lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date:	Sun, 21 Nov 2010 05:55:55 -0500 (EST)
From:	"Robert P. J. Day" <rpjday@...shcourse.ca>
To:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: should list poisoning only kick in after selecting
 CONFIG_DEBUG_LIST?


  a bit confused about list poisoning.  there's this from
<linux/list.h>:

#ifndef CONFIG_DEBUG_LIST
static inline void list_del(struct list_head *entry)
{
        __list_del(entry->prev, entry->next);
        entry->next = LIST_POISON1;
        entry->prev = LIST_POISON2;
}
#else
extern void list_del(struct list_head *entry);
#endif

which seems a bit weird since, even if you *don't* select
CONFIG_DEBUG_LIST, the deleted node's pointers are poisoned.  why?
that's certainly being done in the debug version of list_del() in
lib/list_debug.c, but why is it also being done above?  for what
purpose?

  and if i don't select that debugging option, should *anything* be
checking for those poison values?

$ grep -r -A2 LIST_POISON drivers
drivers/usb/host/xhci-hub.c:		if (cmd->cmd_list.next != LIST_POISON1)
drivers/usb/host/xhci-hub.c-			list_del(&cmd->cmd_list);
drivers/usb/host/xhci-hub.c-		spin_unlock_irqrestore(&xhci->lock, flags);
--
drivers/usb/host/xhci.c:		if (reset_device_cmd->cmd_list.next != LIST_POISON1)
drivers/usb/host/xhci.c-			list_del(&reset_device_cmd->cmd_list);
drivers/usb/host/xhci.c-		spin_unlock_irqrestore(&xhci->lock, flags);
$

  that looks just plain odd.  why would normal driver code that is not
dependent on CONFIG_DEBUG_LIST be checking for poison values?  and if
it finds them, why is that not treated as that something has gone
significantly wrong, rather than quietly glossing over it?

rday

-- 

========================================================================
Robert P. J. Day                               Waterloo, Ontario, CANADA
                        http://crashcourse.ca

Twitter:                                       http://twitter.com/rpjday
LinkedIn:                               http://ca.linkedin.com/in/rpjday
========================================================================
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists