| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 06 Oct 2008 22:47:02 +0200 From: Peter Zijlstra <a.p.zijlstra@...llo.nl> To: Roland McGrath <roland@...hat.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, hch <hch@...radead.org>, Alexey Dobriyan <adobriyan@...il.com> Subject: Re: [PATCH 0/2] utrace Hi Roland, I've been looking over the utrace code: git://git.kernel.org/pub/scm/linux/kernel/git/frob/linux-2.6-utrace.git git diff d3a47e82b6bc3724dd60f3ee4e84fe4479104382..utrace/master and while I'm nowhere near done, I'd like to provide some feedback and pose some questions. - what's up with these weak declarations? - struct utrace_attached_engine is a tad strange as we don't have a regular struct utrace_engine. - does it make sense to create this struct utrace_engine and replace the struct utrace_engine_ops and the void *data members of struct utrace_attached_engine with a pointer to it, and obtain the data by using container_of() on the engine itself? That is, let the user embed struct utrace_engine in a larger structure. - I encountered a lot of unannotated memory barriers. Please add a comment to each and every one describing the race and a pointer to its pair. There is no such thing as a trivial memory barrier. - it has these decidedly un-kernel-ish public/private comments - Why does it have two lists for attaching tasks? The description/comments explain how it works but not why we do it that way. - utrace_attach_task() was very hard to read, the code flow is unconventional at best. - utrace_stop() can seemingly return true even though it didn't get SIGKILL - contrary to its comments. - get_utrace_lock() made me look at ->engine_ops serialisation - I couldn't convince myself its race free. - I saw a lot of if (unlikely(a) || unlikely(b)) style thing, please write as if (unlikely(a || b)). - utrace_release_task() seems to be missing rcu_read_lock()/rcu_read_unlock() to ensure the utrace pointer stays valid. - utrace_control() seems to access ->exit_state in a racy manner. - some comments say 'race' but fail to provide specifics. - as was suggested by Christoph and Alexey, removing struct utrace *task_struct::utrace in favour of embedding it right into task_struct itself would remove quite a bit of complexity. I would consider doing this, esp as you could remove the ptrace specifics from task_struct. hth -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists