All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steven Rostedt <rostedt@goodmis.org>
To: Linyu Yuan <quic_linyyuan@quicinc.com>
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
	<linux-kernel@vger.kernel.org>,
	<linux-trace-kernel@vger.kernel.org>
Subject: Re: [PATCH v5] trace: acquire buffer from temparary trace sequence
Date: Mon, 30 Jan 2023 21:37:35 -0500	[thread overview]
Message-ID: <20230130213735.72cdcee4@gandalf.local.home> (raw)
In-Reply-To: <e2735a3a-4a9b-8b3a-0671-b3f56187cbe2@quicinc.com>

On Tue, 31 Jan 2023 10:06:22 +0800
Linyu Yuan <quic_linyyuan@quicinc.com> wrote:

> yes, agree it will be safe for dwc3, but i don't know if any possible 
> hacker,
> 
> as the function always return a valid pointer even when hacker input a 
> large size.

But gives a nice big warning if that's the case. This is not something that
can be modified by user input. We do not need to worry about
kernel implementations that could overflow (and trigger a WARN_ON() when
they do). Especially since the max size is greater than the max size of the
content of an event.

A lot of systems that worry about hackers enable "panic_on_warn" which
means that if the WARN_ON() triggers, the machine will crash, which will at
most cause a DOS, but not something people can use to hack into the machine
with.

-- Steve

  reply	other threads:[~2023-01-31  2:38 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-30  7:54 [PATCH v5] trace: acquire buffer from temparary trace sequence Linyu Yuan
2023-01-30 13:14 ` Linyu Yuan
2023-01-30 19:30   ` Steven Rostedt
2023-01-31  2:06     ` Linyu Yuan
2023-01-31  2:37       ` Steven Rostedt [this message]
2023-01-31  2:49         ` Linyu Yuan
2023-01-31  3:58           ` Steven Rostedt
2023-01-31  4:59             ` Linyu Yuan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230130213735.72cdcee4@gandalf.local.home \
    --to=rostedt@goodmis.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-trace-kernel@vger.kernel.org \
    --cc=mhiramat@kernel.org \
    --cc=quic_linyyuan@quicinc.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.