| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120203074656.GC30543@elte.hu>
Date: Fri, 3 Feb 2012 08:46:56 +0100
From: Ingo Molnar <mingo@...e.hu>
To: Cyrill Gorcunov <gorcunov@...nvz.org>
Cc: linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Pavel Emelyanov <xemul@...allels.com>,
Serge Hallyn <serge.hallyn@...onical.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
Kees Cook <keescook@...omium.org>, Tejun Heo <tj@...nel.org>,
Andrew Vagin <avagin@...nvz.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Alexey Dobriyan <adobriyan@...il.com>,
Andi Kleen <andi@...stfloor.org>,
KOSAKI Motohiro <kosaki.motohiro@...il.com>,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Glauber Costa <glommer@...allels.com>,
Matt Helsley <matthltc@...ibm.com>,
Pekka Enberg <penberg@...nel.org>,
Eric Dumazet <eric.dumazet@...il.com>,
Vasiliy Kulikov <segoon@...nwall.com>, Valdis.Kletnieks@...edu
Subject: Re: [patch cr 2/4] [RFC] syscalls, x86: Add __NR_kcmp syscall v7
* Cyrill Gorcunov <gorcunov@...nvz.org> wrote:
> +/* Comparision type */
> + * We don't expose real in-memory order of objects for security
> + * reasons, still the comparision results should be suitable for
> + * sorting. Thus, we obfuscate kernel pointers values (using random
> + * cookies obtaned at early boot stage) and compare the production
> + * instead.
> + * 0 - equal
> + * 1 - less than
> + * 2 - greater than
> + * 3 - not equal but ordering unavailable (reserved for future)
Broken spelling in each of those comment blocks. Are these
comments write-only?
> + /*
> + * Tasks are looked up in caller's
> + * PID namespace only.
> + */
Could be a single line.
> +
> + task1 = find_task_by_vpid(pid1);
> + if (!task1) {
> + rcu_read_unlock();
> + return -ESRCH;
> + }
> +
> + task2 = find_task_by_vpid(pid2);
> + if (!task2) {
> + put_task_struct(task1);
> + rcu_read_unlock();
> + return -ESRCH;
> + }
This is not the standard pattern of how we do error paths ...
> + /*
> + * Note for all cases but the KCMP_FILE we
> + * don't take any locks in a sake of speed.
> + */
Spelling.
> + get_random_bytes(&cookies[i][j],
> + sizeof(cookies[i][j]));
ugly line break.
> +late_initcall(kcmp_cookie_init);
any particular reason why this needs to be a late initcall?
> --- /dev/null
> +++ linux-2.6.git/tools/testing/selftests/kcmp/Makefile
> @@ -0,0 +1,35 @@
> +ifeq ($(strip $(V)),)
> + E = @echo
> + Q = @
> +else
> + E = @\#
> + Q =
> +endif
> +export E Q
> +
> +uname_M := $(shell uname -m 2>/dev/null || echo not)
> +ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/i386/)
> +ifeq ($(ARCH),i386)
> + ARCH := X86
> + CFLAGS := -DCONFIG_X86_32
> +endif
> +ifeq ($(ARCH),x86_64)
> + ARCH := X86
> + CFLAGS := -DCONFIG_X86_64
> +endif
> +
> +CFLAGS += -I../../../../arch/x86/include/generated/
> +CFLAGS += -I../../../../include/
> +
> +all:
> +ifeq ($(ARCH),X86)
> + $(E) " CC run_test"
> + $(Q) gcc $(CFLAGS) kcmp_test.c -o run_test
> +else
> + $(E) "Not an x86 target, can't build breakpoints selftests"
> +endif
> +
> +clean:
> + $(E) " CLEAN"
> + $(Q) rm -fr ./run_test
> + $(Q) rm -fr ./test-file
Needs buy-in from the kbuild guys.
> +#ifdef CONFIG_X86_64
> +#include <asm/unistd_64.h>
> +#else
> +#include <asm/unistd_32.h>
> +#endif
Why is asm/unistd.h not good?
> +static long sys_kcmp(int pid1, int pid2, int type, int fd1, int fd2)
> +{
> + return syscall(__NR_kcmp, (long)pid1, (long)pid2,
> + (long)type, (long)fd1, (long)fd2);
> +}
Why is a syscall that takes long arguments defined and called
with int and then cast over to long again?
> + int pid2 = getpid();
> + int ret;
> +
> + fd2 = open("test-file", O_RDWR, 0644);
> + if (fd2 < 0) {
> + perror("Can't open file");
> + exit(1);
> + }
> +
> + /* An example of output and arguments */
> + printf("pid1: %6d pid2: %6d FD: %2d FILES: %2d VM: %2d FS: %2d "
> + "SIGHAND: %2d IO: %2d SYSVSEM: %2d INV: %2d\n",
Visibly stray whitespaces.
> + /* This one should return same fd */
> + ret = sys_kcmp(pid1, pid2, KCMP_FILE, fd1, fd1);
> + if (ret) {
> + printf("FAIL: 0 expected but %d returned\n", ret);
> + ret = -1;
> + } else
> + printf("PASS: 0 returned as expected\n");
> + exit(ret);
this is main(), what's wrong with the standard pattern of return
ret?
I don't know whether this code is correct, but the high amount
of basic cleanliness problems makes me worry about that.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists