lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Oct 2018 10:09:32 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Sergey Senozhatsky <sergey.senozhatsky@...il.com>
Cc:     zhe.he@...driver.com, rostedt@...dmis.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 4/4] printk: Give error on attempt to set log buffer
 length to over 4G

On Tue 2018-10-09 22:57:58, Sergey Senozhatsky wrote:
> On (10/09/18 15:05), Petr Mladek wrote:
> > > 
> > > Yeah, I think we gonna have problems even with a 4G logbuf and a 32-bit
> > > user-space doing syslog(int len).
> > > 
> > > I agree on the "not motivated enough" part ;)
> > 
> > OK, I have pushed an updated patch that has the limit 2GB
> > into printk.git, for-4.20 branch.
> > 
> > Note that it is slightly different than the yesterday's proposal.
> > I made a mistake in testing and still compared with UNIT_MAX.
> > 
> > The pushed version can be seen at
> > https://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk.git/commit/?h=for-4.20&id=e6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e
> 
> 
> ---
> 
> > +#define LOG_BUF_LEN_MAX (u32)(1 << 31)
> [..]
> > +	if (size > (u64)LOG_BUF_LEN_MAX) {
> > +		size = (u64)LOG_BUF_LEN_MAX;
> > +		pr_err("log_buf over 2G is not supported.\n");
> > +	}
> 
> Why not INT_MAX?

INT_MAX is 0x7fffffff but we need 0x80000000. I did not find
any predefined macro.

> 
> > +	pr_info("log_buf_len: %u bytes\n", log_buf_len);
> > +	pr_info("early log buf free: %u(%u%%)\n",
> >  		free, (free * 100) / __LOG_BUF_LEN);
> 
> Can 'free * 100' overflow?

Good question. It uses the size of the static buffer. If I count
correctly then we are on the safe side because LOG_BUF_SHIFT
is limited by

	range 12 25

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ