lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <200803061132.54554.rusty@rustcorp.com.au>
Date:	Thu, 6 Mar 2008 11:32:54 +1100
From:	Rusty Russell <rusty@...tcorp.com.au>
To:	Adrian Bunk <bunk@...nel.org>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Alexey Dobriyan <adobriyan@...il.com>
Subject: Re: [PATCH 2/2] modules: Whine about suspicious return values from module's ->init() hook

On Thursday 06 March 2008 10:04:45 Adrian Bunk wrote:
> On Tue, Mar 04, 2008 at 11:22:26PM +1100, Rusty Russell wrote:
> > Subject: Whine about suspicious return values from module's ->init() hook
> > Date: Mon, 11 Feb 2008 01:09:06 +0300
> > From: Alexey Dobriyan <adobriyan@...il.com>
> >
> > Return value convention of module's init functions is 0/-E. Sometimes,
> > e.g. during forward-porting mistakes happen and buggy module created,
> > where result of comparison "workqueue != NULL" is propagated all the way
> > up to sys_init_module. What happens is that some other module created
> > workqueue in question, our module created it again and module was
> > successfully loaded.
> >
> > Or it could be some other bug.
> >
> > Let's make such mistakes much more visible. In retrospective, such
> > messages would noticeably shorten some of my head-scratching sessions.
> >
> > Note, that dump_stack() is just a way to get attention from user.
> > Sample message:
> >
> > sys_init_module: 'foo'->init suspiciously returned 1, it should follow
> > 0/-E convention sys_init_module: loading module anyway...
> >...
>
> While I agree with Andrew that a BUG() would not be appropriate here I'm
> wondering why the module should be loaded?
>
> We do know that something in the module is buggy.

Unfortunately not: it's a semantic change.  Previously as per Unix standard, 
>=0 was good, < 0 was bad.  This resulted in some confusion, and so Alexey 
proposed tightening the rules, to only allow <= 0 values.

So we don't know that the module is buggy.  It's possible that it's returning 
ENODEV instead of -ENODEV, but it's also possible that it's returning 1 to 
mean "ok".

> And not loading the module also seems to be a good compromise between
> making the user notice the problem and not doing a panic().

Depends which way the failure is.  Andrew said not to break existing systems.

To avoid this, we'd need an audit which noone wants to do, so we're being 
lazy.

Hope that clarifies my thinking,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ