| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1d49qoi1o.fsf@fess.ebiederm.org> Date: Sat, 30 May 2009 06:07:47 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Tejun Heo <tj@...nel.org> Cc: Andrew Morton <akpm@...ux-foundation.org>, Greg Kroah-Hartman <gregkh@...e.de>, linux-kernel@...r.kernel.org, Cornelia Huck <cornelia.huck@...ibm.com>, linux-fsdevel@...r.kernel.org, Kay Sievers <kay.sievers@...y.org>, Greg KH <greg@...ah.com>, "Eric W. Biederman" <ebiederm@...stanetworks.com> Subject: Re: [PATCH 04/24] sysfs: Normalize removing sysfs directories. Tejun Heo <tj@...nel.org> writes: > Eric W. Biederman wrote: >> Also, I'm quite uncomfortable with these things >>> being done in non-atomic manner. It can be made to work but things >>> like this can lead to subtle race conditions and with the kind of >>> layering we put on top of sysfs (kobject, driver model, driver >>> midlayers and so on), it isn't all that easy to verify what's going >>> on, so NACK for this one. >> >> Total nonsense. >> >> Mucking about with sysfs after we start deleting a directory is a bug. >> At worst my change makes a buggy race slightly less deterministic. >> >> I am not ready to consider keeping the current unnecessary atomic >> removal step. That unnecessary atomicity makes the following patches >> more difficult, and requires a lot of unnecessary retesting. >> >> What do you think the extra unnecessary atomicity helps protect? > > It's just not a clean API. When people are trying to code things way > up in the stack, they aren't likely to look up the code to see what > assumptions are being made especially when the stack is deep and > complex and sysfs is near the bottom of the tall stack. IMHO > implementing the usually expected semantics at this depth is worth > every effort. It's just good implementation style which might look > like wasted effort but will harden the stack in the long run. Plus, > it's not like making it atomic is difficult or anything. I guess we are going to have to disagree on this one. My take is simply that a correct user has to wait until no one else can find the kobject before calling kobject_del. At which point races are impossible, and it doesn't matter if sysfs_mutex is held across the entire operation. For the long term I still intend to kill __sysfs_remove_dir. Just not in this patch series. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists