cm47CisJfQoKIAlzcGluX2xvY2tfaXJxc2F2ZSgmKCpzdGF0cyktPmxvY2ssIGZsYWdzKTsK CkBAIC0xODgsMTMgKzE5OSwxOCBAQCBzdGF0aWMgdm9pZCBicnV0ZV90YXNrX2V4ZWN2ZShzdHJ1 Y3QgbGludXhfYmlucHJtICpicHJtKQogCQkoKnN0YXRzKS0+amlmZmllcyA9IGdldF9qaWZmaWVz XzY0KCk7CiAJCSgqc3RhdHMpLT5wZXJpb2QgPSAwOwogCQlzcGluX3VubG9ja19pcnFyZXN0b3Jl KCYoKnN0YXRzKS0+bG9jaywgZmxhZ3MpOworCQlyZWFkX3VubG9jaygmYnJ1dGVfc3RhdHNfcHRy X2xvY2spOwogCQlyZXR1cm47CiAJfQoKIAkvKiBleGVjdmUgY2FsbCBhZnRlciBhIGZvcmsgY2Fs bCAqLwogCXNwaW5fdW5sb2NrX2lycXJlc3RvcmUoJigqc3RhdHMpLT5sb2NrLCBmbGFncyk7CisJ cmVhZF91bmxvY2soJmJydXRlX3N0YXRzX3B0cl9sb2NrKTsKKworCXdyaXRlX2xvY2soJmJydXRl X3N0YXRzX3B0cl9sb2NrKTsKIAkqc3RhdHMgPSBicnV0ZV9uZXdfc3RhdHMoKTsKIAlXQVJOKCEq c3RhdHMsICJDYW5ub3QgYWxsb2NhdGUgc3RhdGlzdGljYWwgZGF0YVxuIik7CisJd3JpdGVfdW5s b2NrKCZicnV0ZV9zdGF0c19wdHJfbG9jayk7CiB9CgogLyoqCkBAIC0yMTAsMTUgKzIyNiwyNCBA QCBzdGF0aWMgdm9pZCBicnV0ZV90YXNrX2ZyZWUoc3RydWN0IHRhc2tfc3RydWN0ICp0YXNrKQog CWJvb2wgcmVmY19pc196ZXJvOwoKIAlzdGF0cyA9IGJydXRlX3N0YXRzX3B0cih0YXNrKTsKLQlp ZiAoV0FSTighKnN0YXRzLCAiTm8gc3RhdGlzdGljYWwgZGF0YVxuIikpCisJcmVhZF9sb2NrKCZi cnV0ZV9zdGF0c19wdHJfbG9jayk7CisKKwlpZiAoV0FSTighKnN0YXRzLCAiTm8gc3RhdGlzdGlj YWwgZGF0YVxuIikpIHsKKwkJcmVhZF91bmxvY2soJmJydXRlX3N0YXRzX3B0cl9sb2NrKTsKIAkJ cmV0dXJuOworCX0KCiAJc3Bpbl9sb2NrKCYoKnN0YXRzKS0+bG9jayk7CiAJcmVmY19pc196ZXJv ID0gcmVmY291bnRfZGVjX2FuZF90ZXN0KCYoKnN0YXRzKS0+cmVmYyk7CiAJc3Bpbl91bmxvY2so Jigqc3RhdHMpLT5sb2NrKTsKKwlyZWFkX3VubG9jaygmYnJ1dGVfc3RhdHNfcHRyX2xvY2spOwoK LQlpZiAocmVmY19pc196ZXJvKQorCWlmIChyZWZjX2lzX3plcm8pIHsKKwkJd3JpdGVfbG9jaygm YnJ1dGVfc3RhdHNfcHRyX2xvY2spOwogCQlrZnJlZSgqc3RhdHMpOworCQkqc3RhdHMgPSBOVUxM OworCQl3cml0ZV91bmxvY2soJmJydXRlX3N0YXRzX3B0cl9sb2NrKTsKKwl9CiB9Cgogc3RhdGlj IGNvbnN0IHU2NCBCUlVURV9FTUFfV0VJR0hUX05VTUVSQVRPUiA9IDc7CkBAIC0zMTMsMTAgKzMz OCwxNSBAQCBzdGF0aWMgdm9pZCBicnV0ZV90YXNrX2ZhdGFsX3NpZ25hbChjb25zdCBrZXJuZWxf c2lnaW5mb190ICpzaWdpbmZvKQogCXU2NCBleGVjX3BlcmlvZDsKCiAJc3RhdHMgPSBicnV0ZV9z dGF0c19wdHIoY3VycmVudCk7Ci0JaWYgKFdBUk4oISpzdGF0cywgIk5vIHN0YXRpc3RpY2FsIGRh dGFcbiIpKQorCXJlYWRfbG9jaygmYnJ1dGVfc3RhdHNfcHRyX2xvY2spOworCisJaWYgKFdBUk4o ISpzdGF0cywgIk5vIHN0YXRpc3RpY2FsIGRhdGFcbiIpKSB7CisJCXJlYWRfdW5sb2NrKCZicnV0 ZV9zdGF0c19wdHJfbG9jayk7CiAJCXJldHVybjsKKwl9CgogCWJydXRlX2dldF9jcmFzaF9wZXJp b2RzKCpzdGF0cywgJmZvcmtfcGVyaW9kLCAmZXhlY19wZXJpb2QpOworCXJlYWRfdW5sb2NrKCZi cnV0ZV9zdGF0c19wdHJfbG9jayk7CgogCWlmIChmb3JrX3BlcmlvZCAmJiBmb3JrX3BlcmlvZCA8 IEJSVVRFX0VNQV9DUkFTSF9QRVJJT0RfVEhSRVNIT0xEKQogCQlwcl93YXJuKCJCcnV0ZSBmb3Jj ZSBhdHRhY2sgZGV0ZWN0ZWQgdGhyb3VnaCBmb3JrXG4iKTsKLS0KMi4yNS4xCgoKX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KS2VybmVsbmV3YmllcyBtYWls aW5nIGxpc3QKS2VybmVsbmV3Ymllc0BrZXJuZWxuZXdiaWVzLm9yZwpodHRwczovL2xpc3RzLmtl cm5lbG5ld2JpZXMub3JnL21haWxtYW4vbGlzdGluZm8va2VybmVsbmV3Ymllcwo=