| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Aug 2011 09:01:46 +0100 From: Martyn Welch <martyn.welch@...com> To: "Emilio G. Cota" <cota@...ap.org> CC: gregkh@...e.de, devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 5/8] staging: vme: add functions for bridge module refcounting On 05/08/11 18:47, Emilio G. Cota wrote: > On Fri, Aug 05, 2011 at 10:24:55 +0100, Martyn Welch wrote: >> I think that by refcounting the resources being used we >> will know whether a bridge module is being used or not, >> thus whether it can be unloaded or not. > > But the granularity is wrong; if you want to know whether the > bridge is being used, just keep track of the devices *which > want to make known* that they're under the bridge. > I disagree, it shouldn't be up to the driver to determine whether it's use of the bus should be known by the system. The system should know when the bus is being used. >> By reference counting the use of resources we minimise the >> chance of poorly written drivers using resources, but not >> registering the fact that they are in fact using a VME bridge. > > A driver leaking a resource will then leave a bogus refcount > on the bus driver--a clear case of self-inflicted pain. > As opposed to adding a function that *only* refcounts and therefore requires every driver to make extra explicit function call just to keep the refcounts up-to-date. > The argument of "poorly written drivers" does not apply; > I would expect all the merged drivers to be "good quality" > only, that's why we want to be upstream and why we put effort > in reviewing. Your point is well-intentioned, but in > practice we'd be shooting ourselves in the foot, potentially > ending up with an unremovable vme bridge module--which is > worse than a driver leaking a resource. > Which wouldn't happen because all the upstreamed drivers are "good quality". I might add that failing to free a resource will mean that it won't be re-allocated, so having visibility of the number of resources having been allocated would be advantageous. > Refcounting must be kept simple & stupid; doing it behind the > backs of the drivers we're trying to protect is a mistake. > I just simply disagree. Forcing each driver to specifically maintain the refcount is just stupid when an alternative is possible. Martyn -- Martyn Welch (Principal Software Engineer) | Registered in England and GE Intelligent Platforms | Wales (3828642) at 100 T +44(0)127322748 | Barbirolli Square, Manchester, E martyn.welch@...com | M2 3AB VAT:GB 927559189 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists