From: Willy Tarreau <w@1wt.eu>
To: Eric Dumazet <edumazet@google.com>
Cc: joe@perches.com, wanghaifine@gmail.com,
David Miller <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
netdev <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Change judgment len position
Date: Wed, 24 Oct 2018 22:09:46 +0200 [thread overview]
Message-ID: <20181024200946.GB25475@1wt.eu> (raw)
In-Reply-To: <CANn89iLH=VP1i=KS5QV1x41EpQM5-o1TJfDh01Y++bMpFpfBRg@mail.gmail.com>
On Wed, Oct 24, 2018 at 10:03:08AM -0700, Eric Dumazet wrote:
> On Wed, Oct 24, 2018 at 9:54 AM Joe Perches <joe@perches.com> wrote:
>
> > I think if the point is to test for negative numbers,
> > it's clearer to do that before using min_t.and it's
> > probably clearer not to use min_t at all.
> >
>
> ...
>
> >
> > if (len > sizeof(int))
> > len = sizeof(int);
>
> It is a matter of taste really, I know some people (like me) sometimes
> mixes min() and max()
I do mix them up a lot as well because I tend to read "x=min(y,4)" as
"take y with a minimum value of 4" which in fact would be "max(y,4)".
> I would suggest that if someones wants to change the current code, a
> corresponding test
> would be added in tools/testing/selftests/net
In any case, what matters to me is that for now the only risk the existing
code represents is to overwrite up to one int of some userspace if the size
is negative, and we don't want that a wrong fix results in doing something
worse by accident like reading 2GB of kernel memory. I agree that Joe's
test with len<0 then len>sizeof(int) seems to work, but a test is probably
useful at least to ensure that the next person who passes there and wants
to turn this into min_t() again clearly catches all bad cases.
Regards,
Willy
next prev parent reply other threads:[~2018-10-24 20:10 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-24 15:47 [PATCH] Change judgment len position Wang Hai
2018-10-24 15:57 ` Willy Tarreau
2018-10-24 16:23 ` Joe Perches
2018-10-24 16:32 ` Willy Tarreau
2018-10-24 16:54 ` Joe Perches
2018-10-24 17:03 ` Eric Dumazet
2018-10-24 17:18 ` Joe Perches
2018-10-24 20:09 ` Willy Tarreau [this message]
2018-10-24 15:59 ` Eric Dumazet
2018-10-24 16:01 ` Willy Tarreau
2018-10-24 17:10 ` David Miller
2018-10-24 18:28 ` Joe Perches
2018-10-24 20:48 ` Willy Tarreau
2018-10-24 23:46 ` Joe Perches
2018-10-25 0:02 ` David Miller
2018-10-25 0:23 ` Joe Perches
2018-10-25 0:50 ` Eric Dumazet
2018-10-25 1:11 ` Fengguang Wu
2018-10-25 1:16 ` Joe Perches
2018-10-25 2:20 ` Al Viro
2018-10-25 2:41 ` Joe Perches
2018-10-25 3:20 ` Willy Tarreau
2018-10-25 1:03 ` Al Viro
2018-10-24 17:34 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181024200946.GB25475@1wt.eu \
--to=w@1wt.eu \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=joe@perches.com \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=wanghaifine@gmail.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).