| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Nov 2014 16:31:07 +0100 From: Petr Mladek <pmladek@...e.cz> To: Steven Rostedt <rostedt@...dmis.org> Cc: linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Jiri Kosina <jkosina@...e.cz>, "H. Peter Anvin" <hpa@...or.com>, Thomas Gleixner <tglx@...utronix.de> Subject: Re: [RFC][PATCH 07/12 v3] tracing: Have seq_buf use full buffer On Wed 2014-11-05 16:06:18, Steven Rostedt wrote: > On Wed, 5 Nov 2014 15:21:30 -0500 > Steven Rostedt <rostedt@...dmis.org> wrote: > > > > > > > I wonder if we want this change at all. It means that we are not able to > > > detect overflow in some functions. It is pity because the users > > > might want to increase the buffer size and try again if the print > > > was incomplete. > > > > What do you mean we can't detect overflow? That's what > > seq_buf_has_overflowed() does. > > > > Although I'm looking at the seq_file versions of the bitmap code, which > does only return the len of what was written and not what would have > been written, and it does have this issue. > > I hate to go back to the -1 of the size of buffer as that causes > inconsistencies within the functions themselves, as proved with the > seq_file code. Yeah, the -1 and the unused byte is strange and it would be great to avoid it. On the other hand, I am slightly afraid of the "len = size + 1" that signalizes the buffer overflow. It might be prone for creating security bugs. If people forget to check seq_buf_has_overflowed() before reading or if there is a race, they might read outside of the buffer. > What I might do as just have the bitmap calls not be allowed to fill > the buffer and keep the logic the same. That is, if the bitmap calls > fill the rest of the length, assume we overflowed, otherwise we are > fine. > > I'm going to change seq_buf to do that instead of my new update with > the bitmask code. I like the idea of having the exception only in the bitmap code and filling the whole buffer in other cases. I am now in doubts about the overflow state. A solution would be to add an "overflow" flag to struct seq_bug. I agree that it is ugly but it looks more secure then "len = size + 1". Well, I do not have that strong opinion about it. What do you think? Best Regards, Petr -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists