lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 7 Feb 2012 18:42:44 +0100
From:	Stephane Eranian <eranian@...gle.com>
To:	David Ahern <dsahern@...il.com>
Cc:	linux-kernel@...r.kernel.org, peterz@...radead.org, mingo@...e.hu,
	acme@...hat.com, robert.richter@....com, ming.m.lin@...el.com,
	andi@...stfloor.org, asharma@...com, ravitillo@....gov,
	vweaver1@...s.utk.edu, khandual@...ux.vnet.ibm.com
Subject: Re: [PATCH v5 16/18] perf: enable reading of perf.data files from
 different ABI rev

On Tue, Feb 7, 2012 at 5:41 PM, David Ahern <dsahern@...il.com> wrote:
> On 02/07/2012 08:50 AM, Stephane Eranian wrote:
>>>> +     if (sz == 0) {
>>>> +             /* assume ABI0 */
>>>> +             sz =  PERF_ATTR_SIZE_VER0;
>>>
>>> Shouldn't this be a failure? ie., problem with the file (or the
>>> swapping) since size can't be 0
>>>
>> size can be zero. In which case, it means ABI0 version.
>> See kernel/event/core.c:perf_copy_attr().
>
> ok
>
>>
>>
>>> And then for the following why not restrict sz to known, expected sizes
>>> -- using the PERF_ATTR_SIZE_VER defines introduced in patch 15?
>>>
>> Well, the current code solves the problem once and for all. Old tools
>> can still read new files and vice-versa. If you think that's a problem I
>> can simply bail out if sz > our_sz.
>
> My sensitivity on this is when endianness is broken it is a nightmare to
> find. You end up lacing the code with printfs trying to find which size
> field is going off the charts making the parsing of the file fail - or
> worse the sizes are slightly off and you get non-sense out.
>
> New commands should be able to read old files; old commands reading new
> files is a bit of a stretch in that the code has to be future-proofed.
> It seems like a reasonable requirement for data files to be examined by
> a command of the same vintage or newer as the command that wrote the file.
>
Fine then, I can simply strip that part of the code and return an
error is sz > our_sz.
How about that?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ