Re: [PATCH] kernel/groups.c: consider about NULL for 'group_info' in all related extern functions

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Chen Gang <gang.chen@asianux.com>
To: Tejun Heo <tj@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Michael Kerrisk <mtk.manpages@gmail.com>
Subject: Re: [PATCH] kernel/groups.c: consider about NULL for 'group_info' in all related extern functions
Date: Tue, 24 Sep 2013 12:27:36 +0800	[thread overview]
Message-ID: <524114B8.3070903@asianux.com> (raw)
In-Reply-To: <20130924040601.GA31575@mtj.dyndns.org>

On 09/24/2013 12:06 PM, Tejun Heo wrote:
> Hello,
> 
> On Tue, Sep 24, 2013 at 11:42:56AM +0800, Chen Gang wrote:
>> Hmm... can user be permitted to call other system call (e.g. getgroups)
>> before call groups_alloc()? (may the user space already give check, but
>> for our kernel, we can not only depend on their checking).
> 
> I don't think so.
> 
>> According to group_alloc() and setgroups() usage in kernel source code,
>> 'group_info' may be not set if kernel/process is running (although user
>> space may be sure "if kernel is running, 'group_info' must be set").
>>
>> The below is the proof for "kernel itself can not be sure 'group_info'
>> must be set during kernel/process is running", please check, thanks.
> ..
>> The related conclusion:
>>
>>   during kernel startup or process creation, kernel does not intend to set 'group_info'.
> 
> No, this is not a proof or any meaningful conclusion.  This is just
> some random suspicions combined with supposedly related grep output.
> 

For real world, /sbin/init will call setgroups, so user space 'help'
kernel itself to protect this issue, but I think, we don't only depend
on the user space help checking.

The proof is below:

  [root@gchenlinux tmp]# grep setgroups /sbin/*
  Binary file /sbin/init matches
  Binary file /sbin/rpc.statd matches
  Binary file /sbin/rsyslogd matches
  Binary file /sbin/runuser matches

>From reading kernel source code, kernel itself does not intend to set
'group_info', it is triggered by user space or another kernel mode
sub-systems.


>> In extern function groups_search (which also called by export function
>> in_group_p and in_egroup_p), it checks "if 'cred->group_info' is NULL".
>>
>> So "kernel/groups.c" have 9 extern/export/system-call functions, and
>> 4/9 notice about "if 'cred->group_info' is NULL" (e.g. groups_alloc,
>> groups_search, in_group_p, in_egroup_p).
>>
>> So for API self-consistency, all of extern/export/system-call functions
>> need notice about it.
> 
> I'm afraid this isn't useful.  If you want to change the code, you
> actually need to understand what's going on.  "this seems weird to me"
> is a good starting point but you need to go way beyond that to
> actually make changes.
> 

If some of APIs check the related parameters, but the other not, this
interface must assume some usage condition from the callers which
callers can break out (although the callers may not break out, now).

> Thanks.
> 


-- 
Chen Gang

next prev parent reply	other threads:[~2013-09-24  4:28 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-20  3:01 [PATCH] kernel/groups.c: consider about NULL for 'group_info' in all related extern functions Chen Gang
2013-08-20  3:03 ` Chen Gang
2013-09-03  5:23   ` Chen Gang
2013-09-23 15:06 ` Tejun Heo
2013-09-24  3:42   ` Chen Gang
2013-09-24  4:06     ` Tejun Heo
2013-09-24  4:27       ` Chen Gang [this message]
2013-09-24 12:04         ` Tejun Heo
2013-09-25  0:49           ` Chen Gang
2013-09-25  0:58             ` Tejun Heo
2013-09-25  1:06               ` Chen Gang
2013-09-25  1:14                 ` Tejun Heo
2013-09-25  1:47                   ` Chen Gang
2013-09-25  4:34                     ` Chen Gang
2013-09-26  5:58                       ` Chen Gang
2013-09-26  6:30                         ` Chen Gang
2013-09-26 13:15                           ` Tejun Heo
2013-09-27  1:30                             ` Chen Gang
2013-09-27  3:36                               ` Tejun Heo
2013-09-27  7:16                                 ` Chen Gang
2013-09-27 11:53                                   ` Tejun Heo
2013-09-27 12:19                                     ` Chen Gang
2013-09-29  2:50                                       ` Chen Gang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=524114B8.3070903@asianux.com \
    --to=gang.chen@asianux.com \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mtk.manpages@gmail.com \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox