Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix use-after-free bugs in icp code #13881

Merged
merged 1 commit into from
Sep 15, 2022
Merged

Fix use-after-free bugs in icp code #13881

merged 1 commit into from
Sep 15, 2022

Conversation

ryao
Copy link
Contributor

@ryao ryao commented Sep 13, 2022

Motivation and Context

These were reported by Coverity as "Read from pointer after free" bugs. Presumably, it did not report it as a use-after-free bug because it does not understand the inline assembly that implements the atomic instruction.

Description

Swapping the order of the release statements should fix it. The original illumos code did not have KCF_PROV_IREFRELE().

How Has This Been Tested?

No local testing was done. The buildbot should be sufficient for testing.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Performance enhancement (non-breaking change which improves efficiency)
  • Code cleanup (non-breaking change which makes code smaller or more readable)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
  • Documentation (a change to man pages or other documentation)

Checklist:

@behlendorf behlendorf added the Status: Code Review Needed Ready for review and testing label Sep 14, 2022
@ryao
Fix use-after-free bugs in icp code
c670574 
These were reported by Coverity as "Read from pointer after free" bugs.
Presumably, it did not report it as a use-after-free bug because it does
not understand the inline assembly that implements the atomic
instruction.

Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
@ryao ryao force-pushed the crypto-use-after-free branch from 1785205 to c670574 Compare September 14, 2022 23:36
@behlendorf behlendorf added Status: Accepted Ready to integrate (reviewed, tested) and removed Status: Code Review Needed Ready for review and testing labels Sep 15, 2022
@behlendorf behlendorf merged commit fd8c301 into openzfs:master Sep 15, 2022
andrewc12 pushed a commit to andrewc12/openzfs that referenced this pull request Sep 27, 2022
@ryao @andrewc12
Fix use-after-free bugs in icp code
528a503 
These were reported by Coverity as "Read from pointer after free" bugs.
Presumably, it did not report it as a use-after-free bug because it does
not understand the inline assembly that implements the atomic
instruction.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes openzfs#13881
andrewc12 pushed a commit to andrewc12/openzfs that referenced this pull request Oct 1, 2022
@ryao @andrewc12
Fix use-after-free bugs in icp code
1d9e1c5 
These were reported by Coverity as "Read from pointer after free" bugs.
Presumably, it did not report it as a use-after-free bug because it does
not understand the inline assembly that implements the atomic
instruction.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes openzfs#13881
tonyhutter pushed a commit to tonyhutter/zfs that referenced this pull request Nov 23, 2022
@ryao @tonyhutter
Fix use-after-free bugs in icp code
cdb6f67 
These were reported by Coverity as "Read from pointer after free" bugs.
Presumably, it did not report it as a use-after-free bug because it does
not understand the inline assembly that implements the atomic
instruction.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes openzfs#13881
tonyhutter pushed a commit to tonyhutter/zfs that referenced this pull request Nov 30, 2022
@ryao @tonyhutter
Fix use-after-free bugs in icp code
3093532 
These were reported by Coverity as "Read from pointer after free" bugs.
Presumably, it did not report it as a use-after-free bug because it does
not understand the inline assembly that implements the atomic
instruction.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes openzfs#13881
tonyhutter pushed a commit to tonyhutter/zfs that referenced this pull request Dec 1, 2022
@ryao @tonyhutter
Fix use-after-free bugs in icp code
1d5e569 
These were reported by Coverity as "Read from pointer after free" bugs.
Presumably, it did not report it as a use-after-free bug because it does
not understand the inline assembly that implements the atomic
instruction.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes openzfs#13881
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@behlendorf behlendorf behlendorf approved these changes

Assignees
No one assigned
Labels
Status: Accepted Ready to integrate (reviewed, tested)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ryao @behlendorf