lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b25e3544-d975-b966-5374-639401541e59@infradead.org>
Date:   Sun, 12 Jul 2020 07:53:41 -0700
From:   Randy Dunlap <rdunlap@...radead.org>
To:     Gage Eads <gage.eads@...el.com>, linux-kernel@...r.kernel.org,
        arnd@...db.de, gregkh@...uxfoundation.org
Cc:     magnus.karlsson@...el.com, bjorn.topel@...el.com
Subject: Re: [PATCH 04/20] dlb2: add device ioctl layer and first 4 ioctls

On 7/12/20 6:43 AM, Gage Eads wrote:
> +int dlb2_ioctl_dispatcher(struct dlb2_dev *dev,
> +			  unsigned int cmd,
> +			  unsigned long arg)
> +{
> +	u16 sz = _IOC_SIZE(cmd);
> +
> +	if (_IOC_NR(cmd) >= NUM_DLB2_CMD) {

Does this bounds check need to use array_index_nospec()
from <linux/nospec.h> ?

> +		dev_err(dev->dlb2_device,
> +			"[%s()] Unexpected DLB command %d\n",
> +			__func__, _IOC_NR(cmd));
> +		return -1;
> +	}
> +
> +	return dlb2_ioctl_callback_fns[_IOC_NR(cmd)](dev, arg, sz);
> +}

I don't know if it needs to or not. I just want to make sure
that you or someone has thought about it.

-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ