| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Feb 2012 12:35:30 +0400
From: Cyrill Gorcunov <gorcunov@...nvz.org>
To: Ingo Molnar <mingo@...e.hu>
Cc: linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Pavel Emelyanov <xemul@...allels.com>,
Serge Hallyn <serge.hallyn@...onical.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
Kees Cook <keescook@...omium.org>, Tejun Heo <tj@...nel.org>,
Andrew Vagin <avagin@...nvz.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Alexey Dobriyan <adobriyan@...il.com>,
Andi Kleen <andi@...stfloor.org>,
KOSAKI Motohiro <kosaki.motohiro@...il.com>,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Glauber Costa <glommer@...allels.com>,
Matt Helsley <matthltc@...ibm.com>,
Pekka Enberg <penberg@...nel.org>,
Eric Dumazet <eric.dumazet@...il.com>,
Vasiliy Kulikov <segoon@...nwall.com>, Valdis.Kletnieks@...edu
Subject: Re: [patch cr 2/4] [RFC] syscalls, x86: Add __NR_kcmp syscall v7
On Fri, Feb 03, 2012 at 08:46:56AM +0100, Ingo Molnar wrote:
>
> * Cyrill Gorcunov <gorcunov@...nvz.org> wrote:
>
> > +/* Comparision type */
>
> > + * We don't expose real in-memory order of objects for security
> > + * reasons, still the comparision results should be suitable for
> > + * sorting. Thus, we obfuscate kernel pointers values (using random
> > + * cookies obtaned at early boot stage) and compare the production
> > + * instead.
>
> > + * 0 - equal
> > + * 1 - less than
> > + * 2 - greater than
> > + * 3 - not equal but ordering unavailable (reserved for future)
>
> Broken spelling in each of those comment blocks. Are these
> comments write-only?
No, they are not write-only. I've fixed typos in first comment block,
though I don't understand what is wrong with 0,1,2,3 comments.
>
> > + /*
> > + * Tasks are looked up in caller's
> > + * PID namespace only.
> > + */
>
> Could be a single line.
>
Ok, will do so.
> > +
> > + task1 = find_task_by_vpid(pid1);
> > + if (!task1) {
> > + rcu_read_unlock();
> > + return -ESRCH;
> > + }
> > +
> > + task2 = find_task_by_vpid(pid2);
> > + if (!task2) {
> > + put_task_struct(task1);
> > + rcu_read_unlock();
> > + return -ESRCH;
> > + }
>
> This is not the standard pattern of how we do error paths ...
OK, I'll try to make it in standart way.
>
> > + /*
> > + * Note for all cases but the KCMP_FILE we
> > + * don't take any locks in a sake of speed.
> > + */
>
> Spelling.
Not sure what you mean here, but I'll drop this comment
to eliminate this problem.
>
> > + get_random_bytes(&cookies[i][j],
> > + sizeof(cookies[i][j]));
>
> ugly line break.
>
Why? Looks pretty good to me. But sure I'll change it.
> > +late_initcall(kcmp_cookie_init);
>
> any particular reason why this needs to be a late initcall?
>
Grr! The late_initcall remained here from versions where I've
been playing with crypto hashes. Thanks, Ingo, I'll fix!
> > +
> > +clean:
> > + $(E) " CLEAN"
> > + $(Q) rm -fr ./run_test
> > + $(Q) rm -fr ./test-file
>
> Needs buy-in from the kbuild guys.
I took breakpoint test as example. Maybe I should
send this test case code as a separate patch?
>
> > +#ifdef CONFIG_X86_64
> > +#include <asm/unistd_64.h>
> > +#else
> > +#include <asm/unistd_32.h>
> > +#endif
>
> Why is asm/unistd.h not good?
>
With asm/unistd.h it fails to build because it requires the headers
to be installed first (ie headers_install target) so I though this
way would be more convenient, no?
> > +static long sys_kcmp(int pid1, int pid2, int type, int fd1, int fd2)
> > +{
> > + return syscall(__NR_kcmp, (long)pid1, (long)pid2,
> > + (long)type, (long)fd1, (long)fd2);
> > +}
>
> Why is a syscall that takes long arguments defined and called
> with int and then cast over to long again?
>
Just a habit, the args will be converted to long anyway,
so I don't see a problem here. Still I can drop them.
> > + int pid2 = getpid();
> > + int ret;
> > +
> > + fd2 = open("test-file", O_RDWR, 0644);
> > + if (fd2 < 0) {
> > + perror("Can't open file");
> > + exit(1);
> > + }
> > +
> > + /* An example of output and arguments */
> > + printf("pid1: %6d pid2: %6d FD: %2d FILES: %2d VM: %2d FS: %2d "
> > + "SIGHAND: %2d IO: %2d SYSVSEM: %2d INV: %2d\n",
>
> Visibly stray whitespaces.
>
> > + /* This one should return same fd */
> > + ret = sys_kcmp(pid1, pid2, KCMP_FILE, fd1, fd1);
> > + if (ret) {
> > + printf("FAIL: 0 expected but %d returned\n", ret);
> > + ret = -1;
> > + } else
> > + printf("PASS: 0 returned as expected\n");
> > + exit(ret);
>
> this is main(), what's wrong with the standard pattern of return
> ret?
>
It's fork'ed children.
> I don't know whether this code is correct, but the high amount
> of basic cleanliness problems makes me worry about that.
>
Code is correct. I'll clean up the nits you pointed.
Cyrill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists