* some possible bugs around (race conditions etc.)
@ 2001-09-13 17:07 Martin Mačok
2001-09-13 17:34 ` Alan Cox
0 siblings, 1 reply; 2+ messages in thread
From: Martin Mačok @ 2001-09-13 17:07 UTC (permalink / raw)
To: linux-kernel
Hi,
we (Kamil Toman <ktoman@email.cz> and me) were studying linux source
and trying to make some "audit". We went over 2.4.7 source and in the
time of this writing I'm looking at 2.4.9-ac10 to compare if it was
changed. This is a list of possible things we have found:
[ definitely - we're kernel newbies so take us easy ;-) ]
lines according to 2.4.9-ac10:
kernel/capability.c:
59-63, 91-93, 203-206: SMP race, possible fix: rwlock
kernel/exit.c:
485: sys_exit doesn't return anything (nor long type)
why it isn't void ?
442-447: is this signal handling correct?
501: task INTERRUPTIBLE - possible ineffectivity, couldn't this task
be woken up too often (early)?
kernel/fork.c:
586: isn't memcpy() more effective?
kernel/acct.c:
SMP race ?:
----------------------------------------------------
CPU1 CPU2
sys_acct(file)
{
....
if (old_acct)
sys_acct(NULL)
sys_acct(nextfile)
{
....
do_acct_process() -- BUG!
filp_close() -- BUG!
----------------------------------------------------
kernel/sys.c:
1217: mixed signed/unsigned - doesn't it return EINVAL even when it
shouldn't?
1042: what if strlen < len? can we get rid of chars after null?
428: why wmb() ?
kernel/sched.c:
1303-1309: isn't there a same race cond. as in kmod.c:65 ?
1323: is this needed on UP?
603: is this correct on SMP? shouldn't there be some penalty
accounted for being "randomly" woken/run?
kernel/kmod.c
211: shouldn't module_name be tested a bit?
Comments are welcomed.
Have a nice day
--
Martin Mačok
underground.cz
openbsd.cz
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: some possible bugs around (race conditions etc.)
2001-09-13 17:07 some possible bugs around (race conditions etc.) Martin Mačok
@ 2001-09-13 17:34 ` Alan Cox
0 siblings, 0 replies; 2+ messages in thread
From: Alan Cox @ 2001-09-13 17:34 UTC (permalink / raw)
To: Martin Mačok; +Cc: linux-kernel
> kernel/capability.c:
> 59-63, 91-93, 203-206: SMP race, possible fix: rwlock
Looks ok to me
> kernel/exit.c:
> 485: sys_exit doesn't return anything (nor long type)
> why it isn't void ?
Syscall return - its to keep syscall wrappers happy no more
> kernel/fork.c:
> 586: isn't memcpy() more effective?
gcc will do that magic itself
> if (old_acct)
>
Nope. old_acct is saved carefulyl so it seems ok
> kernel/sys.c:
> 1217: mixed signed/unsigned - doesn't it return EINVAL even when it
> shouldn't?
It returns ok when it shouldnt - fixed
> 428: why wmb() ?
So the other CPUs cant see the priviledge change before dumpable clear
> 1323: is this needed on UP?
Not really
> 603: is this correct on SMP? shouldn't there be some penalty
> accounted for being "randomly" woken/run?
No
> kernel/kmod.c
> 211: shouldn't module_name be tested a bit?
modprobe checks
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-09-13 17:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-09-13 17:07 some possible bugs around (race conditions etc.) Martin Mačok
2001-09-13 17:34 ` Alan Cox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).