lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070111192056.GB24623@infradead.org>
Date:	Thu, 11 Jan 2007 19:20:56 +0000
From:	Christoph Hellwig <hch@...radead.org>
To:	Hoang-Nam Nguyen <hnguyen@...ux.vnet.ibm.com>
Cc:	Roland Dreier <rdreier@...co.com>, hch@...radead.org,
	linux-kernel@...r.kernel.org, linuxppc-dev@...abs.org,
	openfabrics-ewg@...nib.org, openib-general@...nib.org,
	raisch@...ibm.com
Subject: Re: [PATCH/RFC 2.6.21 3/5] ehca: completion queue: remove use of do_mmap()

On Thu, Jan 11, 2007 at 08:08:36PM +0100, Hoang-Nam Nguyen wrote:
> Hello Roland and Christoph H.!
> This is a patch for ehca_cq.c. It removes all direct calls of do_mmap()/munmap()
> when creating and destroying a completion queue respectively. 
> Thanks
> Nam

This patch looks good, but there are some issues with the surrounding code:

> +		if (my_cq->ownpid != cur_pid) {
> +			ehca_err(device, "Invalid caller pid=%x ownpid=%x "
> +				 "cq_num=%x",
> +				 cur_pid, my_cq->ownpid, my_cq->cq_number);
> +			return -EINVAL;
> +		}

(for other reviewers: this is not new code, just moved around)

Owner tracking by pid is really dangerous.  File descriptors can be
passed around by unix sockets, a single process can have files open
more than once, etc..

It seems ehca wants to prevent threads other than the creating one
from performing most operations.  Can you explain the reason for this?

>  	spin_lock_irqsave(&ehca_cq_idr_lock, flags);
>  	while (my_cq->nr_callbacks)
>  		yield();

Calling yield is a very bad idea in general.  You should probably
add a waitqueue that gets woken when nr_callbacks reaches zero to
sleep effectively here.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ