From: Matthew Wilcox <willy@infradead.org>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
Jordy Zomer <jordy@pwning.systems>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
"Ahmed S. Darwish" <a.darwish@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
Eric Biggers <ebiggers@google.com>
Subject: Re: [PATCH] fs: make d_path-like functions all have unsigned size
Date: Tue, 27 Jul 2021 16:31:28 +0100 [thread overview]
Message-ID: <YQAm0DOAPxyah0+H@casper.infradead.org> (raw)
In-Reply-To: <YQAjdSPCwrnoc+YO@zeniv-ca.linux.org.uk>
On Tue, Jul 27, 2021 at 03:17:09PM +0000, Al Viro wrote:
> On Tue, Jul 27, 2021 at 04:07:47PM +0100, Matthew Wilcox wrote:
>
> > umm ... what if someone passes in -ENOMEM as buflen? Not saying we
> > have such a path right now, but I could imagine it happening.
> >
> > if (unlikely(buflen < 0))
> > return ERR_PTR(buflen);
> > if (unlikely(buflen > 0x8000)) {
> > buf += buflen - 0x8000;
> > buflen = 0x8000;
> > }
>
> Not really. You don't want ERR_PTR() of random negative numbers to start
> flying around...
yeah. the problem is that we're trying to infer what's actually going
on when the user has (potentially) passed us complete crap. so do
we assume that 'buffer' is good if 'buflen' is >32KB? plausible it
might be. is it still plausibly good if buflen is >4MB? i would say
'no'.
if (unlikely((unsigned)buflen > 4096U * 1024))
return ERR_PTR(-EINVAL);
if (unlikely(buflen > 0x8000)) {
buf += buflen - 0x8000;
buflen = 0x8000;
}
prev parent reply other threads:[~2021-07-27 15:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-27 10:36 [PATCH] fs: make d_path-like functions all have unsigned size Greg Kroah-Hartman
2021-07-27 10:49 ` Ahmed S. Darwish
2021-07-27 10:56 ` Greg Kroah-Hartman
2021-07-27 11:19 ` Matthew Wilcox
2021-07-27 11:51 ` Greg Kroah-Hartman
2021-07-27 14:50 ` Al Viro
2021-07-27 15:07 ` Matthew Wilcox
2021-07-27 15:17 ` Al Viro
2021-07-27 15:31 ` Matthew Wilcox [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YQAm0DOAPxyah0+H@casper.infradead.org \
--to=willy@infradead.org \
--cc=a.darwish@linutronix.de \
--cc=andriy.shevchenko@linux.intel.com \
--cc=ebiggers@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=jordy@pwning.systems \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.