[RFC] [-mm] Remove 'unsafe' LZO decompressor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

Attached is a patch which may be desirable for -mm. It applies directly to 2.6.22-rc2-mm1.

The patch removes the 'unsafe' LZO decompression function, lowering the size of the minilzo.c file by nearly 500 out of an original 1727 lines. It also removes references to the 'unsafe' decompression function in the public LZO header and the EXPORT_SYMBOL_GPL declaration.

This is intended to provoke some discussion over whether a decompression function able to scribble on arbitrary memory is desirable in the mainline kernel, whatever the performance increases.

Over and above the security/stability implications of using this code, it can also be argued to represent an unnecessary duplication of the vast majority of LZO decompression code. This is due to the lack of likely in-kernel uses of the 'unsafe' function.

Only a single user for this 'unsafe' code has been suggested, the 'Compressed Caching' project. This code is highly unlikely to move into mainline in the same timeframe as the LZO code. All of the other suggested uses require decompression of untrusted data, such that the 'safe' function should be used.

Comments / disagreement all welcome :)

Michael-Luke Jones

Attachment: lzo-remove-unsafe-decompressor.patch
Description: Binary data



[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux