From: Oleg Nesterov <oleg@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: Chris Salls <chrissalls5@gmail.com>,
Andy Lutomirski <luto@amacapital.net>,
Will Drewry <wad@chromium.org>,
"security@kernel.org" <security@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Tycho Andersen <tycho@docker.com>
Subject: Re: [PATCH] seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
Date: Thu, 21 Sep 2017 13:31:50 +0200 [thread overview]
Message-ID: <20170921113150.GA1416@redhat.com> (raw)
In-Reply-To: <CAGXu5jKb8YnyQtKe7HJY6XiC+GC2c5r3R9K=mTC7rON+OXnrSw@mail.gmail.com>
On 09/20, Kees Cook wrote:
>
> I like doing these sanity checks -- this isn't fast-path at all.
Yes, but see another "introduce get_nth_filter()" cleanup I sent, it is
similar but more suitable for Tycho's "retrieving seccomp flags" patch.
> > + for (filter = orig; count > 1; filter = filter->prev)
^^^^^^^^^
I just noticed that I forgot to replace this check with "count != 1".
Correctness wise this doesn't matter, but looks more clean.
> > count--;
> > - }
> > -
> > - if (WARN_ON(count != 1 || !filter)) {
> > - /* The filter tree shouldn't shrink while we're using it. */
> > - ret = -ENOENT;
> > - goto out;
> > - }
>
> Similarly, there's no reason to remove this check either.
Well, I disagree, but this is subjective so I won't insist.
Why do we want this WARN_ON() ? The sanity check can only fail if we have
a bug in 10 lines above. Lets look at the code after this cleanup,
count = 0;
for (filter = orig; filter; filter = filter->prev)
count++;
if (filter_off >= count)
goto out;
count -= filter_off;
for (filter = orig; count != 1; filter = filter->prev)
count--;
Do we want to check "count == 1" after the 2nd loop? I don't think so.
filter != NULL ? IMO makes no sense. Again, it can only be NULL if the
quoted code above is wrong, and in this case the next line
refcount_inc(&filter->usage);
will crash.
Oleg.
next prev parent reply other threads:[~2017-09-21 11:31 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAN-hQdds6zkYaGRJTrS5KOorvopoYnP4vBEfoKntS_8y4884Aw@mail.gmail.com>
2017-09-20 12:56 ` [PATCH] seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() Oleg Nesterov
2017-09-20 13:04 ` Oleg Nesterov
2017-09-20 13:37 ` Tycho Andersen
2017-09-20 15:59 ` introduce get_nth_filter() Oleg Nesterov
2017-09-20 16:14 ` Oleg Nesterov
2017-09-20 18:40 ` [PATCH] seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() Kees Cook
2017-09-21 11:31 ` Oleg Nesterov [this message]
2017-09-20 13:26 ` Tycho Andersen
2017-09-20 18:36 ` Kees Cook
2017-09-21 10:57 ` Oleg Nesterov
2017-09-21 19:51 ` Kees Cook
2017-09-22 15:22 ` Oleg Nesterov
2017-09-22 15:25 ` Tycho Andersen
2017-09-26 20:15 ` Tycho Andersen
2017-09-27 6:07 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170921113150.GA1416@redhat.com \
--to=oleg@redhat.com \
--cc=chrissalls5@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=security@kernel.org \
--cc=tycho@docker.com \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.