lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 13 Sep 2021 06:46:09 -1000
From:   Tejun Heo <tj@...nel.org>
To:     Christoph Hellwig <hch@....de>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Jens Axboe <axboe@...nel.dk>, linux-block@...r.kernel.org,
        linux-xfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: start switching sysfs attributes to expose the seq_file

On Mon, Sep 13, 2021 at 07:41:08AM +0200, Christoph Hellwig wrote:
> Hi all,
> 
> Al pointed out multiple times that seq_get_buf is highly dangerous as
> it opens up the tight seq_file abstractions to buffer overflows.  The
> last such caller now is sysfs.
> 
> This series allows attributes to implement a seq_show method and switch
> the block and XFS code as users that I'm most familiar with to use
> seq_files directly after a few preparatory cleanups.  With this series
> "leaf" users of sysfs_ops can be converted one at at a time, after that
> we can move the seq_get_buf into the multiplexers (e.g. kobj, device,
> class attributes) and remove the show method in sysfs_ops and repeat the
> process until all attributes are converted.  This will probably take a
> fair amount of time.

The whole series looks good to me. With Greg's sysfs_emit argument aside on
which I don't have any opinion,

Acked-by: Tejun Heo <tj@...nel.org>

Thanks.

-- 
tejun

Powered by blists - more mailing lists