| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0611090834050.25262@alien.or.mcafeemobile.com>
Date: Thu, 9 Nov 2006 09:12:55 -0800 (PST)
From: Davide Libenzi <davidel@...ilserver.org>
To: Eric Dumazet <dada1@...mosbay.com>
cc: Davide Libenzi <davidel@...ilserver.org>,
Andrew Morton <akpm@...l.org>,
Evgeniy Polyakov <johnpol@....mipt.ru>,
David Miller <davem@...emloft.net>,
Ulrich Drepper <drepper@...hat.com>,
netdev <netdev@...r.kernel.org>,
Zach Brown <zach.brown@...cle.com>,
Christoph Hellwig <hch@...radead.org>,
Chase Venters <chase.venters@...entec.com>,
Johann Borck <johann.borck@...sedata.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Jeff Garzik <jeff@...zik.org>
Subject: Re: [take23 0/5] kevent: Generic event handling mechanism.
On Thu, 9 Nov 2006, Eric Dumazet wrote:
> > > Lost forever means? If there are more processes watching some fd (external
> > > events), they all get their own copy of the events in their own private
> > > epoll fd. It's not that we "steal" things out of the kernel, is not a 1:1
> > > producer/consumer thing (one producer, 1 queue). It's one producer,
> > > broadcast to all listeners (consumers) thing. The only case where it'd
> > > matter is in the case of multiple threads sharing the same epoll fd.
> >
> > In my particular epoll application, the producer is tcp stack, and I have
> > one consumer. If an network event is lost in the EFAULT handling, its lost
> > forever. In any case, my application do provide a correct user area, so this
> > problem is only theorical.
>
> I realize I was not explicit, and dit not answer your question (Lost forever
> means ?)
>
> if (epi->revents) {
> if (__put_user(epi->revents,
> &events[eventcnt].events) ||
> __put_user(epi->event.data,
> &events[eventcnt].data))
> return -EFAULT;
> >> if (epi->event.events & EPOLLONESHOT)
> >> epi->event.events &= EP_PRIVATE_BITS;
> eventcnt++;
> }
>
> If one EPOLLONESHOT event is correctly copied to user space, its status is
> updated.
>
> If other ready events in the same epoll_wait() call cannot be transferred
> because of an EFAULT (we reach the real end of user provided area), this
> EPOLLONESHOT event is lost forever, because it wont be requeued in ready list.
Your application is feeding crap to the kernel, because of programming
bugs. If that happens, I want an EFAULT and not a partially filled buffer.
And which buffer then? This could have been scribbled in userspace memory
(the pointer), and the try of the kernel to mask out bugs might create
even more subtle problems. Such bug will *never* show up in the up in case
the wrong buffer is partially valid (first part, that is the *only* case
where your fix would make a difference compared to the status quo), since
in case of no ready events we'll never hit it, and in case of some events
we'll always return few of them and never EFAULT. No, the more I think
about it, the more I personally disagree with the change.
> Please dont slow the hot path for a basically "User Error". It's already
> tested in the transfert function, with two conditional
> branches for each transfered event.
Ohh, if you think you can measure them from userspace, those can be turned
in 'err |= __put_user();' with err tested only out of the loop.
- Davide
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists