| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Jan 2015 09:12:53 +0100 From: Dominique Martinet <dominique.martinet@....fr> To: Julia Lawall <julia.lawall@...6.fr> CC: SF Markus Elfring <elfring@...rs.sourceforge.net>, Latchesar Ionkov <lucho@...kov.net>, Eric Van Hensbergen <ericvh@...il.com>, <kernel-janitors@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Ron Minnich <rminnich@...dia.gov>, <v9fs-developer@...ts.sourceforge.net>, Dan Carpenter <dan.carpenter@...cle.com> Subject: Re: [V9fs-developer] [PATCH 1/8] fs/9p: Deletion of unnecessary checks before the function call "p9_client_clunk" Hi, Julia Lawall wrote on Mon, Jan 05, 2015 at 11:01:55PM +0100: > > The error response is clear. Are any software developments efforts expected > > to clean-up the call stack for unwanted null pointers even more? > > I found the original patch and looked at the call sites. None of them > calls dump_stack. The behavior is thus not the same. With your change, > something that was previously treated in an orderly manner will be > converted to something that looks like an oops. I assume that the cost of > the dump_stack will also be huge. I definitely agree there, this will create unwanted dump_stack messages. Simple example, without even looking at the multiple possible interactions with multiple clients hammering the server, can be taken from v9fs_create in fs/9p/vfs_inode.c https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/tree/fs/9p/vfs_inode.c?id=d8282ea05ad119247122de23db7d48ad6098cfa2#n652 jumping to label error from a failure in p9_client_fcreate (e.g. EPERM or something perfectly valid) will, with your patch, call clunk with fid == NULL and thus generate a stack trace, while it is a perfectly normal code path that should only return to userspace with EPERM. (admitedly, the linux vfs will do checks first to ensure that the function is likely to succeed, but some servers can implement their own security model on top) Other patches in the set look good at first glance, but I'll need a bit to find time to look through implications they may have. -- Dominique Martinet, CEA -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists