[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTinJimOb4CMQeDm+Ob60N5v4QAMWwg@mail.gmail.com>
Date: Wed, 15 Jun 2011 12:32:42 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Andrew Lutomirski <luto@....edu>
Cc: Ingo Molnar <mingo@...e.hu>,
Rakib Mullick <rakib.mullick@...il.com>, hpa@...or.com,
tglx@...utronix.de, x86@...nel.org, linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] x86, vsyscall: Fix build warning in vsyscall_64.c
On Wed, Jun 15, 2011 at 12:24 PM, Andrew Lutomirski <luto@....edu> wrote:
>
> Well, let's say that my logic is wrong and this particular BUG can be
> hit because some kernel bug allows some user program to trigger it.
Christ, we already check the particular address. And if a user can
generate the buggy situation, THEN THE BUG_ON() SURE AS HELL ISN'T
HELPING ANYTHING!
Guys, if that BUG_ON can ever be triggered, IT IS A SECURITY HOLE IN
ITSELF! What's so hard to understand about that?
BUG_ON's are not "good ways to figure out something went wrong". They
are an absolute last-case situation. They are NOT "let's fix that
security hole by halting the whole machine" kind of valid.
If you're really worried about it ever triggering, then dammit, HANDLE THE CASE.
Don't add a BUG_ON() for something you're afraid of. That is NEVER the
right thing to do. If you're worried that that situation can trigger,
then do the right code for that situation. Don't throw your hands in
the air and say "that's a bug".
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists