lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 29 Jul 2020 21:50:36 +0100
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Christoph Hellwig <hch@....de>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        Luis Chamberlain <mcgrof@...nel.org>,
        Matthew Wilcox <willy@...radead.org>,
        Kees Cook <keescook@...omium.org>,
        Iurii Zaikin <yzaikin@...gle.com>,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH 08/23] fs: don't change the address limit for
 ->write_iter in __kernel_write

On Tue, Jul 07, 2020 at 07:47:46PM +0200, Christoph Hellwig wrote:
> If we write to a file that implements ->write_iter there is no need
> to change the address limit if we send a kvec down.  Implement that
> case, and prefer it over using plain ->write with a changed address
> limit if available.

	You are flipping the priorities of ->write and ->write_iter
for kernel_write().  Now, there are 4 instances of file_operations
where we have both.  null_fops and zero_fops are fine either way -
->write() and ->write_iter() do the same thing there (and arguably
removing ->write might be the right thing; the only reason I hesistate
is that writing to /dev/null *is* critical for many things, including
the proper mail delivery ;-)

However, the other two (infinibarf and pcm) are different; there we
really have different semantics.  I don't believe anything writes into
either under KERNEL_DS, but having kernel_write() and vfs_write() with
subtly different semantics is asking for trouble down the road.

How about we remove ->write in null_fops/zero_fops and fail loudly if
*both* ->write() and ->write_iter() are present (in kernel_write(),
that is)?

There's a similar situation on the read side - there we have /dev/null
with both ->read() and ->read_iter() (and there "remove ->read" is
obviously the right thing to do) *and* we have pcm crap, with different
semantics for ->read() and ->read_iter().

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ