lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20090506113117.ba254f75.akpm@linux-foundation.org>
Date:	Wed, 6 May 2009 11:31:17 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Oliver Neukum <oliver@...kum.org>
Cc:	david-b@...bell.net, lihong.hi@...il.com,
	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: use memdup_user()

On Wed, 6 May 2009 15:34:52 +0200
Oliver Neukum <oliver@...kum.org> wrote:

> Am Dienstag, 5. Mai 2009 19:22:53 schrieb Andrew Morton:
> > On Tue, 5 May 2009 12:44:01 +0200 Oliver Neukum <oliver@...kum.org> wrote:
> 
> > > USB drivers are interface level yet some functions, reset and power
> > > management, are on a device level. As it is unpredictable whether
> > > a driver will share a device with a storage driver, all USB drivers as
> > > far as these functions are concerned must be considered block device
> > > drivers. That's the reason GFP_NOIO is so prevalent in USB.
> >
> > There must be some particular action which flips the thread of control
> > from one state to the other.  eg, taking of a lock.
> 
> Basically assigning an interface to the storage or ub driver.

That's hardly enough information for anyone to understand what you
mean :(

Oh well, doesn't matter.

> > > > I wonder how hard it would be to add runtime debugging checks?  If
> > >
> > > I'd prefer compile time checks. Ideally we'd annotate a function with an
> > > attribute making the compiler barf if copy_to/from_user or an
> > > inappropriate kmalloc is used. It can't be perfect due to function
> > > pointers, but it would be a good start.
> >
> > I don't think that would have enough coverage - bugs in this area tend
> > to come from calling some function which looks innocent, but which
> > calls some function which calls some function which calls some function
> > which uses GFP_KERNEL.
> >
> > And then there's stuff like "usb takes a mutex which is also taken by
> > some other thread which does a GFP_KERNEL allocation while holding that
> > mutex".
> 
> Yes, but to catch that you'd have to teach lockdep about those functions
> whose locks are dangerous to share with respect to memory allocation.
> Is there another way to do that besides labelling dangerous methods?

Adding lockdep annotation to the locks, I guess.  Probably a new kind of
annotation.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ