lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Nov 2014 10:07:08 -0500 From: Sasha Levin <sasha.levin@...cle.com> To: Linus Torvalds <torvalds@...ux-foundation.org> CC: Ingo Molnar <mingo@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [RFC v2 1/2] compiler: use compiler to detect integer overflows On 11/26/2014 10:13 PM, Linus Torvalds wrote: > .. which I didn't actually validate. And I suspect gcc won't be good > enough to optimize, so it probably generates horrendous code. That's correct. It's pretty bad. > And the thing is, I think it's just *wrong* to do "overflow in signed > type". The code that does it shouldn't be helped to do it, it should > be fixed to use an unsigned type. > > In other words - in this case, the lofft_t should probably just be a u64. In this case it's very tied to userspace. One caller is the space allocation ioctl, which gets this from userspace: struct space_resv { [...] __s64 l_start; __s64 l_len; /* len == 0 means until end of file */ [...] }; Since we can't just change those to unsigned, we'd still need to do an overflow check with signed integers somewhere. Thanks, Sasha -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists