| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Nov 2022 19:48:01 +0200
From: 'Andy Shevchenko' <andriy.shevchenko@...ux.intel.com>
To: David Laight <David.Laight@...lab.com>
Cc: LKML <linux-kernel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Steven Rostedt <rostedt@...dmis.org>,
'Joe Perches' <joe@...ches.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 0/1] Slightly relax the type checking done by min() and
max().
On Fri, Nov 25, 2022 at 04:14:58PM +0000, David Laight wrote:
> From: 'Andy Shevchenko'
> > Sent: 25 November 2022 15:58
> > On Fri, Nov 25, 2022 at 03:27:07PM +0000, David Laight wrote:
...
> > Any better example, please?
>
> How about:
Better, indeed.
> data_size = min_t(u16, buf_size, len);
>
> https://elixir.bootlin.com/linux/v6.1-rc6/source/kernel/printk/printk_ringbuffer.c#L1738
>
> Now, maybe, you could claim that buf_size > 64k never happens.
> But the correct cast here is u32 to match buf_size.
> len (being u16) will be promoted to int before the compare.
>
> Just search the kernel for "min_t(u8," or "min_t(u16," while some might
> be ok, I really wouldn't want to verify each case.
>
> If you look hard enough there are also some:
> u32_var = min_t(u32, u32_val, u64_val);
> where the intent is to limit values that might be invalid for u32.
Wouldn't be better to actually issue a warning if the desired type is shorter
than one of the min_t() arguments?
Then you go through all cases and fix them accordingly.
Blindly relaxing the rules is not an option in my opinion.
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists