| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 14 Oct 2018 16:25:41 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC: akpm@...ux-foundation.org, "Davidlohr Bueso" <dave@...olabs.net>,
"Manfred Spraul" <manfred@...orfullife.com>,
"Davidlohr Bueso" <dbueso@...e.de>,
"Linus Torvalds" <torvalds@...ux-foundation.org>
Subject: [PATCH 3.16 064/366] ipc: convert invalid scenarios to use WARN_ON
3.16.60-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Davidlohr Bueso <dave@...olabs.net>
commit d0edd8528362c07216498340e928159510595e7b upstream.
Considering Linus' past rants about the (ab)use of BUG in the kernel, I
took a look at how we deal with such calls in ipc. Given that any errors
or corruption in ipc code are most likely contained within the set of
processes participating in the broken mechanisms, there aren't really many
strong fatal system failure scenarios that would require a BUG call.
Also, if something is seriously wrong, ipc might not be the place for such
a BUG either.
1. For example, recently, a customer hit one of these BUG_ONs in shm
after failing shm_lock(). A busted ID imho does not merit a BUG_ON,
and WARN would have been better.
2. MSG_COPY functionality of posix msgrcv(2) for checkpoint/restore.
I don't see how we can hit this anyway -- at least it should be IS_ERR.
The 'copy' arg from do_msgrcv is always set by calling prepare_copy()
first and foremost. We could also probably drop this check altogether.
Either way, it does not merit a BUG_ON.
3. No ->fault() callback for the fs getting the corresponding page --
seems selfish to make the system unusable.
Signed-off-by: Davidlohr Bueso <dbueso@...e.de>
Cc: Manfred Spraul <manfred@...orfullife.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
ipc/msgutil.c | 2 +-
ipc/shm.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/ipc/msgutil.c
+++ b/ipc/msgutil.c
@@ -120,7 +120,7 @@ struct msg_msg *copy_msg(struct msg_msg
size_t len = src->m_ts;
size_t alen;
- BUG_ON(dst == NULL);
+ WARN_ON(dst == NULL);
if (src->m_ts > dst->m_ts)
return ERR_PTR(-EINVAL);
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -159,7 +159,7 @@ static inline struct shmid_kernel *shm_l
* We raced in the idr lookup or with shm_destroy(). Either way, the
* ID is busted.
*/
- BUG_ON(IS_ERR(ipcp));
+ WARN_ON(IS_ERR(ipcp));
return container_of(ipcp, struct shmid_kernel, shm_perm);
}
@@ -390,7 +390,7 @@ static int shm_mmap(struct file *file, s
return ret;
sfd->vm_ops = vma->vm_ops;
#ifdef CONFIG_MMU
- BUG_ON(!sfd->vm_ops->fault);
+ WARN_ON(!sfd->vm_ops->fault);
#endif
vma->vm_ops = &shm_vm_ops;
shm_open(vma);
Powered by blists - more mailing lists