| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 May 2018 11:52:25 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Davidlohr Bueso <dave@...olabs.net>
Cc: Thomas Graf <tgraf@...g.ch>,
Herbert Xu <herbert@...dor.apana.org.au>,
Andrew Morton <akpm@...ux-foundation.org>,
Manfred Spraul <manfred@...orfullife.com>,
guillaume.knispel@...ersonicimagine.com,
Linux API <linux-api@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: semantics of rhashtable and sysvipc
On Wed, May 23, 2018 at 11:47 AM Davidlohr Bueso <dave@...olabs.net> wrote:
> Note that even if the allocation was guaranteed, there are still param
validations
> and rhashtable_init() can return -EINVAL.
So?
It's not going to happen, because you're not going to give garbage
parameters.
Why would you add a BUG_ON() for something that cannot happen? You might as
well sprinkle them randomly in every damn place.
And even if somebody screws up the parameters because they are being
stupid, then SO WHAT? rhashtable_init() won't initialize the pointers, and
we'll get a NULL pointer dereference.
And hey, we'll probably get it later during boot, once the system is
actually up and running, and that NULL pointer dereference might even get
logged in the system logs now because the machine booted successfully, and
mnaybe it will even get sent to a distro and debugged.
So at what point was there _any_ advantage in doing a BUG_ON() for a crazy
case?
Really.
Linus
Powered by blists - more mailing lists