From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha-return-97295-listarch-libc-alpha=sources.redhat.com@sourceware.org>
Received: (qmail 17533 invoked by alias); 15 Nov 2018 23:55:39 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Received: (qmail 17522 invoked by uid 89); 15 Nov 2018 23:55:39 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=BAYES_00,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=1d, integrity
X-HELO: mx1.redhat.com
From: DJ Delorie <dj@redhat.com>
To: Istvan Kurucsai <pistukem@gmail.com>
Cc: libc-alpha@sourceware.org, pistukem@gmail.com
Subject: Re: [PATCH v2 6/7] malloc: Add more integrity checks to mremap_chunk.
In-Reply-To: <1510068430-27816-7-git-send-email-pistukem@gmail.com> (message from Istvan Kurucsai on Tue,  7 Nov 2017 16:27:09 +0100)
Date: Thu, 15 Nov 2018 23:55:00 -0000
Message-ID: <xno9apvqtk.fsf@greed.delorie.com>
MIME-Version: 1.0
Content-Type: text/plain
X-SW-Source: 2018-11/txt/msg00414.txt.bz2


I +1'd this patch series last year when it was first posted (sorry about
the lack of consensus-building) but just to revive it I'll +1 it again
independently.  Could we get a second review too?  Florian?

Reviewed-Again-By: DJ Delorie <dj@redhat.com>

Istvan Kurucsai <pistukem@gmail.com> writes:
> -  assert (((size + offset) & (GLRO (dl_pagesize) - 1)) == 0);

pagesize is set earlier in this function.

> +  uintptr_t block = (uintptr_t) p - offset;
> +  uintptr_t mem = (uintptr_t) chunk2mem(p);

block is the page that the chunk header is in; mem is the pointer the
application sees.

> +  size_t total_size = offset + size;

offset is "page start to chunk header", size is chunk size.  This should
span to the end of a page.  So...

> +  if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0

If block or total_size are misaligned,

> +      || __glibc_unlikely (!powerof2 (mem & (pagesize - 1))))

Or if the offset of the memory within the page is an unexpected size
(for us, 2*SIZE_SZ, is expected), report the error.  OK.

> -  if (size + offset == new_size)
> +  if (total_size == new_size)

Saving an operation.  OK.

>  
> -  cp = (char *) __mremap ((char *) p - offset, size + offset, new_size,
> +  cp = (char *) __mremap ((char *) block, total_size, new_size,

Likewise.  OK.