[PATCH 00/14] Make the user mode driver code a better citizen
Eric W. Biederman
ebiederm at xmission.com
Tue Jun 30 12:32:39 UTC 2020
Tetsuo Handa <penguin-kernel at i-love.sakura.ne.jp> writes:
> On 2020/06/30 5:19, Eric W. Biederman wrote:
>> Tetsuo Handa <penguin-kernel at i-love.sakura.ne.jp> writes:
>>
>>> On 2020/06/29 4:44, Alexei Starovoitov wrote:
>>>> But all the defensive programming kinda goes against general kernel style.
>>>> I wouldn't do it. Especially pr_info() ?!
>>>> Though I don't feel strongly about it.
>>>
>>> Honestly speaking, caller should check for errors and print appropriate
>>> messages. info->wd.mnt->mnt_root != info->wd.dentry indicates that something
>>> went wrong (maybe memory corruption). But other conditions are not fatal.
>>> That is, I consider even pr_info() here should be unnecessary.
>>
>> They were all should never happen cases. Which is why my patches do:
>> if (WARN_ON_ONCE(...))
>
> No. Fuzz testing (which uses panic_on_warn=1) will trivially hit them.
> This bug was unfortunately not found by syzkaller because this path is
> not easily reachable via syscall interface.
Absolutely yes. These are cases that should never happen.
They should never be reachable by userspace.
It is absolutely a bug if these are hit by userspace.
Now if fuzzers want horrible cases to be even more horrible and change a
nice friendly warn into a panic that is their problem. The issue being
do they capture the information the rest of us need to fix.
Eric
More information about the Linux-security-module-archive
mailing list