lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Oct 2023 10:53:41 +0300
From: Leon Romanovsky <>
To: Ilias Apalodimas <>
Cc: Jakub Kicinski <>,
	Sven Auhagen <>,,,,,,
Subject: Re: [PATCH v2 1/2] net: page_pool: check page pool ethtool stats

On Wed, Oct 25, 2023 at 08:59:44AM +0300, Ilias Apalodimas wrote:
> Hi Jakub,
> On Mon, Oct 02, 2023 at 12:46:50PM -0700, Jakub Kicinski wrote:
> > On Sun, 1 Oct 2023 13:41:15 +0200 Sven Auhagen wrote:
> > > If the page_pool variable is null while passing it to
> > > the page_pool_get_stats function we receive a kernel error.
> > >
> > > Check if the page_pool variable is at least valid.
> >
> > IMHO this seems insufficient, the driver still has to check if PP
> > was instantiated when the strings are queried. My weak preference
> > would be to stick to v1 and have the driver check all the conditions.
> > But if nobody else feels this way, it's fine :)
> I don't disagree, but OTOH it would be sane for the API not to crash if
> something invalid is passed. 

In-kernel API assumes that in-kernel callers know how to use it.

> Maybe the best approach would be to keep the
> driver checks, which are saner, but add the page pool code as well with a
> printable error indicating a driver bug?

It is no different from adding extra checks to prevent drivers from random calls
with random parameters to well defined API.


> Thanks
> /Ilias

Powered by blists - more mailing lists