lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YKZ38jOCZUlpiqTS@alley>
Date:   Thu, 20 May 2021 16:53:38 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Justin He <Justin.He@....com>
Cc:     Al Viro <viro@...iv.linux.org.uk>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Sergey Senozhatsky <senozhatsky@...omium.org>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Jonathan Corbet <corbet@....net>,
        Heiko Carstens <hca@...ux.ibm.com>,
        Vasily Gorbik <gor@...ux.ibm.com>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        "Eric W . Biederman" <ebiederm@...ssion.com>,
        "Darrick J. Wong" <darrick.wong@...cle.com>,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        Ira Weiny <ira.weiny@...el.com>,
        Eric Biggers <ebiggers@...gle.com>,
        "Ahmed S. Darwish" <a.darwish@...utronix.de>,
        "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-s390 <linux-s390@...r.kernel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH 08/14] d_path: make prepend_name() boolean

On Thu 2021-05-20 09:12:34, Justin He wrote:
> Hi Al
> 
> > -----Original Message-----
> > From: Al Viro <viro@....linux.org.uk> On Behalf Of Al Viro
> > Sent: Wednesday, May 19, 2021 8:49 AM
> > To: Linus Torvalds <torvalds@...ux-foundation.org>
> > Cc: Justin He <Justin.He@....com>; Petr Mladek <pmladek@...e.com>; Steven
> > Rostedt <rostedt@...dmis.org>; Sergey Senozhatsky
> > <senozhatsky@...omium.org>; Andy Shevchenko
> > <andriy.shevchenko@...ux.intel.com>; Rasmus Villemoes
> > <linux@...musvillemoes.dk>; Jonathan Corbet <corbet@....net>; Heiko
> > Carstens <hca@...ux.ibm.com>; Vasily Gorbik <gor@...ux.ibm.com>; Christian
> > Borntraeger <borntraeger@...ibm.com>; Eric W . Biederman
> > <ebiederm@...ssion.com>; Darrick J. Wong <darrick.wong@...cle.com>; Peter
> > Zijlstra (Intel) <peterz@...radead.org>; Ira Weiny <ira.weiny@...el.com>;
> > Eric Biggers <ebiggers@...gle.com>; Ahmed S. Darwish
> > <a.darwish@...utronix.de>; open list:DOCUMENTATION <linux-
> > doc@...r.kernel.org>; Linux Kernel Mailing List <linux-
> > kernel@...r.kernel.org>; linux-s390 <linux-s390@...r.kernel.org>; linux-
> > fsdevel <linux-fsdevel@...r.kernel.org>
> > Subject: [PATCH 08/14] d_path: make prepend_name() boolean
> >
> > It returns only 0 or -ENAMETOOLONG and both callers only check if
> > the result is negative.  Might as well return true on success and
> > false on failure...
> >
> > Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
> > ---
> >  fs/d_path.c | 12 ++++++------
> >  1 file changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/fs/d_path.c b/fs/d_path.c
> > index 327cc3744554..83db83446afd 100644
> > --- a/fs/d_path.c
> > +++ b/fs/d_path.c
> > @@ -34,15 +34,15 @@ static void prepend(char **buffer, int *buflen, const
> > char *str, int namelen)
> >   *
> >   * Load acquire is needed to make sure that we see that terminating NUL.
> >   */
> > -static int prepend_name(char **buffer, int *buflen, const struct qstr
> > *name)
> > +static bool prepend_name(char **buffer, int *buflen, const struct qstr
> > *name)
> >  {
> >       const char *dname = smp_load_acquire(&name->name); /* ^^^ */
> >       u32 dlen = READ_ONCE(name->len);
> >       char *p;
> >
> >       *buflen -= dlen + 1;
> > -     if (*buflen < 0)
> > -             return -ENAMETOOLONG;
> > +     if (unlikely(*buflen < 0))
> > +             return false;
> 
> I don't object to this patch itself.
> Just wonder whether we need to relax the check condition of "*buflen < 0" ?
> 
> Given that in vsnprintf code path, sometimes the *buflen is < 0.
> 
> Please see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/lib/vsprintf.c#n2698

IMHO, the patch is fine. It is likely some misunderstanding.
The above link points to:

2693	str = buf;
2694	end = buf + size;
2695
2696	/* Make sure end is always >= buf */
2697	if (end < buf) {
2698		end = ((void *)-1);
2699		size = end - buf;
2700	}

"end" points right behind the end of the buffer. It is later
used instead of the buffer size. The above code handles a potential
overflow of "buf + size". I causes that "end" will be 0xffffffff
in case of the overflow.

That said. vsnprintf() returns the number of characters which would
be generated for the given input. But only the "size" is written.
This require copying the characters one by one.

It is useful to see how many characters were lost. But I am not sure
if this ever worked for the dentry functions.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ