| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Jan 2012 13:35:00 -0800 From: ebiederm@...ssion.com (Eric W. Biederman) To: "H. Peter Anvin" <hpa@...or.com> Cc: Cyrill Gorcunov <gorcunov@...il.com>, Alexey Dobriyan <adobriyan@...il.com>, LKML <linux-kernel@...r.kernel.org>, Pavel Emelyanov <xemul@...allels.com>, Andrey Vagin <avagin@...nvz.org>, Ingo Molnar <mingo@...e.hu>, Thomas Gleixner <tglx@...utronix.de>, Glauber Costa <glommer@...allels.com>, Andi Kleen <andi@...stfloor.org>, Tejun Heo <tj@...nel.org>, Matt Helsley <matthltc@...ibm.com>, Pekka Enberg <penberg@...nel.org>, Eric Dumazet <eric.dumazet@...il.com>, Vasiliy Kulikov <segoon@...nwall.com>, Andrew Morton <akpm@...ux-foundation.org>, Valdis.Kletnieks@...edu Subject: Re: [RFC] syscalls, x86: Add __NR_kcmp syscall "H. Peter Anvin" <hpa@...or.com> writes: > On 01/17/2012 06:44 AM, Cyrill Gorcunov wrote: >> On Tue, Jan 17, 2012 at 04:38:14PM +0200, Alexey Dobriyan wrote: >>> On 1/17/12, Cyrill Gorcunov <gorcunov@...il.com> wrote: >>>> +#define KCMP_EQ 0 >>>> +#define KCMP_LT 1 >>>> +#define KCMP_GT 2 >>> >>> LT and GT are meaningless. >>> >> >> I found symbolic names better than open-coded values. But sure, >> if this is problem it could be dropped. >> >> Or you mean that in general anything but 'equal' is useless? >> > > Why on Earth would user space need to know which order in memory certain > kernel objects are? For checkpoint restart and for some other kinds of introspection what is needed is a comparison function to see if two processes share the same object. The most interesting of these objects from a checkpoint restart case are file descriptors, and there can be a lot of file descriptors. The order in memory does not matter. What does matter is that the comparison function return some ordering between objects. The algorithm for figuring out of N items which of them are duplicates is O(N^2) if the comparison function can only return equal or not equal. The algorithm for finding duplications is only O(NlogN) if the comparison function will return an ordering among the objects. > Keep in mind that this is *exactly* the kind of information which makes > rootkits easier. I would be very surprised if basic in memory ordering information was not already available from simple creation ordering. If using the in memory ordering is a problem in practice there are a lot of other possible ways to order the kernel objects. Allocating sequence numbers for the kernel objects, passing the pointers through a cryptographically secure hash before comparing them, etc. It does look like Cyrill's patch description lacked the important bit of information about the algorithm complexity requiring an ordering among kernel objects. Cyrill you probably want to describe more prominently what is happening now and why in your patch description rather than give the history of different approaches. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists