lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240924065653.GQ38742@google.com>
Date: Tue, 24 Sep 2024 15:56:53 +0900
From: Sergey Senozhatsky <senozhatsky@...omium.org>
To: Christoph Hellwig <hch@...radead.org>
Cc: Sergey Senozhatsky <senozhatsky@...omium.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Christophe JAILLET <christophe.jaillet@...adoo.fr>,
	Andrey Skvortsov <andrej.skvortzov@...il.com>, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCHv2] mm: do not export const kfree and kstrdup variants

On (24/09/23 23:43), Christoph Hellwig wrote:
> On Tue, Sep 24, 2024 at 02:08:37PM +0900, Sergey Senozhatsky wrote:
> > Both kfree_const() and kstrdup_const() use __start_rodata
> > and __end_rodata, which do not work for modules.  This is
> > especially important for kfree_const().  Stop exporting
> > these functions, as they cannot be used in the modules.
> 
> Well, they do work when called from modules, they just don't work
> on constant data that is in modules.   There's also plenty of
> existing callers in modules.
> 
> So just unexporting them is going to break.   The API is kinda
> horrible, but an implementation to check for constants in modules
> would also be quite horrible.  So I don't have a good answer here,
> but simply unexporting them is not going to cut it.

Totally agree with all the points, I haven't looked at how
popular that API was before sending out the patch.  Is there
some sort of "built time const" but for strings that we, perhaps,
can add to kfree_const() (and make kfree_const() always inline)?
So that we can turn this

	str = "boom";
	...
	kfree_const(str);

into a safe scenario for modules.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ