| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Nov 2009 16:51:52 +0100 From: Arnd Bergmann <arnd@...db.de> To: Frederic Weisbecker <fweisbec@...il.com> Cc: John Kacur <jkacur@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...e.hu>, Jonathan Corbet <corbet@....net>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, linuxppc-dev@...abs.org, Alan Cox <alan@...rguk.ukuu.org.uk>, Arnd Bergmann <arndbergmann@...glemail.com> Subject: Re: [PATCH] macintosh: Explicitly set llseek to no_llseek in ans-lcd On Thursday 22 October 2009, Frederic Weisbecker wrote: > > I'm thinking that the simplier approach, would be to make the > > default_llseek the unlocked one. Then you only have to audit the drivers > > that have the BKL - ie the ones we are auditing anyway, and explicitly set > > them to the bkl locked llseek. > > > > There might be a hidden interaction though between the non-unlocked > > variety of ioctls and default llseek though. > > > I fear that won't work because the bkl in default_llseek() does not > only synchronizes with others uses of the bkl in a driver, it also > synchronizes lseek() itself. > > As an example offset change is not atomic. This is a long long, so > updating its value is not atomic in 32 bits archs. A late follow-up on this one: I looked at what places in the code manipulate file->f_pos directly and found that almost all the uses in driver code are broken because they don't take any locks. Most of them are in driver specific lseek operations. Others are in read/write methods and are even more broken because the change gets immediately overwritten by vfs_read/vfs_write when the driver method returns. IMHO, we should complete the pushdown into all ioctl methods that John and Thomas have started working on, fixing the lseek methods in those files we touch. When that is done, all interaction between default_llseek and driver locking has to be with explicit calls to lock_kernel in those drivers, so we can reasonably well script the search for drivers needing the BKL in llseek: everyhing that a) defines file_operations without an llseek function, b) touches f_pos somewhere, and c) calls lock_kernel() somewhere That should only be a small number and when they are fixed, we can remove default_llseek and instead call generic_file_llseek for any file operation without a separate llseek method. Arnd <>< -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists