2008-05-21 12:37:00

by Christoph Hellwig

[permalink] [raw]
Subject: Re: [2.6 patch] unexport uts_sem

On Tue, May 20, 2008 at 02:38:02PM -0400, Frank Ch. Eigler wrote:
> Sorry, I misspoke - this check is intended not to cross-check
> kernel-devel and the kernel itself, but the debuginfo or similar data
> that is given to describe target of a systemtap script. I guess for
> new enough kernels we'll just do that using buildid hash codes.
>
> By the way, there do appear to be a few suspect in-tree users of
> utsname() without uts_sem locking (usb/storage/usb.c

Just a debug printk. Note sure why this particular one needs to
print the version, but if it really wants to do it it should rather use
UTS_RELEASE.

> cifs/connect.c,

This one is quite fishy. Not sure what it needs the name for but the
kernel utsname is probably a bad choise. And yes, this one actually
is racy because the host name can change.

> char/random.c,

random.c is always built-in and utsname is called during the
single-threaded kernel initialization phase, so this is safe.

> fs/lockd/clntproc.c, ...).

Yes, this one is racy. Should probably be fixed by starting lockd
with CLONE_NEWUTS so that it never changed during it's lifetime.
It's probably not a good idea when it changes with outstanding lockd
request anyway.

> If these need to be fixed,
> then wouldn't uts_sem need to come back exported?


2008-05-21 17:51:18

by Alan Stern

[permalink] [raw]
Subject: [PATCH] usb-storage: don't call utsname()

This patch (as1100) replaces the core-kernel function call to utsname()
in usb-storage with the UTS_RELEASE macro. It's used only for warning
about extra unusual_devs entries.

Signed-off-by: Alan Stern <stern-nwvwT67g6+6dFdvTe/[email protected]>

---

Index: usb-2.6/drivers/usb/storage/usb.c
===================================================================
--- usb-2.6.orig/drivers/usb/storage/usb.c
+++ usb-2.6/drivers/usb/storage/usb.c
@@ -53,7 +53,7 @@
#include <linux/slab.h>
#include <linux/kthread.h>
#include <linux/mutex.h>
-#include <linux/utsname.h>
+#include <linux/utsrelease.h>

#include <scsi/scsi.h>
#include <scsi/scsi_cmnd.h>
@@ -531,8 +531,8 @@ static int get_device_info(struct us_dat
if (msg >= 0 && !(us->fflags & US_FL_NEED_OVERRIDE))
printk(KERN_NOTICE USB_STORAGE "This device "
"(%04x,%04x,%04x S %02x P %02x)"
- " has %s in unusual_devs.h (kernel"
- " %s)\n"
+ " has %s in unusual_devs.h (kernel "
+ UTS_RELEASE ")\n"
" Please send a copy of this message to "
"<[email protected]> and "
"<usb-stora[email protected]>\n",
@@ -541,8 +541,7 @@ static int get_device_info(struct us_dat
le16_to_cpu(ddesc->bcdDevice),
idesc->bInterfaceSubClass,
idesc->bInterfaceProtocol,
- msgs[msg],
- utsname()->release);
+ msgs[msg]);
}

return 0;


2008-05-21 18:10:34

by Greg KH

[permalink] [raw]
Subject: Re: [PATCH] usb-storage: don't call utsname()

On Wed, May 21, 2008 at 01:51:17PM -0400, Alan Stern wrote:
> This patch (as1100) replaces the core-kernel function call to utsname()
> in usb-storage with the UTS_RELEASE macro. It's used only for warning
> about extra unusual_devs entries.
>
> Signed-off-by: Alan Stern <stern-nwvwT67g6+6dFdvTe/[email protected]>

Why? With this change, if you change the version number, the file will
have to be rebuilt. Without the change, the file will not need to be
rebuilt, right?

I thought that was why this change was made a while ago, to prevent
things from having to be rebuilt that didn't need to be.

thanks,

greg k-h

2008-05-21 18:18:43

by Steve French (smfltc)

[permalink] [raw]
Subject: Re: Re: [PATCH] usb-storage: don't call utsname()

Greg KH wrote:
> On Wed, May 21, 2008 at 01:51:17PM -0400, Alan Stern wrote:
>
>> This patch (as1100) replaces the core-kernel function call to utsname()
>> in usb-storage with the UTS_RELEASE macro. It's used only for warning
>> about extra unusual_devs entries.
>>
>> Signed-off-by: Alan Stern <stern-nwvwT67g6+6dFdvTe/[email protected]>
>>
>
> Why? With this change, if you change the version number, the file will
> have to be rebuilt. Without the change, the file will not need to be
> rebuilt, right?
>
> I thought that was why this change was made a while ago, to prevent
> things from having to be rebuilt that didn't need to be
>
I agree - what was wrong with utsname->release ... it seems odd to
statically build the kernel's version
number into a module - it should be something we should be able to query
(and it shouldn't change without
reboot so accessing it is not racy). Access to other fields in the
structure (nodename, domainname etc.) might
need to be included in a macro but I didn't see one in utsname.h for this.

2008-05-21 18:53:10

by Christoph Hellwig

[permalink] [raw]
Subject: Re: [PATCH] usb-storage: don't call utsname()

On Wed, May 21, 2008 at 11:09:57AM -0700, Greg KH wrote:
> Why? With this change, if you change the version number, the file will
> have to be rebuilt. Without the change, the file will not need to be
> rebuilt, right?

Because thanks to the container patches it utsname fields other than
hostname can actually change at runtime now and you'll get races looking
at them. And probably not the output you want if someone in your
container changes the kernel version to trick applications.

2008-05-21 19:35:42

by Greg KH

[permalink] [raw]
Subject: Re: [PATCH] usb-storage: don't call utsname()

On Wed, May 21, 2008 at 02:52:51PM -0400, Christoph Hellwig wrote:
> On Wed, May 21, 2008 at 11:09:57AM -0700, Greg KH wrote:
> > Why? With this change, if you change the version number, the file will
> > have to be rebuilt. Without the change, the file will not need to be
> > rebuilt, right?
>
> Because thanks to the container patches it utsname fields other than
> hostname can actually change at runtime now and you'll get races looking
> at them. And probably not the output you want if someone in your
> container changes the kernel version to trick applications.

So, do we now go and rip out all usages of utsname()->release and put
back the #define just because of the loonacy of containers?

No kernel should have to change it's version number to trick an
application, why would an application care about the version number to
start with? In the "enterprise kernel" world, version numbers have
little to no relevance on the functionality or features of the kernel,
so any check of something like this is sure to be wrong to start with.

thanks,

greg k-h

2008-05-21 21:01:04

by Steve French (smfltc)

[permalink] [raw]
Subject: Re: Re: [PATCH] usb-storage: don't call utsname()

Greg KH wrote:
> On Wed, May 21, 2008 at 02:52:51PM -0400, Christoph Hellwig wrote:
>
>> On Wed, May 21, 2008 at 11:09:57AM -0700, Greg KH wrote:
>>
>>> Why? With this change, if you change the version number, the file will
>>> have to be rebuilt. Without the change, the file will not need to be
>>> rebuilt, right?
>>>
>> Because thanks to the container patches it utsname fields other than
>> hostname can actually change at runtime now and you'll get races looking
>> at them. And probably not the output you want if someone in your
>> container changes the kernel version to trick applications.
>>
>
> So, do we now go and rip out all usages of utsname()->release and put
> back the #define just because of the loonacy of containers?
>
> No kernel should have to change it's version number to trick an
> application, why would an application care about the version number to
>
The version number (of the OS not just of the SMB/CIFS implementation,
both of which are exchanged by client and server) has sometimes been
useful in debugging problems that I and others and the Samba team look
at (you can see it in wireshark/tcpdump traces, and it can be logged
easily on either end as well).

If containers are crazy enough to change the version number, not just
the hostname, why don't we simply define a three line macro for
retrieving this which is safe and put it in utsname.h?