| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jul 2019 08:49:06 +0300
From: Vasily Averin <vvs@...tuozzo.com>
To: Xiaoming Ni <nixiaoming@...wei.com>, adobriyan@...il.com,
akpm@...ux-foundation.org, anna.schumaker@...app.com,
arjan@...ux.intel.com, bfields@...ldses.org,
chuck.lever@...cle.com, davem@...emloft.net,
gregkh@...uxfoundation.org, jlayton@...nel.org, luto@...nel.org,
mingo@...nel.org, Nadia.Derbey@...l.net,
paulmck@...ux.vnet.ibm.com, semen.protsenko@...aro.org,
stable@...nel.org, stern@...land.harvard.edu, tglx@...utronix.de,
torvalds@...ux-foundation.org, trond.myklebust@...merspace.com,
viresh.kumar@...aro.org
Cc: alex.huangjianhui@...wei.com, dylix.dailei@...wei.com,
linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH v3 0/3] kernel/notifier.c: avoid duplicate registration
On 7/10/19 6:09 AM, Xiaoming Ni wrote:
> Registering the same notifier to a hook repeatedly can cause the hook
> list to form a ring or lose other members of the list.
I think is not enough to _prevent_ 2nd register attempt,
it's enough to detect just attempt and generate warning to mark host in bad state.
Unexpected 2nd register of the same hook most likely will lead to 2nd unregister,
and it can lead to host crash in any time:
you can unregister notifier on first attempt it can be too early, it can be still in use.
on the other hand you can never call 2nd unregister at all.
Unfortunately I do not see any ways to handle such cases properly,
and it seems for me your patches does not resolve this problem.
Am I missed something probably?
> case1: An infinite loop in notifier_chain_register() can cause soft lockup
> atomic_notifier_chain_register(&test_notifier_list, &test1);
> atomic_notifier_chain_register(&test_notifier_list, &test1);
> atomic_notifier_chain_register(&test_notifier_list, &test2);
>
> case2: An infinite loop in notifier_chain_register() can cause soft lockup
> atomic_notifier_chain_register(&test_notifier_list, &test1);
> atomic_notifier_chain_register(&test_notifier_list, &test1);
> atomic_notifier_call_chain(&test_notifier_list, 0, NULL);
>
> case3: lose other hook test2
> atomic_notifier_chain_register(&test_notifier_list, &test1);
> atomic_notifier_chain_register(&test_notifier_list, &test2);
> atomic_notifier_chain_register(&test_notifier_list, &test1);
>
> case4: Unregister returns 0, but the hook is still in the linked list,
> and it is not really registered. If you call notifier_call_chain
> after ko is unloaded, it will trigger oops. if the system is
> configured with softlockup_panic and the same hook is repeatedly
> registered on the panic_notifier_list, it will cause a loop panic.
>
> so. need add a check in in notifier_chain_register() to avoid duplicate
> registration
>
> v1:
> * use notifier_chain_cond_register replace notifier_chain_register
>
> v2:
> * Add a check in notifier_chain_register() to avoid duplicate registration
> * remove notifier_chain_cond_register() to avoid duplicate code
> * remove blocking_notifier_chain_cond_register() to avoid duplicate code
>
> v3:
> * Add a cover letter.
>
> Xiaoming Ni (3):
> kernel/notifier.c: avoid duplicate registration
> kernel/notifier.c: remove notifier_chain_cond_register()
> kernel/notifier.c: remove blocking_notifier_chain_cond_register()
>
> include/linux/notifier.h | 4 ----
> kernel/notifier.c | 41 +++--------------------------------------
> net/sunrpc/rpc_pipe.c | 2 +-
> 3 files changed, 4 insertions(+), 43 deletions(-)
>
Powered by blists - more mailing lists