| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Apr 2012 10:04:11 +0200 From: Ingo Molnar <mingo@...nel.org> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Bruno Prémont <bonbons@...ux-vserver.org>, Greg KH <gregkh@...uxfoundation.org>, Peter Zijlstra <peterz@...radead.org>, linux-kernel@...r.kernel.org, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [PATCH] Prevent crash on missing sysfs attribute group * Eric W. Biederman <ebiederm@...ssion.com> wrote: > > Huh, so put repeated, duplicated, inconsistently applied sanity > > checks into dozens of sysfs attribute using kernel subsystems? > > [...] > > No. I was not talking about every usage site. Note, I'm not arguing that this isn't a bug in the P4 PMU driver - it is clearly a bug and I've applied the fix for it. I'm arguing about the escallation vector that this bug takes - that is unnecessarily disruptive: You were talking about: > >> FIX perf to include sanity checks. and what the PMU drivers do here is not uncommon at all, and the bug (for which I applied the fix and will push to Linus ASAP) is not uncommon either: Bugs happen and indirections happen too. perf uses a generic PMU driver layer where the lower level layers register themselves. There's at least a dozen similar constructs in the kernel and you suggest that the right solution is to put checks in every one of them, while the nice patch from Bruno could catch it too, in one central place? If the PMU code used those attributes directly and could crash/misbehave then you'd have a point. But the first thing that makes real use of these objects is sysfs - so it's trivially useful to at minimum have a sanity check there... > [...] I was talking about the sites that are don't have a > direct call chain to the sysfs methods and instead do > something clever that makes backtraces worthless. > > In the normal case sysfs registration problems are simple to > trace back to their source because the backtrace points a > finger at the piece of code that when registering had a > problem. You mean the crash backtrace? I don't think we should spuriously crash the kernel on NULL pointer input to generic facilities, especially when a check is so simple and would catch so many similar patterns of bugs. That lack of a check escallated a simple missing (and unimportant) attribute into a "box won't boot at all" bug. *That* is not acceptable behavior and robustness from a generic facility, in my book. In that sense the crash behaves like a BUG_ON(). Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists