lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <47391EFA.4000004@cn.fujitsu.com>
Date:	Tue, 13 Nov 2007 11:50:18 +0800
From:	Miao Xie <miaox@...fujitsu.com>
To:	Tejun Heo <teheo@...e.de>
CC:	gregkh@...e.de, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] sysfs: fix  off-by-one error in fill_read_buffer

on 2007-11-12 22:08 Tejun Heo wrote:
> It isn't strictly a bug.  If the ->show() op fills full PAGE_SIZE and
> returns PAGE_SIZE, the user will get full PAGE_SIZE bytes correctly, so
> it will work.  However, considering normal use cases, return value of
> PAGE_SIZE very likely indicates an error condition, so considering it a
> BUG condition is a good idea.
> 
> Miao, can you please note that the code works fine with PAGE_SIZE return
> but it's likely to indicate truncated result or overflow in normal use
> cases as a comment on top of the BUG_ON()?
> 
> Thanks.

OK, I did it.

Signed-off-by: Miao Xie <miaox@...fujitsu.com>

---
  fs/sysfs/file.c |    4 +++-
  1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
index 27d1785..7f6a8d2 100644
--- a/fs/sysfs/file.c
+++ b/fs/sysfs/file.c
@@ -119,7 +119,9 @@ static int fill_read_buffer(struct dentry * dentry, struct sysfs_buffer * buffer

  	sysfs_put_active_two(attr_sd);

-	BUG_ON(count > (ssize_t)PAGE_SIZE);
+	/* the code works fine with PAGE_SIZE return but it's likely to
+	   indicate truncated result or overflow in normal use cases. */
+	BUG_ON(count >= (ssize_t)PAGE_SIZE);
  	if (count >= 0) {
  		buffer->needs_read_fill = 0;
  		buffer->count = count;
-- 
1.5.3


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ