|From:||"Larry H." <research-AT-subreption.com>|
|To:||Linus Torvalds <torvalds-AT-linux-foundation.org>|
|Subject:||Re: [PATCH] Use kzfree in tty buffer management to enforce data sanitization|
|Date:||Sat, 30 May 2009 19:35:56 -0700|
|Cc:||linux-kernel-AT-vger.kernel.org, linux-mm-AT-kvack.org, Rik van Riel <riel-AT-redhat.com>, Alan Cox <alan-AT-lxorguk.ukuu.org.uk>|
On 19:04 Sat 30 May , Linus Torvalds wrote: > > > On Sat, 30 May 2009, Larry H. wrote: > > > > This patch doesn't affect fastpaths. > > This patch is ugly as hell. > > You already know the size of the data to clear. > > If we actually wanted this (and I am in _no_way_ saying we do), the only > sane thing to do is to just do > > memset(buf->data, 0, N_TTY_BUF_SIZE); > if (PAGE_SIZE != N_TTY_BUF_SIZE) > kfree(...) > else > free_page(...) > It wasn't me who proposed using kzfree in these places. Ask Ingo and Peter or refer to the entire thread about my previous patches. In a way it's convenient that a patch written as of their 'recommendations' and 'positive feedback' is being ditched and properly outed as an overkill. Surprisingly we might agree on this one. > but quite frankly, I'm not convinced about these patches at all. > > I'm also not in the least convinced about how you just dismiss everybodys > concerns. This was proposed by Ingo, Andrew, Peter and later agreed upon by Alan. I'm not sure whose concerns are being dismissed, but it looks like when I make a perfectly valid technical point, and document it or provide references, it's my concerns that get dismissed. It's also typically the same people who do it, without providing true reasoning nor facts that support their claims. And every time I submit a patch which _exactly_ follows what other people suddenly decided to agree upon, it is dismissed as well. In the end it looks like there's no intention to close some serious security loopholes in the kernel, but engage in endless arguments about who's right or wrong, more often than not with people whose area of expertise is definitely not security, making ad hominem statements and so forth. The next time a kernel vulnerability appears that is remotely related to some of the venues of attack I've commented, it will be useful to be able to refer to these responses. Larry -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to email@example.com. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"firstname.lastname@example.org"> email@example.com </a>
Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds