lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f628ff03-eb47-62f3-465b-fe4ed046b30c@virtuozzo.com>
Date:   Wed, 10 Jul 2019 08:49:06 +0300
From:   Vasily Averin <vvs@...tuozzo.com>
To:     Xiaoming Ni <nixiaoming@...wei.com>, adobriyan@...il.com,
        akpm@...ux-foundation.org, anna.schumaker@...app.com,
        arjan@...ux.intel.com, bfields@...ldses.org,
        chuck.lever@...cle.com, davem@...emloft.net,
        gregkh@...uxfoundation.org, jlayton@...nel.org, luto@...nel.org,
        mingo@...nel.org, Nadia.Derbey@...l.net,
        paulmck@...ux.vnet.ibm.com, semen.protsenko@...aro.org,
        stable@...nel.org, stern@...land.harvard.edu, tglx@...utronix.de,
        torvalds@...ux-foundation.org, trond.myklebust@...merspace.com,
        viresh.kumar@...aro.org
Cc:     alex.huangjianhui@...wei.com, dylix.dailei@...wei.com,
        linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH v3 0/3] kernel/notifier.c: avoid duplicate registration

On 7/10/19 6:09 AM, Xiaoming Ni wrote:
> Registering the same notifier to a hook repeatedly can cause the hook
> list to form a ring or lose other members of the list.

I think is not enough to _prevent_ 2nd register attempt,
it's enough to detect just attempt and generate warning to mark host in bad state.

Unexpected 2nd register of the same hook most likely will lead to 2nd unregister,
and it can lead to host crash in any time: 
you can unregister notifier on first attempt it can be too early, it can be still in use.
on the other hand you can never call 2nd unregister at all.

Unfortunately I do not see any ways to handle such cases properly,
and it seems for me your patches does not resolve this problem.

Am I missed something probably?
 
> case1: An infinite loop in notifier_chain_register() can cause soft lockup
>         atomic_notifier_chain_register(&test_notifier_list, &test1);
>         atomic_notifier_chain_register(&test_notifier_list, &test1);
>         atomic_notifier_chain_register(&test_notifier_list, &test2);
> 
> case2: An infinite loop in notifier_chain_register() can cause soft lockup
>         atomic_notifier_chain_register(&test_notifier_list, &test1);
>         atomic_notifier_chain_register(&test_notifier_list, &test1);
>         atomic_notifier_call_chain(&test_notifier_list, 0, NULL);
> 
> case3: lose other hook test2
>         atomic_notifier_chain_register(&test_notifier_list, &test1);
>         atomic_notifier_chain_register(&test_notifier_list, &test2);
>         atomic_notifier_chain_register(&test_notifier_list, &test1);
> 
> case4: Unregister returns 0, but the hook is still in the linked list,
>         and it is not really registered. If you call notifier_call_chain
>         after ko is unloaded, it will trigger oops. if the system is
>        	configured with softlockup_panic and the same hook is repeatedly
>        	registered on the panic_notifier_list, it will cause a loop panic.
> 
> so. need add a check in in notifier_chain_register() to avoid duplicate
> registration
> 
> v1:
> * use notifier_chain_cond_register replace notifier_chain_register
> 
> v2:
> * Add a check in notifier_chain_register() to avoid duplicate registration
> * remove notifier_chain_cond_register() to avoid duplicate code 
> * remove blocking_notifier_chain_cond_register() to avoid duplicate code
> 
> v3:
> * Add a cover letter.
> 
> Xiaoming Ni (3):
>   kernel/notifier.c: avoid duplicate registration
>   kernel/notifier.c: remove notifier_chain_cond_register()
>   kernel/notifier.c: remove blocking_notifier_chain_cond_register()
> 
>  include/linux/notifier.h |  4 ----
>  kernel/notifier.c        | 41 +++--------------------------------------
>  net/sunrpc/rpc_pipe.c    |  2 +-
>  3 files changed, 4 insertions(+), 43 deletions(-)
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ