| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YzU2u+hEmx0kZhb5@unreal>
Date: Thu, 29 Sep 2022 09:10:03 +0300
From: Leon Romanovsky <leon@...nel.org>
To: asmadeus@...ewreck.org
Cc: Christian Schoenebeck <linux_oss@...debyte.com>,
syzbot <syzbot+67d13108d855f451cafc@...kaller.appspotmail.com>,
davem@...emloft.net, edumazet@...gle.com, ericvh@...il.com,
kuba@...nel.org, linux-kernel@...r.kernel.org, lucho@...kov.net,
netdev@...r.kernel.org, pabeni@...hat.com,
syzkaller-bugs@...glegroups.com,
v9fs-developer@...ts.sourceforge.net
Subject: Re: [syzbot] KASAN: use-after-free Read in rdma_close
On Thu, Sep 29, 2022 at 06:52:56AM +0900, asmadeus@...ewreck.org wrote:
<...>
> > From technical perspective, yes, destruction in reverse order is usually the
> > better way to go. Whether I would carve that in stone, without any exception,
> > probably not.
>
> I think it's a tradeoff really.
> Unrolling in place is great, don't get me wrong, but it's also easy to
> miss things when adding code later on -- we actually just did that and
> got another kasan report which made me factor things in to future-proof
> the code.
>
> Having a single place of truth that knows how to "untangle" and properly
> free a struct, making sure it is noop for parts of the struct that
> haven't been initialized yet, is less of a burden for me to think about.
It is not bikeshedding or tradeoff, but matter of well-proven coding
patterns, which are very helpful for review and code maintaining.
Thanks
Powered by blists - more mailing lists