| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Dec 2017 11:31:00 -0800
From: Matthew Wilcox <willy@...radead.org>
To: Jeff Moyer <jmoyer@...hat.com>
Cc: Zhen Lei <thunder.leizhen@...wei.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
Benjamin LaHaise <bcrl@...ck.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
linux-aio <linux-aio@...ck.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
Tianhong Ding <dingtianhong@...wei.com>,
Hanjun Guo <guohanjun@...wei.com>,
Libin <huawei.libin@...wei.com>,
Kefeng Wang <wangkefeng.wang@...wei.com>,
Deepa Dinamani <deepa.kernel@...il.com>
Subject: Re: [PATCH 1/1] aio: make sure the input "timeout" value is valid
On Wed, Dec 13, 2017 at 11:27:00AM -0500, Jeff Moyer wrote:
> Matthew Wilcox <willy@...radead.org> writes:
>
> > On Wed, Dec 13, 2017 at 09:42:52PM +0800, Zhen Lei wrote:
> >> Below information is reported by a lower kernel version, and I saw the
> >> problem still exist in current version.
> >
> > I think you're right, but what an awful interface we have here!
> > The user must not only fetch it, they must validate it separately?
> > And if they forget, then userspace is provoking undefined behaviour? Ugh.
> > Why not this:
>
> Why not go a step further and have get_timespec64 check for validity?
> I wonder what caller doesn't want that to happen...
There are some which don't today. I'm hoping Deepa takes this and goes
off and fixes them all up.
Powered by blists - more mailing lists