lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <99b9e091-9e95-5e45-5914-38a938840aa6@i-love.sakura.ne.jp>
Date:   Fri, 13 Aug 2021 22:27:21 +0900
From:   Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
To:     Pavel Skripkin <paskripkin@...il.com>, rostedt@...dmis.org,
        tglx@...utronix.de
Cc:     linux-kernel@...r.kernel.org,
        syzbot+e68c89a9510c159d9684@...kaller.appspotmail.com
Subject: Re: [PATCH] profiling: fix shift-out-of-bounds in profile_setup

On 2021/08/13 19:56, Pavel Skripkin wrote:
> I don't get it, sorry. Do you mean, that
> 
> #define MAX_PROF_SHIFT        BITS_PER_LONG
> 
> is better solution here?

Yes, but I feel we don't need to define MAX_PROF_SHIFT because
the type of the integer value which is subjected to shift operation
will be always "unsigned long" and will unlikely change in the future.

>                          And as I understand we can change prof_shift type from "unsigned long" to "unsigned short", rigth?

Yes, "unsigned int" or "unsigned short int", or even "u8" (I don't know
whether compilers generate bad code if "u8" is used). At least, since
get_option() stores result into "int", receiving via "unsigned int" will
be enough.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ