lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.1.10.0804302216520.3013@asgard>
Date:	Wed, 30 Apr 2008 22:19:25 -0700 (PDT)
From:	david@...g.hm
To:	Al Viro <viro@...IV.linux.org.uk>
cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	"Rafael J. Wysocki" <rjw@...k.pl>, Willy Tarreau <w@....eu>,
	David Miller <davem@...emloft.net>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Jiri Slaby <jirislaby@...il.com>
Subject: Re: Slow DOWN, please!!!

On Thu, 1 May 2008, Al Viro wrote:

> FWIW, after the last month's flamefests I decided to actually do something
> about review density of code in the areas I'm theoretically responsible
> for.  Namely, do systematic review of core data structure handling (starting
> with the place where most of the codepaths get into VFS - descriptor tables
> and struct file), doing both blow-by-blow writeup on how that sort of things
> is done and documentation of the life cycle/locking rules/assertions made
> by code/etc.  I made one bad mistake that held the things back for quite
> a while - sending heads-up for one of the worse bugs found in process to
> never-sufficiently-damned vendor-sec.  The last time I'm doing that, TYVM...
>
> Anyway, I'm going to get the notes on that stuff in order and put them in
> the open.  I really hope that other folks will join the fun afterwards.
> The goal is to get a coherent braindump that would be sufficient for
> people new to the area wanting to understand and review VFS-related code -
> both in the tree and in new patches.

thank you, the lack of good documentation on the intent of the code has 
been a significant barrier for new people. it's (relativly) easy for a 
good programmer to look at the code and figure out how it does things, a 
bit harder to figure out what it does, but why it does it (and what it was 
actually _intended_ to do) is very hard to track down

> files_struct/fdtable handling is mostly dealt with, struct file is only
> partially done - unfortunately, struct file_lock has to be dealt with
> before that and it's a (predictable) nightmare.  On the other end of
> things, fs_struct is not really started, vfsmount review is partially
> done, dentry/superblock/inode not even touched.
>
> Even with what little had been covered... well, let's just say that it
> caught quite a few fun turds.  With typical age around 3-4 years.  And
> VFS is not the messiest part of the tree...

it may not be the messiest part of the tree, but it's definantly one of 
the hardest to figure out the intent of.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ