lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <m1d49qoi1o.fsf@fess.ebiederm.org>
Date:	Sat, 30 May 2009 06:07:47 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Tejun Heo <tj@...nel.org>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	linux-kernel@...r.kernel.org,
	Cornelia Huck <cornelia.huck@...ibm.com>,
	linux-fsdevel@...r.kernel.org, Kay Sievers <kay.sievers@...y.org>,
	Greg KH <greg@...ah.com>,
	"Eric W. Biederman" <ebiederm@...stanetworks.com>
Subject: Re: [PATCH 04/24] sysfs: Normalize removing sysfs directories.

Tejun Heo <tj@...nel.org> writes:

> Eric W. Biederman wrote:
>>   Also, I'm quite uncomfortable with these things
>>> being done in non-atomic manner.  It can be made to work but things
>>> like this can lead to subtle race conditions and with the kind of
>>> layering we put on top of sysfs (kobject, driver model, driver
>>> midlayers and so on), it isn't all that easy to verify what's going
>>> on, so NACK for this one.
>> 
>> Total nonsense.
>> 
>> Mucking about with sysfs after we start deleting a directory is a bug.
>> At worst my change makes a buggy race slightly less deterministic.
>> 
>> I am not ready to consider keeping the current unnecessary atomic
>> removal step.  That unnecessary atomicity makes the following patches
>> more difficult, and requires a lot of unnecessary retesting.
>> 
>> What do you think the extra unnecessary atomicity helps protect?
>
> It's just not a clean API.  When people are trying to code things way
> up in the stack, they aren't likely to look up the code to see what
> assumptions are being made especially when the stack is deep and
> complex and sysfs is near the bottom of the tall stack.  IMHO
> implementing the usually expected semantics at this depth is worth
> every effort.  It's just good implementation style which might look
> like wasted effort but will harden the stack in the long run.  Plus,
> it's not like making it atomic is difficult or anything.

I guess we are going to have to disagree on this one.

My take is simply that a correct user has to wait until no one else
can find the kobject before calling kobject_del.  At which point
races are impossible, and it doesn't matter if sysfs_mutex is held
across the entire operation.


For the long term I still intend to kill __sysfs_remove_dir.  Just
not in this patch series.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ