Re: [PATCH] char: istallion: fix arbitrary kernel memory reads/writes

From: Jiri Slaby
Date: Sat Apr 09 2011 - 16:36:31 EST

On 04/09/2011 10:24 PM, Valdis.Kletnieks@xxxxxx wrote:
> On Sat, 09 Apr 2011 15:26:59 +0200, Jiri Slaby said:
>> On 04/09/2011 02:41 PM, Vasiliy Kulikov wrote:
>>> stli_brdstats is defined as global variable. After de-BKL-ization in
>>> the patch b4eda9cb48eac1b7 an access to the variable is not serialized
>>> anymore. This leads to the TOCTOU in stli_getbrdstats():
>> Don't use such a weird and uncommon abbreviations.
> Time Of Check [to] Time Of Use. Hardly uncommon, especially in the security
> community.

Well, changelogs are not for security community only. And I think I've
read far than enough papers about code analysis and never seen that before.

> Googling for 'TOCTOU' and 'TOCTTOU' gets about 60K hits combined.

Sure, I googled that a bit. But that didn't persuade me at all. It looks
like it is used by a narrow set of experts.

Whatever, I mainly wanted to point out the code move.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at