lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20111201152851.7e39f034.akpm@linux-foundation.org>
Date:	Thu, 1 Dec 2011 15:28:51 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Petr Holasek <pholasek@...hat.com>
Cc:	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
	Anton Arapov <anton@...hat.com>
Subject: Re: NUMA x86: add constraints check for nid parameters

On Fri, 2 Dec 2011 00:14:42 +0100
Petr Holasek <pholasek@...hat.com> wrote:

> On Thu, 01 Dec 2011, Andrew Morton wrote:
> 
> > Date: Thu, 1 Dec 2011 13:34:51 -0800
> > From: Andrew Morton <akpm@...ux-foundation.org>
> > To: Petr Holasek <pholasek@...hat.com>
> > Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
> >  "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org, Anton
> >  Arapov <anton@...hat.com>
> > Subject: Re: [PATCH RESEND] NUMA x86: add constraints check for nid
> >  parameters
> > 
> > On Thu,  1 Dec 2011 12:45:07 +0100
> > Petr Holasek <pholasek@...hat.com> wrote:
> > 
> > > This patch adds constraints checks into __node_distance() and
> > > numa_set_distance() functions. If from or to parameters are
> > > lower than zero, it results into oops now.
> > 
> > Passing negative numbers into __node_distance() sounds like a bug in
> > the caller, and this patch will remove our means of detecting that bug.
> 
> That's true, but upper boundary is checked now, so why not to check lower?

Because it adds more code to the kernel and can hide bugs?

> Seems inconsistent to me - from this point of view even don't check anything
> would be better for detecting bug in the caller.
> 
> > 
> > Perhaps we need to be told more about this patch.  Is the bug
> > user-triggerable?  If so, how?  How was this fault triggered? 
> > Etcetera.
> > 
> 
> AFAIK, neither __node_distance() nor numa_set_distance() aren't in any
> path from user-space inputs. Their paramaters are based on ACPI tables
> provided by HW vendors.

That didn't answer my questions.  Have you observed any problems in
this code?  If so, please fully describe them.  Or was it purely from
code inspection?

If what we're doing here is to be defensive against buggy BIOS tables
(a good idea) then we should validate the BIOS table values as close as
possible to the point where they were read frmo the BIOS.  And we should
(probably) emit a warning if a bad table entry is detected, rather than
silently fixing it up.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ