[RFC] security_getprocattr() API idiocy

From: Al Viro <viro@xxxxxxxxxxxxxxxx>
Date: Tue, 13 Feb 2007 13:47:30 +0000

[apologies for resend, bogus address on the original mail]

security_getprocattr() takes a buffer + length, copies data
to it and return the actual length. If buffer is NULL, it just returns
the right length, a-la snprintf(). Observations:
* at least selinux ends up actually allocating the buffer of the
right size, filling it, then copying its contents to buffer and freeing
what had been allocating.
* all users allocate buffer, then call security_getprocattr() to
fill just allocated one.
* one place does even worse - it calls security_getprocattr() passing
it NULL and uses obtained length to allocate buffer and call
security_getprocattr() _again_.

It's bloody bogus. In all cases we would be just as happy if it returned
the buffer it'd allocated itself. In the best case we end up with two
allocations; in the worst it's _three_, not to mention recalculating the
contents and size. We end up doing
* calculate size
* allocate buffer of that size with GFP_ATOMIC
* fill it
* free it
* allocate buffer of that size with GFP_KERNEL
* caluclate the same size
* allocate buffer of that size with GFP_ATOMIC
* fill it with the same string
* copy it to buffer we's allocated with GFP_KERNEL
* free the buffer we'd allocated with GFP_ATOMIC
I'm sorry, but could we please not mix the kernel with Vogon poetry contest?

AFAICS, the sane solution is to make security_getprocattr() return the
allocated buffer instead. All callers would be only happy with that.
Alternatively, we can introduce a new LSM hook (security_getprocattr_sane())
and leave the original as-is.

So, do we want to keep the original variant and add a saner one in parallel
to it or should we just switch to saner API?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Prev by Date: Re: [PATCH 1/2] Re: [autofs] Bad race condition in the new autofs protocol somewhere
Next by Date: Linux 2.6.19.2: maybe a bug inside the r8169 network driver (was Re: Linux 2.6.19.2: Freeze with CIFS mount)
Previous by thread: /proc/sys/net/ipv[46]/conf/ issue unsolved
Next by thread: Linux 2.6.19.2: maybe a bug inside the r8169 network driver (was Re: Linux 2.6.19.2: Freeze with CIFS mount)
Index(es):
- Date
- Thread

Relevant Pages

[PATCH] cpm_uart: Fix dpram allocation and non-console uarts
... Makes non-console UART work on both 8xx and 82xx ... static unsigned int cpm_uart_tx_empty(struct uart_port *port) ... /* Write back buffer pointer */ ... * Allocate DP-Ram and memory buffers. ...
(Linux-Kernel)
Re: Access violation with heap memory
... I'm getting a runtime access violation using heap memory that was ... Now, when I try to access the buffer in the main function, I ... Why are you using 'char'? ... Note that there is no need to allocate storage until you are in the FillBuf, ...
(microsoft.public.vc.mfc)
Re: [PATCH 0/3]HTLB mapping for drivers (take 2)
... It sounds like this patch set working towards the same goal as my ... so the buffer is in normal memory. ... is responsible for populating a buffer for sending to a device. ... Allocate memory. ...
(Linux-Kernel)
Re: [RFC v2][PATCH 2/9] General infrastructure for checkpoint restart
... kmalloc a temporary buffer and flush immediately. ... Only after the container resumes ... (This is also useful in case you want to keep the checkpoint image entirely ... provides a shortcut to allocate space directly on the buffer, ...
(Linux-Kernel)
Re: perfmon2 vector argument question
... into a kernel buffer. ... the vector must be copied into a kernel-level buffer. ... because kmalloc/kfree are expensive. ... Another approach that was suggested to me is to allocate on demand but not kfree ...
(Linux-Kernel)