lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130920113736.GB8655@elgon.mountain>
Date:	Fri, 20 Sep 2013 14:37:36 +0300
From:	Dan Carpenter <dan.carpenter@...cle.com>
To:	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Jiri Olsa <jolsa@...hat.com>
Cc:	Paul Mackerras <paulus@...ba.org>, Ingo Molnar <mingo@...hat.com>,
	Arnaldo Carvalho de Melo <acme@...stprotocols.net>,
	linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: [patch] perf: potential underflow in perf_sample_ustack_size()

The code here is trying to ensure that we don't have a
"header_size + stack_size" which is more than USHRT_MAX.  I changed
the overflow check a little to make it more clear.

My concern here is that if "header_size + sizeof(u64)" is very large
then we could end up with underflow doing the subtraction and end up
with a "stack_size" larger than intended.

I don't know perf well enough to say if this is possible.

Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>

diff --git a/kernel/events/core.c b/kernel/events/core.c
index dd236b6..eec9e683 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -4217,11 +4217,13 @@ perf_sample_ustack_size(u16 stack_size, u16 header_size,
 	header_size += 2 * sizeof(u64);
 
 	/* Do we fit in with the current stack dump size? */
-	if ((u16) (header_size + stack_size) < header_size) {
+	if (header_size > USHRT_MAX - stack_size) {
 		/*
 		 * If we overflow the maximum size for the sample,
 		 * we customize the stack dump size to fit in.
 		 */
+		if (header_size + sizeof(u64) > USHRT_MAX)
+			return 0;
 		stack_size = USHRT_MAX - header_size - sizeof(u64);
 		stack_size = round_up(stack_size, sizeof(u64));
 	}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ