lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 30 Sep 2013 10:19:52 +0800
From:	chaiwen <chaiw.fnst@...fujitsu.com>
To:	vaughan <vaughan.cao@...cle.com>
CC:	Jeff Moyer <jmoyer@...hat.com>, axboe@...nel.dk,
	linux-kernel@...r.kernel.org, alexey.kodanev@...cle.com
Subject: Re: [PATCH v2] block: register_blkdev doesn't check name against
 NULL

On 09/29/2013 02:55 PM, vaughan wrote:
> On 09/23/2013 10:56 PM, Jeff Moyer wrote:
>> Vaughan Cao<vaughan.cao@...cle.com>  writes:
>>
>>> register_blkdev(0, NULL) can result kernel Oops by copying from NULL
>>> in strlcpy(). Fix it by checking NULL pointer at the beginning and
>>> WARN when encountered in unregister_blkdev.
>> Uhh, so yeah, this is an exported function, so I could see maybe wanting
>> to do the argument checking.  But honestly, if your driver can't even
>> get this right, is there any hope of it actually working?
>>
>> This seems like a pointless patch to me, but ultimately it's up to Jens.
>>
>> Cheers,
>> Jeff
>>
>> p.s. the kerneldoc tells you what to put there:
>>   * @name: the name of the new block device as a zero terminated string
> Thanks for your comment, Jeff. I have the same feeling as you, however,
> shouldn't kernel do its best to provide the maximum stable working ability?
> And it's test case 7 of block driver in ltp project -
> http://sourceforge.net/p/ltp/git/ci/master/tree/testcases/kernel/device-drivers/block/kernel_space/test_block.c.
> It seems their attitude is we should check this.
I checked most of the callers of this function in current code tree.
Indeed, mostly they pass a static string as a parameter.
As jeff has said if a driver wants to get things right, it should able to
give  right parameters.
But as an acknowledge of kernel code protocol, I have a query/question of
the similar situation. if a function is a public one and called rather 
commonly.
In what cases should we have a parameter checking in it?
I think if the parameter is a rather obvious one that  even a look at it 
in the caller telling OK or not.
These parameters may not  need checking.

thanks
chai wen
>
> Vaughan
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ