lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 12 Feb 2021 16:02:14 +0000
From:   Min Li <min.li.xe@...esas.com>
To:     Greg KH <gregkh@...uxfoundation.org>
CC:     "derek.kiernan@...inx.com" <derek.kiernan@...inx.com>,
        "dragan.cvetic@...inx.com" <dragan.cvetic@...inx.com>,
        "arnd@...db.de" <arnd@...db.de>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH net-next v2] misc: Add Renesas Synchronization Management
 Unit (SMU) support

> 
> xilinx_sdfec.c has:
> 
> 	static int xsdfec_dev_open(struct inode *iptr, struct file *fptr)
> 	{
> 	        return 0;
> 	}
> 
> Which isn't even needed at all, but it is NOT trying to keep people from
> calling open multiple times.
> 
> As for why the above logic does not work in your driver, think of what
> happens if someone opens the character device node, and then calls
> dup(2) on it and passes that file descriptor off to another program.  Or just
> calls it multiple times from different threads in the same program.
> The kernel does not know what is happening here, and so, "do not allow to
> be opened multiple times" does not do anything to keep userspace from
> actually writing to the device node from multiple processes or threads.
> 
> So don't even try, it's not worth it.
> 
> > I mean if an application failed at opening the device, how can it
> > proceed to talk the device without a file descriptor?
> 
> See above for how to do this.
> 
> thanks,
> 
> greg k-h

Hi Greg

Thanks for your insight for this. Now I can see this change doesn't prevent deliberate hacker from opening the driver multiple times.

What I had in mind is that it does prevent some unintentional mistake like some one accidentally opens the application twice. The second
one would fail due to the change here.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ