From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753225Ab0CXVVJ (ORCPT ); Wed, 24 Mar 2010 17:21:09 -0400 Received: from nlpi157.sbcis.sbc.com ([207.115.36.171]:36354 "EHLO nlpi157.prodigy.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752882Ab0CXVVH (ORCPT ); Wed, 24 Mar 2010 17:21:07 -0400 Date: Wed, 24 Mar 2010 16:19:24 -0500 (CDT) From: Christoph Lameter X-X-Sender: cl@router.home To: Andrew Morton cc: Jonathan Corbet , Mel Gorman , Andrea Arcangeli , Adam Litke , Avi Kivity , David Rientjes , Minchan Kim , KAMEZAWA Hiroyuki , KOSAKI Motohiro , Rik van Riel , linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH 07/11] Memory compaction core In-Reply-To: <20100324141400.72479ce6.akpm@linux-foundation.org> Message-ID: References: <1269347146-7461-1-git-send-email-mel@csn.ul.ie> <1269347146-7461-8-git-send-email-mel@csn.ul.ie> <20100324133347.9b4b2789.akpm@linux-foundation.org> <20100324145946.372f3f31@bike.lwn.net> <20100324141400.72479ce6.akpm@linux-foundation.org> User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 24 Mar 2010, Andrew Morton wrote: > > ...except that we've seen a fair number of null pointer dereference > > exploits that have told us something altogether different. Are we > > *sure* we don't want to test for null pointers...? > > > > It's hard to see what the test gains us really - the kernel has > zillions of pointer derefs, any of which could be NULL if we have a > bug. Are we more likely to have a bug here than elsewhere? > > This one will oops on a plain old read, so it's a bit moot in this > case. If the object pointed to is larger than page size and we are referencing a member with an offset larger than page size later then we may create an exploit without checks. But the structure here is certainly smaller than that. So no issue here. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail203.messagelabs.com (mail203.messagelabs.com [216.82.254.243]) by kanga.kvack.org (Postfix) with SMTP id C22BC6B0201 for ; Wed, 24 Mar 2010 17:20:15 -0400 (EDT) Date: Wed, 24 Mar 2010 16:19:24 -0500 (CDT) From: Christoph Lameter Subject: Re: [PATCH 07/11] Memory compaction core In-Reply-To: <20100324141400.72479ce6.akpm@linux-foundation.org> Message-ID: References: <1269347146-7461-1-git-send-email-mel@csn.ul.ie> <1269347146-7461-8-git-send-email-mel@csn.ul.ie> <20100324133347.9b4b2789.akpm@linux-foundation.org> <20100324145946.372f3f31@bike.lwn.net> <20100324141400.72479ce6.akpm@linux-foundation.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-mm@kvack.org To: Andrew Morton Cc: Jonathan Corbet , Mel Gorman , Andrea Arcangeli , Adam Litke , Avi Kivity , David Rientjes , Minchan Kim , KAMEZAWA Hiroyuki , KOSAKI Motohiro , Rik van Riel , linux-kernel@vger.kernel.org, linux-mm@kvack.org List-ID: On Wed, 24 Mar 2010, Andrew Morton wrote: > > ...except that we've seen a fair number of null pointer dereference > > exploits that have told us something altogether different. Are we > > *sure* we don't want to test for null pointers...? > > > > It's hard to see what the test gains us really - the kernel has > zillions of pointer derefs, any of which could be NULL if we have a > bug. Are we more likely to have a bug here than elsewhere? > > This one will oops on a plain old read, so it's a bit moot in this > case. If the object pointed to is larger than page size and we are referencing a member with an offset larger than page size later then we may create an exploit without checks. But the structure here is certainly smaller than that. So no issue here. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org