lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150106081253.GA22484@u-galfione>
Date:	Tue, 6 Jan 2015 09:12:53 +0100
From:	Dominique Martinet <dominique.martinet@....fr>
To:	Julia Lawall <julia.lawall@...6.fr>
CC:	SF Markus Elfring <elfring@...rs.sourceforge.net>,
	Latchesar Ionkov <lucho@...kov.net>,
	Eric Van Hensbergen <ericvh@...il.com>,
	<kernel-janitors@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Ron Minnich <rminnich@...dia.gov>,
	<v9fs-developer@...ts.sourceforge.net>,
	Dan Carpenter <dan.carpenter@...cle.com>
Subject: Re: [V9fs-developer] [PATCH 1/8] fs/9p: Deletion of unnecessary
 checks before the function call "p9_client_clunk"

Hi,

Julia Lawall wrote on Mon, Jan 05, 2015 at 11:01:55PM +0100:
> > The error response is clear. Are any software developments efforts expected
> > to clean-up the call stack for unwanted null pointers even more?
> 
> I found the original patch and looked at the call sites.  None of them 
> calls dump_stack.  The behavior is thus not the same.  With your change, 
> something that was previously treated in an orderly manner will be 
> converted to something that looks like an oops.  I assume that the cost of 
> the dump_stack will also be huge.

I definitely agree there, this will create unwanted dump_stack messages.

Simple example, without even looking at the multiple possible
interactions with multiple clients hammering the server, can be taken
from v9fs_create in fs/9p/vfs_inode.c
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/tree/fs/9p/vfs_inode.c?id=d8282ea05ad119247122de23db7d48ad6098cfa2#n652

jumping to label error from a failure in p9_client_fcreate (e.g. EPERM
or something perfectly valid) will, with your patch, call clunk with fid
== NULL and thus generate a stack trace, while it is a perfectly normal
code path that should only return to userspace with EPERM.


(admitedly, the linux vfs will do checks first to ensure that the
function is likely to succeed, but some servers can implement their own
security model on top)


Other patches in the set look good at first glance, but I'll need a bit
to find time to look through implications they may have.
-- 
Dominique Martinet,
CEA
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ