Hi,
On Fri, 13 Sep 2002, Daniel Phillips wrote:
> > The exit function should always be called after the init function (even if
> > it failed, I don't do it in the patch, that's a bug). The fs init/exit
> > would like this then:
>
> Perhaps, but if so, the module itself should call the exit function in
> its failure path itself. Doing the full exit whether it needs to be
> done or not is wasteful and opens up new DoS opportunities.
The exit itself can fail as well, so it has to be done by the module code
anyway (until it suceeds).
What DoS opportunities are there? Module init failure is the exception
case and usally needs further attention, so we could actually disable
further attempts to load this module, unless the user tells us
specifically so.
> In the example you give below you must rely on register_filesystem
> tolerating unregistering a nonexistent filesystem. That's sloppy at
> best, and you will have to ensure *every* helper used by ->exit is
> similarly sloppy.
Why is that sloppy? E.g. kfree() happily accepts NULL pointers as well.
bye, Roman
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Sep 15 2002 - 22:00:33 EST