lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20101115211430.GA19071@core.coreip.homeip.net>
Date:	Mon, 15 Nov 2010 13:14:30 -0800
From:	Dmitry Torokhov <dmitry.torokhov@...il.com>
To:	Vladislav Bolkhovitin <vst@...b.net>
Cc:	Boaz Harrosh <bharrosh@...asas.com>, Greg KH <greg@...ah.com>,
	linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
	scst-devel <scst-devel@...ts.sourceforge.net>,
	James Bottomley <James.Bottomley@...senPartnership.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	FUJITA Tomonori <fujita.tomonori@....ntt.co.jp>,
	Mike Christie <michaelc@...wisc.edu>,
	Vu Pham <vuhuong@...lanox.com>,
	Bart Van Assche <bart.vanassche@...il.com>,
	James Smart <James.Smart@...lex.Com>,
	Joe Eykholt <jeykholt@...co.com>, Andy Yan <ayan@...vell.com>,
	Chetan Loke <generationgnu@...oo.com>,
	Hannes Reinecke <hare@...e.de>,
	Richard Sharpe <realrichardsharpe@...il.com>,
	Daniel Henrique Debonzi <debonzi@...ux.vnet.ibm.com>
Subject: Re: [PATCH 8/19]: SCST SYSFS interface implementation

On Mon, Nov 15, 2010 at 11:37:28PM +0300, Vladislav Bolkhovitin wrote:
> Dmitry Torokhov, on 11/15/2010 10:04 AM wrote:
> 
> >> This is because SYSFS doesn't hold references for the corresponding
> >> kobjects for every open file handle. It holds references only when
> >> show() and store() functions called. So, everything is under control and
> >> a malicious user can do nothing to hold a reference forever.
> > 
> > Right, Tejun plugged this particular (and very annoying) attributes
> > behavior
> 
> This behavior isn't annoying, it's GREAT, because it allows to use SYSFS
> simply and reliably.

Right, I mean that _before_ Tejun plugged that hole the behavior _was_
annoying.

> 
> >, but that does not mean that this is the only way kobject's
> > reference might be pinned.
> 
> Could you be more specific and point out on exact ways for that? From my
> quite deep SYSFS source code study I see such cases should not exist.

While I do not know offhand I am sure there are such scenarios. Isn't
there any way for the users that you are waiting on descend back into
your module that is waiting for kobject removal and get stuck on some
resource?

Even if it isn't possible now the scheme is quite fragile. Kobjects are
refcounted so work with them appropriately (rely on refcount, do not
wait, etc).

-- 
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ