lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 27 Mar 2021 22:24:45 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     mingo@...nel.org, mgorman@...e.de, juri.lelli@...hat.com,
        vincent.guittot@...aro.org, dietmar.eggemann@....com,
        rostedt@...dmis.org, bsegall@...gle.com, bristot@...hat.com,
        joshdon@...gle.com, valentin.schneider@....com,
        linux-kernel@...r.kernel.org, greg@...ah.com
Subject: Re: [PATCH 6/9] debugfs: Implement debugfs_create_str()

On Fri, Mar 26, 2021 at 11:33:58AM +0100, Peter Zijlstra wrote:

> +again:
> +	rcu_read_lock();
> +	str = rcu_dereference(*(char **)file->private_data);
> +	len = strlen(str) + 1;
> +
> +	if (!copy || copy_len < len) {
> +		rcu_read_unlock();
> +		kfree(copy);
> +		copy = kmalloc(len + 1, GFP_KERNEL);
> +		if (!copy) {
> +			debugfs_file_put(dentry);
> +			return -ENOMEM;
> +		}
> +		copy_len = len;
> +		goto again;
> +	}
> +
> +	strncpy(copy, str, len);
> +	copy[len] = '\n';
> +	copy[len+1] = '\0';
> +	rcu_read_unlock();

*Ow*

	If the string can't change under you, what is RCU use about?
And if it can, any use of string functions is asking for serious
trouble; they are *not* guaranteed to be safe when any of the strings
involved might be modified under them.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ