| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0d4601d65709$7a0e2d80$6e2a8880$@gmail.com>
Date: Fri, 10 Jul 2020 18:28:45 -0400
From: <charley.ashbringer@...il.com>
To: "'Matthew Wilcox'" <willy@...radead.org>,
"'Randy Dunlap'" <rdunlap@...radead.org>
Cc: <keescook@...omium.org>, <mcgrof@...nel.org>, <yzaikin@...gle.com>,
<linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>
Subject: RE: [PATCH] sysctl: add bound to panic_timeout to prevent overflow
> On Thu, Jul 09, 2020 at 08:31:39PM -0700, Randy Dunlap wrote:
> > > +/* this is needed for setting boundery for panic_timeout to prevent
> > > +it from overflow*/
> >
> > boundary (or max value)
overflow */
> >
> > > +static int panic_time_max = INT_MAX / 1000;
>
> Or just simplify the comment.
>
> /* Prevent overflow in panic() */
>
> Or perhaps better, fix panic() to not overflow.
>
> - for (i = 0; i < panic_timeout * 1000; i += PANIC_TIMER_STEP)
{
> + for (i = 0; i / 1000 < panic_timeout; i += PANIC_TIMER_STEP)
{
>
> you probably also want to change i to be a long long or the loop may never
> terminate.
Thanks for the feedback, I too agree this should be better than
modifying the sysctl, considering how localized and neat this
change is. It's also more readable. Setting a bound in sysctl.c
which is dependent on the constant value in panic.c is not a very
good idea.
I agree changing i from long to long long is necessary.
I'll submit a v2 patch enforcing this shortly.
Cheers,
Changming
Powered by blists - more mailing lists