lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 12 Jul 2019 16:07:29 +0200
From:   "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
To:     Xiaoming Ni <nixiaoming@...wei.com>
Cc:     Vasily Averin <vvs@...tuozzo.com>,
        "adobriyan@...il.com" <adobriyan@...il.com>,
        "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
        "anna.schumaker@...app.com" <anna.schumaker@...app.com>,
        "arjan@...ux.intel.com" <arjan@...ux.intel.com>,
        "bfields@...ldses.org" <bfields@...ldses.org>,
        "chuck.lever@...cle.com" <chuck.lever@...cle.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "jlayton@...nel.org" <jlayton@...nel.org>,
        "luto@...nel.org" <luto@...nel.org>,
        "mingo@...nel.org" <mingo@...nel.org>,
        "Nadia.Derbey@...l.net" <Nadia.Derbey@...l.net>,
        "paulmck@...ux.vnet.ibm.com" <paulmck@...ux.vnet.ibm.com>,
        "semen.protsenko@...aro.org" <semen.protsenko@...aro.org>,
        "stable@...nel.org" <stable@...nel.org>,
        "stern@...land.harvard.edu" <stern@...land.harvard.edu>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
        "trond.myklebust@...merspace.com" <trond.myklebust@...merspace.com>,
        "viresh.kumar@...aro.org" <viresh.kumar@...aro.org>,
        "Huangjianhui (Alex)" <alex.huangjianhui@...wei.com>,
        Dailei <dylix.dailei@...wei.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH v3 0/3] kernel/notifier.c: avoid duplicate registration

On Fri, Jul 12, 2019 at 09:11:57PM +0800, Xiaoming Ni wrote:
> On 2019/7/11 21:57, Vasily Averin wrote:
> > On 7/11/19 4:55 AM, Nixiaoming wrote:
> >> On Wed, July 10, 2019 1:49 PM Vasily Averin wrote:
> >>> On 7/10/19 6:09 AM, Xiaoming Ni wrote:
> >>>> Registering the same notifier to a hook repeatedly can cause the hook
> >>>> list to form a ring or lose other members of the list.
> >>>
> >>> I think is not enough to _prevent_ 2nd register attempt,
> >>> it's enough to detect just attempt and generate warning to mark host in bad state.
> >>>
> >>
> >> Duplicate registration is prevented in my patch, not just "mark host in bad state"
> >>
> >> Duplicate registration is checked and exited in notifier_chain_cond_register()
> >>
> >> Duplicate registration was checked in notifier_chain_register() but only 
> >> the alarm was triggered without exiting. added by commit 831246570d34692e 
> >> ("kernel/notifier.c: double register detection")
> >>
> >> My patch is like a combination of 831246570d34692e and notifier_chain_cond_register(),
> >>  which triggers an alarm and exits when a duplicate registration is detected.
> >>
> >>> Unexpected 2nd register of the same hook most likely will lead to 2nd unregister,
> >>> and it can lead to host crash in any time: 
> >>> you can unregister notifier on first attempt it can be too early, it can be still in use.
> >>> on the other hand you can never call 2nd unregister at all.
> >>
> >> Since the member was not added to the linked list at the time of the second registration, 
> >> no linked list ring was formed. 
> >> The member is released on the first unregistration and -ENOENT on the second unregistration.
> >> After patching, the fault has been alleviated
> > 
> > You are wrong here.
> > 2nd notifier's registration is a pure bug, this should never happen.
> > If you know the way to reproduce this situation -- you need to fix it. 
> > 
> > 2nd registration can happen in 2 cases:
> > 1) missed rollback, when someone forget to call unregister after successfull registration, 
> > and then tried to call register again. It can lead to crash for example when according module will be unloaded.
> > 2) some subsystem is registered twice, for example from  different namespaces.
> > in this case unregister called during sybsystem cleanup in first namespace will incorrectly remove notifier used 
> > in second namespace, it also can lead to unexpacted behaviour.
> > 
> So in these two cases, is it more reasonable to trigger BUG() directly when checking for duplicate registration ?
> But why does current notifier_chain_register() just trigger WARN() without exiting ?
> notifier_chain_cond_register() direct exit without triggering WARN() ?

It should recover from this, if it can be detected.  The main point is
that not all apis have to be this "robust" when used within the kernel
as we do allow for the callers to know what they are doing :)

If this does not cause any additional problems or slow downs, it's
probably fine to add.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ