linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ingo Molnar <mingo@kernel.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: "Bruno Prémont" <bonbons@linux-vserver.org>,
	"Greg KH" <gregkh@linuxfoundation.org>,
	"Peter Zijlstra" <peterz@infradead.org>,
	linux-kernel@vger.kernel.org,
	"Linus Torvalds" <torvalds@linux-foundation.org>
Subject: Re: [PATCH] Prevent crash on missing sysfs attribute group
Date: Tue, 3 Apr 2012 10:04:11 +0200	[thread overview]
Message-ID: <20120403080410.GF26826@gmail.com> (raw)
In-Reply-To: <m1r4w5dzjq.fsf@fess.ebiederm.org>


* Eric W. Biederman <ebiederm@xmission.com> wrote:

> > Huh, so put repeated, duplicated, inconsistently applied sanity 
> > checks into dozens of sysfs attribute using kernel subsystems?
>
> [...]
>
> No.  I was not talking about every usage site.

Note, I'm not arguing that this isn't a bug in the P4 PMU driver 
- it is clearly a bug and I've applied the fix for it. I'm 
arguing about the escallation vector that this bug takes - that 
is unnecessarily disruptive:

You were talking about:

> >> FIX perf to include sanity checks.

and what the PMU drivers do here is not uncommon at all, and the 
bug (for which I applied the fix and will push to Linus ASAP) is 
not uncommon either:

Bugs happen and indirections happen too. perf uses a generic PMU 
driver layer where the lower level layers register themselves. 
There's at least a dozen similar constructs in the kernel and 
you suggest that the right solution is to put checks in every 
one of them, while the nice patch from Bruno could catch it too, 
in one central place?

If the PMU code used those attributes directly and could 
crash/misbehave then you'd have a point. But the first thing 
that makes real use of these objects is sysfs - so it's 
trivially useful to at minimum have a sanity check there...

> [...]  I was talking about the sites that are don't have a 
> direct call chain to the sysfs methods and instead do 
> something clever that makes backtraces worthless.
> 
> In the normal case sysfs registration problems are simple to 
> trace back to their source because the backtrace points a 
> finger at the piece of code that when registering had a 
> problem.

You mean the crash backtrace?

I don't think we should spuriously crash the kernel on NULL 
pointer input to generic facilities, especially when a check is 
so simple and would catch so many similar patterns of bugs.

That lack of a check escallated a simple missing (and 
unimportant) attribute into a "box won't boot at all" bug. 
*That* is not acceptable behavior and robustness from a generic 
facility, in my book.

In that sense the crash behaves like a BUG_ON().

Thanks,

	Ingo

  reply	other threads:[~2012-04-03  8:04 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-02 14:27 [3.4-rc1 crash]: NULL pointer deref in fs/sysfs/group.c:create_files -- sysctl related? Bruno Prémont
2012-04-02 14:50 ` Bruno Prémont
2012-04-02 19:01   ` Eric W. Biederman
2012-04-02 19:34     ` Bruno Prémont
2012-04-02 20:04       ` David Ahern
2012-04-03  8:30         ` Jiri Olsa
2012-04-02 21:24       ` Peter Zijlstra
2012-04-02 21:46         ` Peter Zijlstra
2012-04-03  5:38           ` Bruno Prémont
2012-04-03  6:02           ` Ingo Molnar
2012-04-03  6:17             ` [PATCH] Prevent crash on missing sysfs attribute group Bruno Prémont
2012-04-03  6:31               ` Ingo Molnar
2012-04-03  7:11               ` Eric W. Biederman
2012-04-03  7:15                 ` Ingo Molnar
2012-04-03  7:41                   ` [PATCH v2] Prevent crash on unset sysfs group attributes Bruno Prémont
2012-04-03  7:51                     ` Eric W. Biederman
2012-04-03  7:53                     ` Ingo Molnar
2012-04-03  7:59                     ` [PATCH v2a] sysfs: " Bruno Prémont
2012-04-03  8:06                       ` Ingo Molnar
2012-04-03  7:50                   ` [PATCH] Prevent crash on missing sysfs attribute group Eric W. Biederman
2012-04-03  8:04                     ` Ingo Molnar [this message]
2012-04-03  8:52                       ` Eric W. Biederman
2012-04-03 10:16                         ` Ingo Molnar
2012-04-03 10:46                           ` Eric W. Biederman
2012-04-03 22:34                             ` Ingo Molnar
2012-04-03 14:27                     ` Peter Zijlstra
2012-04-03 23:22                       ` Eric W. Biederman
2012-04-03 23:26                         ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120403080410.GF26826@gmail.com \
    --to=mingo@kernel.org \
    --cc=bonbons@linux-vserver.org \
    --cc=ebiederm@xmission.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=peterz@infradead.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).