lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wgCMTUV=5aE-V8WjxuCME8LTBh-8k5XTPKz6oRXJ_sgTg@mail.gmail.com>
Date:   Tue, 28 Feb 2023 11:39:09 -0800
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Mateusz Guzik <mjguzik@...il.com>
Cc:     Casey Schaufler <casey@...aufler-ca.com>,
        Serge Hallyn <serge@...lyn.com>, viro@...iv.linux.org.uk,
        paul@...l-moore.com, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH v3 1/2] capability: add cap_isidentical

On Tue, Feb 28, 2023 at 6:47 AM Mateusz Guzik <mjguzik@...il.com> wrote:
>
> Personally I would only touch it as a result of losing a bet (and I'm
> not taking any with this in play), but that's just my $0.05 (adjusted
> for inflation).

Heh. I took that as a challenge.

It wasn't actually all that bad (famous last words). For type safety
reasons I decided to use a struct wrapper

   typedef struct { u64 val; } kernel_cap_t;

to avoid any nasty silent integer value conversions. But then it was
literally just a matter of cleaning up some of the insanity.

I think the fs/proc/array.c modification is an example of just how bad
things used to be:

    --- a/fs/proc/array.c
    +++ b/fs/proc/array.c
    @@ -300,13 +300,8 @@ static inline void task_sig(struct seq_file *m,
     static void render_cap_t(struct seq_file *m, const char *header,
                            kernel_cap_t *a)
     {
    -       unsigned __capi;
    -
            seq_puts(m, header);
    -       CAP_FOR_EACH_U32(__capi) {
    -               seq_put_hex_ll(m, NULL,
    -                          a->cap[CAP_LAST_U32 - __capi], 8);
    -       }
    +       seq_put_hex_ll(m, NULL, a->val, 16);
            seq_putc(m, '\n');
     }

note how the code literally did that odd

        CAP_LAST_U32 - __capi

in there just to get the natural "high word first" that is exactly
what you get if you just print out the value as a hex number.

Now, the actual user mode conversions still exist, but even those
often got simplified.

Have I actually *tested* this? Of course not. I'm lazy, and everything
I write obviously always works on the first try anyway, so why should
I?

So take this patch with a healthy dose of salt, but it looks sane to
me, and it does build cleanly (and with our type system, that actually
does say quite a lot).

This actually looks sane enough that I might even boot it. Call me crazy.

           Linus

View attachment "patch.diff" of type "text/x-patch" (23637 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ