lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 19 Jan 2012 10:13:20 -0500 (EST)
From:	Alan Stern <stern@...land.harvard.edu>
To:	"Srivatsa S. Bhat" <srivatsa.bhat@...ux.vnet.ibm.com>
cc:	Ingo Molnar <mingo@...e.hu>, Kay Sievers <kay.sievers@...y.org>,
	"Luck, Tony" <tony.luck@...el.com>, Greg KH <gregkh@...e.de>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	"Rafael J. Wysocki" <rjw@...k.pl>,
	Sergei Trofimovich <slyich@...il.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Linux PM mailing list <linux-pm@...r.kernel.org>,
	Borislav Petkov <bp@...64.org>,
	"tglx@...utronix.de" <tglx@...utronix.de>,
	"prasad@...ux.vnet.ibm.com" <prasad@...ux.vnet.ibm.com>,
	Ming Lei <tom.leiming@...il.com>,
	Djalal Harouni <tixxdz@...ndz.org>,
	Borislav Petkov <borislav.petkov@....com>,
	Hidetoshi Seto <seto.hidetoshi@...fujitsu.com>,
	Andi Kleen <ak@...ux.intel.com>,
	"gouders@...bocholt.fh-gelsenkirchen.de" 
	<gouders@...bocholt.fh-gelsenkirchen.de>,
	Marcos Souza <marcos.mage@...il.com>,
	"justinmattock@...il.com" <justinmattock@...il.com>,
	Jeff Chua <jeff.chua.linux@...il.com>
Subject: Re: [PATCH] mce: fix warning messages about static struct mce_device

On Thu, 19 Jan 2012, Srivatsa S. Bhat wrote:

> On 01/19/2012 06:02 PM, Ingo Molnar wrote:

> > But this is not what happened here - it's a special piece of 
> > fundamental hardware that doesnt hot-plug separately from the 
> > CPU and that has just a single "user".
> > 
> > So i'm curious, why wasn't the memset() enough? It should have 
> > resolved the bug AFAICS.
> > 
> 
> 
>  It did! The memset _did_ fix the bug.

But will it continue to fix the bug in the future?

Or to put it another way, even though no code takes references to these
device structures (can you really guarantee that even now?), how do you
prevent references being taken in future versions of the kernel?  
Calling memset while there still are outstanding references very
definitely _is_ a bug.

IIRC, it used to be completely impossible to prevent this from
happening because sysfs would take references whenever user tasks
opened attribute files.  Sysfs no longer does this, but the basic
principle of defensive programming still applies.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists