From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: Liran Liss <liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: "Hefty,
Sean" <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"linux-rdma
(linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org)"
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [RFC] rdma/uverbs: Sketch for an ioctl framework
Date: Thu, 26 May 2016 12:43:48 -0600 [thread overview]
Message-ID: <20160526184348.GA22174@obsidianresearch.com> (raw)
In-Reply-To: <HE1PR05MB1418B4396F696F763D67A893B1410-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
On Thu, May 26, 2016 at 06:07:02PM +0000, Liran Liss wrote:
> However, I think that processing object locking before validation is not secure.
> A malicious user could easily cause a deadlock due to ordering.
Hum, interesting point. I wonder if we already have bugs there today?
I'd say that is actually more likely to happen if it is open
coded. Nested object locking like that requires consistent ordering to
avoid deadlock..
It would be easier for the core code to enforce consistent nested lock
acquire ordering than to try and do that scattered across all the
code. You are right, the core code cannot just iterate over the
provided object list and grab the locks.
One very simple option is for the core to enforce a sort order on the
object list as it grabs the locks and fail&unwind for unordered lists.
Parameter validation doesn't really factor into this problem....
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-05-26 18:43 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-24 6:25 [RFC] rdma/uverbs: Sketch for an ioctl framework Hefty, Sean
[not found] ` <1828884A29C6694DAF28B7E6B8A82373AB04FB7F-P5GAC/sN6hkd3b2yrw5b5LfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2016-05-24 16:02 ` Liran Liss
[not found] ` <HE1PR05MB141819B27F9AAA360DCB420FB14F0-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-05-24 17:57 ` Doug Ledford
[not found] ` <11b6d9c1-0b20-f929-c896-ca084fe18192-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-05-24 21:41 ` Jason Gunthorpe
[not found] ` <20160524214137.GA6760-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-05-24 22:38 ` Hefty, Sean
[not found] ` <1828884A29C6694DAF28B7E6B8A82373AB0502ED-P5GAC/sN6hkd3b2yrw5b5LfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2016-05-24 23:13 ` Jason Gunthorpe
[not found] ` <20160524231359.GA10664-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-05-25 14:59 ` Hefty, Sean
[not found] ` <1828884A29C6694DAF28B7E6B8A82373AB050592-P5GAC/sN6hkd3b2yrw5b5LfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2016-05-25 17:06 ` Jason Gunthorpe
2016-05-25 14:44 ` Liran Liss
2016-05-25 18:06 ` Doug Ledford
[not found] ` <5745E9AE.6020700-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-05-25 19:00 ` Jason Gunthorpe
[not found] ` <20160525190039.GA5525-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-05-25 19:31 ` Doug Ledford
2016-05-25 19:59 ` Hefty, Sean
[not found] ` <1828884A29C6694DAF28B7E6B8A82373AB050907-P5GAC/sN6hkd3b2yrw5b5LfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2016-05-25 20:51 ` Jason Gunthorpe
[not found] ` <20160525205156.GB5525-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-05-25 21:46 ` Hefty, Sean
[not found] ` <1828884A29C6694DAF28B7E6B8A82373AB050A07-P5GAC/sN6hkd3b2yrw5b5LfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2016-05-25 22:13 ` Jason Gunthorpe
[not found] ` <20160525221340.GB6207-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-05-25 22:24 ` Hefty, Sean
2016-05-25 22:47 ` Steve Wise
2016-05-26 18:07 ` Liran Liss
[not found] ` <HE1PR05MB1418B4396F696F763D67A893B1410-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-05-26 18:43 ` Jason Gunthorpe [this message]
[not found] ` <20160526184348.GA22174-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-05-27 0:22 ` Hefty, Sean
[not found] ` <1828884A29C6694DAF28B7E6B8A82373AB05BBED-P5GAC/sN6hkd3b2yrw5b5LfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2016-05-27 16:50 ` Jason Gunthorpe
[not found] ` <20160527165023.GA2449-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-05-27 17:24 ` Hefty, Sean
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160526184348.GA22174@obsidianresearch.com \
--to=jgunthorpe-epgobjl8dl3ta4ec/59zmfatqe2ktcn/@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox