From: Rusty Russell <rusty@rustcorp.com.au>
To: Jesper Juhl <jesper.juhl@gmail.com>
Cc: Ashutosh Naik <ashutosh.naik@gmail.com>,
anandhkrishnan@yahoo.co.in, linux-kernel@vger.kernel.org,
rth@redhat.com, akpm@osdl.org, Greg KH <greg@kroah.com>,
alan@lxorguk.ukuu.org.uk
Subject: Re: [RFC][PATCH] Prevent overriding of Symbols in the Kernel, avoiding Undefined behaviour
Date: Wed, 14 Dec 2005 13:03:35 +1100 [thread overview]
Message-ID: <1134525816.30383.13.camel@localhost.localdomain> (raw)
In-Reply-To: <9a8748490512130849o73c14313l166e6dd360f32d70@mail.gmail.com>
On Tue, 2005-12-13 at 17:49 +0100, Jesper Juhl wrote:
> On 12/13/05, Ashutosh Naik <ashutosh.naik@gmail.com> wrote:
> > On 12/13/05, Rusty Russell <rusty@rustcorp.com.au> wrote:
> > >
> > > How about something like:
> > >
> [snip imrovement suggestion]
> >
> > Have tried that in the attached patch. However, mod->syms[i].name
> > would be valid only after a long relocation for loop has run through.
> > While this adds a wee bit extra overhead, that overhead is only in the
> > case where the module does actually export a Duplicate Symbol.
> >
> > This its a question, whether we do the search before relocation ( A
> > little messier ) or after ( More straight forward)
Hi Ashutosh, Jasper,
Patch looks good! A few nits still:
> > +static int verify_export_symbols(struct module *mod)
> > +{
> > + const char *name=0;
>
> CodingStyle issue :
> const char *name = 0;
More importantly:
const char *name = NULL; /* GCC 4.0 warns */
(I assume that's why you have the useless initialization).
> > + spin_lock_irq(&modlist_lock);
> > + for (i = 0; i < mod->num_syms; i++)
> > + if (unlikely(__find_symbol(mod->syms[i].name, &owner, &crc,1))) {
>
> CodingStyle issue :
> if (unlikely(__find_symbol(mod->syms[i].name, &owner, &crc, 1))) {
I would discard the unlikely() here; it's a completely wasted
micro-optimization in this context
> > + if (ret)
> > + printk("%s: exports duplicate symbol %s (owned by %s)\n",
>
> I still think this should be printk(KERN_ERROR ...) and not just a
> warning, since the loading of the module will fail completely. Others
> may disagree ofcourse, but that's my oppinion.
I agree, KERN_ERR is appropriate here.
> I still worry a bit about the spinlock hold time, especially since you
> are doing two linear searches through what could potentially be a
> *lot* of symbols.. It may not be a problem (do you have any time
> measurements?), but it still seems to me that using a lock type that
> allows you to sleep + a call to schedule() would be a good thing for
> those loops.
We already do this to resolve (more) symbols, so I don't see it as a
problem. However, I believe that lock is redundant here: we need both
locks to write the list, but either is sufficient for reading, and we
already hold the sem.
Cheers,
Rusty.
--
ccontrol: http://ozlabs.org/~rusty/ccontrol
next prev parent reply other threads:[~2005-12-14 2:03 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-12 12:39 [RFC][PATCH] Prevent overriding of Symbols in the Kernel, avoiding Undefined behaviour Ashutosh Naik
2005-12-12 12:44 ` Ashutosh Naik
2005-12-12 22:25 ` Jesper Juhl
2005-12-13 8:23 ` Anand H. Krishnan
2005-12-12 19:13 ` Andrew Morton
2005-12-12 19:27 ` Richard Henderson
2005-12-12 20:20 ` Greg KH
2005-12-12 20:30 ` Jesper Juhl
2005-12-12 22:48 ` Alan Cox
2005-12-13 8:03 ` Arjan van de Ven
2005-12-13 14:32 ` Ashutosh Naik
2005-12-12 22:01 ` Rusty Russell
2005-12-13 14:26 ` Ashutosh Naik
2005-12-13 15:28 ` Ashutosh Naik
2005-12-13 16:49 ` [RFC][PATCH] " Jesper Juhl
2005-12-14 2:03 ` Rusty Russell [this message]
2005-12-14 4:10 ` Ashutosh Naik
2005-12-14 5:02 ` Ashutosh Naik
2005-12-15 4:40 ` Andrew Morton
2005-12-15 5:15 ` Rusty Russell
2005-12-15 5:45 ` Ashutosh Naik
2005-12-14 5:46 ` Ashutosh Naik
2005-12-14 23:02 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1134525816.30383.13.camel@localhost.localdomain \
--to=rusty@rustcorp.com.au \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=anandhkrishnan@yahoo.co.in \
--cc=ashutosh.naik@gmail.com \
--cc=greg@kroah.com \
--cc=jesper.juhl@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.