lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120203083530.GD1968@moon>
Date:	Fri, 3 Feb 2012 12:35:30 +0400
From:	Cyrill Gorcunov <gorcunov@...nvz.org>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Pavel Emelyanov <xemul@...allels.com>,
	Serge Hallyn <serge.hallyn@...onical.com>,
	KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
	Kees Cook <keescook@...omium.org>, Tejun Heo <tj@...nel.org>,
	Andrew Vagin <avagin@...nvz.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Alexey Dobriyan <adobriyan@...il.com>,
	Andi Kleen <andi@...stfloor.org>,
	KOSAKI Motohiro <kosaki.motohiro@...il.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Glauber Costa <glommer@...allels.com>,
	Matt Helsley <matthltc@...ibm.com>,
	Pekka Enberg <penberg@...nel.org>,
	Eric Dumazet <eric.dumazet@...il.com>,
	Vasiliy Kulikov <segoon@...nwall.com>, Valdis.Kletnieks@...edu
Subject: Re: [patch cr 2/4] [RFC] syscalls, x86: Add __NR_kcmp syscall v7

On Fri, Feb 03, 2012 at 08:46:56AM +0100, Ingo Molnar wrote:
> 
> * Cyrill Gorcunov <gorcunov@...nvz.org> wrote:
> 
> > +/* Comparision type */
> 
> > + * We don't expose real in-memory order of objects for security
> > + * reasons, still the comparision results should be suitable for
> > + * sorting. Thus, we obfuscate kernel pointers values (using random
> > + * cookies obtaned at early boot stage) and compare the production
> > + * instead.
> 
> > + * 0 - equal
> > + * 1 - less than
> > + * 2 - greater than
> > + * 3 - not equal but ordering unavailable (reserved for future)
> 
> Broken spelling in each of those comment blocks. Are these 
> comments write-only?

No, they are not write-only. I've fixed typos in first comment block,
though I don't understand what is wrong with 0,1,2,3 comments.

> 
> > +	/*
> > +	 * Tasks are looked up in caller's
> > +	 * PID namespace only.
> > +	 */
> 
> Could be a single line.
> 

Ok, will do so.

> > +
> > +	task1 = find_task_by_vpid(pid1);
> > +	if (!task1) {
> > +		rcu_read_unlock();
> > +		return -ESRCH;
> > +	}
> > +
> > +	task2 = find_task_by_vpid(pid2);
> > +	if (!task2) {
> > +		put_task_struct(task1);
> > +		rcu_read_unlock();
> > +		return -ESRCH;
> > +	}
> 
> This is not the standard pattern of how we do error paths ...

OK, I'll try to make it in standart way.

> 
> > +	/*
> > +	 * Note for all cases but the KCMP_FILE we
> > +	 * don't take any locks in a sake of speed.
> > +	 */
> 
> Spelling.

Not sure what you mean here, but I'll drop this comment
to eliminate this problem.

> 
> > +			get_random_bytes(&cookies[i][j],
> > +					 sizeof(cookies[i][j]));
> 
> ugly line break.
> 

Why? Looks pretty good to me. But sure I'll change it.

> > +late_initcall(kcmp_cookie_init);
> 
> any particular reason why this needs to be a late initcall?
> 

Grr! The late_initcall remained here from versions where I've
been playing with crypto hashes. Thanks, Ingo, I'll fix!

> > +
> > +clean:
> > +	$(E) "  CLEAN"
> > +	$(Q) rm -fr ./run_test
> > +	$(Q) rm -fr ./test-file
> 
> Needs buy-in from the kbuild guys.

I took breakpoint test as example. Maybe I should
send this test case code as a separate patch?

> 
> > +#ifdef CONFIG_X86_64
> > +#include <asm/unistd_64.h>
> > +#else
> > +#include <asm/unistd_32.h>
> > +#endif
> 
> Why is asm/unistd.h not good?
> 

With asm/unistd.h it fails to build because it requires the headers
to be installed first (ie headers_install target) so I though this
way would be more convenient, no?

> > +static long sys_kcmp(int pid1, int pid2, int type, int fd1, int fd2)
> > +{
> > +	return syscall(__NR_kcmp, (long)pid1, (long)pid2,
> > +		       (long)type, (long)fd1, (long)fd2);
> > +}
> 
> Why is a syscall that takes long arguments defined and called 
> with int and then cast over to long again?
> 

Just a habit, the args will be converted to long anyway,
so I don't see a problem here. Still I can drop them.

> > +		int pid2 = getpid();
> > +		int ret;
> > +
> > +		fd2 = open("test-file", O_RDWR, 0644);
> > +		if (fd2 < 0) {
> > +			perror("Can't open file");
> > +			exit(1);
> > +		}
> > +
> > +		/* An example of output and arguments */
> > +                printf("pid1: %6d pid2: %6d FD: %2d FILES: %2d VM: %2d FS: %2d "
> > +		       "SIGHAND: %2d IO: %2d SYSVSEM: %2d INV: %2d\n",
> 
> Visibly stray whitespaces.
> 
> > +		/* This one should return same fd */
> > +		ret = sys_kcmp(pid1, pid2, KCMP_FILE, fd1, fd1);
> > +		if (ret) {
> > +			printf("FAIL: 0 expected but %d returned\n", ret);
> > +			ret = -1;
> > +		} else
> > +			printf("PASS: 0 returned as expected\n");
> > +		exit(ret);
> 
> this is main(), what's wrong with the standard pattern of return 
> ret?
> 

It's fork'ed children.

> I don't know whether this code is correct, but the high amount 
> of basic cleanliness problems makes me worry about that.
> 

Code is correct. I'll clean up the nits you pointed.

	Cyrill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ