lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <18784666-9A03-48C2-87DA-BEC78D79C993@gmail.com>
Date:	Fri, 6 Apr 2012 16:34:58 -0400
From:	Xi Wang <xi.wang@...il.com>
To:	Chris Wilson <chris@...is-wilson.co.uk>
Cc:	Keith Packard <keithp@...thp.com>,
	Daniel Vetter <daniel.vetter@...ll.ch>,
	linux-kernel@...r.kernel.org, dri-devel@...ts.freedesktop.org
Subject: Re: [PATCH 1/2] drm/i915: fix integer overflow in i915_gem_execbuffer2()

On Apr 6, 2012, at 3:40 PM, Chris Wilson wrote:
> On Fri, 6 Apr 2012 14:17:41 -0400, Xi Wang <xi.wang@...il.com> wrote:
>> 
>> Why an attempt to vmalloc?  The overflow check in drm_malloc_ab()
>> will simply return NULL and fail the ioctl with -ENOMEM.
> 
> It's an invalid value for the ioctl and should be treated as such, not
> making ENOMEM more ambiguous.

We could copy and paste the overflow check so as to return -EINVAL.
I just doubt how much that would help --- you can find existing usages
in other functions, for example, in i915_gem_execbuffer():

  /* Copy in the exec list from userland */
  exec_list = drm_malloc_ab(sizeof(*exec_list), args->buffer_count);
  exec2_list = drm_malloc_ab(sizeof(*exec2_list), args->buffer_count);
  if (exec_list == NULL || exec2_list == NULL) {
          DRM_DEBUG("Failed to allocate exec list for %d buffers\n",
                    args->buffer_count);
          drm_free_large(exec_list);
          drm_free_large(exec2_list);
          return -ENOMEM;
  }

Should we fix all these as well by repeating the checks and returning
-EINVAL?  I am worried about the code bloat / readability price you
would pay for getting a different error code.

BTW, I've also seen code using E2BIG.  Any documented guideline?

- xi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ