| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120124214630.GF2546@moon>
Date: Wed, 25 Jan 2012 01:46:30 +0400
From: Cyrill Gorcunov <gorcunov@...il.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>,
KOSAKI Motohiro <kosaki.motohiro@...il.com>,
"H. Peter Anvin" <hpa@...or.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
linux-kernel@...r.kernel.org,
Pavel Emelyanov <xemul@...allels.com>,
Serge Hallyn <serge.hallyn@...onical.com>,
Kees Cook <keescook@...omium.org>, Tejun Heo <tj@...nel.org>,
Andrew Vagin <avagin@...nvz.org>,
Alexey Dobriyan <adobriyan@...il.com>,
Ingo Molnar <mingo@...e.hu>,
Thomas Gleixner <tglx@...utronix.de>,
Glauber Costa <glommer@...allels.com>,
Andi Kleen <andi@...stfloor.org>,
Matt Helsley <matthltc@...ibm.com>,
Pekka Enberg <penberg@...nel.org>,
Eric Dumazet <eric.dumazet@...il.com>,
Vasiliy Kulikov <segoon@...nwall.com>, Valdis.Kletnieks@...edu
Subject: Re: [patch 2/4] [RFC] syscalls, x86: Add __NR_kcmp syscall v4
On Tue, Jan 24, 2012 at 01:22:22PM -0800, Andrew Morton wrote:
>
> PIDs are not unique. One wonders what happens in this syscall if the
> same pid appears in two namespaces.
>
> <reads the code>
>
> Seems that it performs lookups only in the caller's PID namespace.
> Maybe this is appropriate but it should be described and justified in
> the changelog and in code comments, please. And in the forthcoming
> manpage ;)
>
Yes, caller's namespace was used intentionally, will add comments (manpage
makes me shiver).
> > At moment only x86 is supported.
>
> Presumably you have a test app. Please let's include that app in
> tools/testing/selftests/ for arch maintainers and others to use and
> maintain.
ok
> > +static unsigned long cookies[KCMP_TYPES][2] __read_mostly;
>
> This reader of this code doesn't understand why all this cookie stuff
> is in here. Please include code comments which explain the reason for
> the existence of this code.
>
ok
> > +static long kptr_obfuscate(long v, int type)
> > +{
> > + return (v ^ cookies[type][0]) * cookies[type][1];
> > +}
> > +
> > +/*
> > + * 0 - equal
> > + * 1 - less than
> > + * 2 - greater than
> > + * 3 - not equal but ordering unavailable
>
> what the heck does case 3 mean? Why is it here?
>
I'll add a comment. It's reserved for case where we might
need to disable gt/lt comparision result. Probably in future.
> > +
> > +#define KCMP_PTR(ptr1, ptr2, type) \
> > + kcmp_ptr((long)ptr1, (long)ptr2, type)
>
> ugh. This:
>
> static long kptr_obfuscate(void *p, enum you_forgot_to_name_the_enum type)
> {
> return ((long)p ^ cookies[type][0]) * cookies[type][1];
> }
>
> static int kcmp_task_pointers(void *task1, void *task2, size_t field_offset,
> enum you_forgot_to_name_the_enum type)
> {
> void **field1 = t1 + field_offset; /* points to a pointer in the task_struct */
> void **field2 = t1 + field_offset;
> long diff;
>
> diff = kptr_obfuscate(*field1, type) - kptr_obfuscate(*field2, type);
> return (diff < 0) | ((diff > 0) << 1);
> }
>
> ...
> ret = kcmp_task_pointers(task1, task2, offsetof(task_struct, mm),
> KCMP_VM);
> ...
>
> see? No nasty macros, it's type-correct and it uses only a single
> explicit typecast.
>
ok, i'll change it of course, but I personally like macros version more.
> > +/* A caller must be sure the task is presented in memory */
> "The caller must have pinned the task"
>
> > + if (!ptrace_may_access(task1, PTRACE_MODE_READ) ||
> > + !ptrace_may_access(task2, PTRACE_MODE_READ)) {
>
> Add a comment explaining this decision.
>
OK.
>
> ENOENT seems inappropriate here.
>
Which one should be better?
> > +static __init int kcmp_cookie_init(void)
> > +{
> > + int i, j;
> > +
> > + for (i = 0; i < KCMP_TYPES; i++) {
> > + for (j = 0; j < 2; j++) {
> > + get_random_bytes(&cookies[i][j],
> > + sizeof(cookies[i][j]));
> > + }
> > + cookies[i][1] |= (~(~0UL >> 1) | 1);
>
> hm, what's the point in writing a random number to cookies[i][1] and
> then immediately overwriting that with a constant?
It's '|=' , not '='.
Cyrill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists