[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5746919.DvuYhMxLoT@terabithia>
Date: Tue, 23 Jan 2024 21:35:04 -0600
From: Elizabeth Figura <zfigura@...eweavers.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org,
linux-api@...r.kernel.org, wine-devel@...ehq.org,
André Almeida <andrealmeid@...lia.com>,
Wolfram Sang <wsa@...nel.org>, Arkadiusz Hiler <ahiler@...eweavers.com>,
Peter Zijlstra <peterz@...radead.org>
Subject:
Re: [RFC PATCH 3/9] ntsync: Introduce NTSYNC_IOC_CREATE_SEM and
NTSYNC_IOC_DELETE.
On Tuesday, 23 January 2024 19:14:17 CST Greg Kroah-Hartman wrote:
> On Tue, Jan 23, 2024 at 06:40:22PM -0600, Elizabeth Figura wrote:
> > +static int ntsync_create_sem(struct ntsync_device *dev, void __user
> > *argp)
> > +{
> > + struct ntsync_sem_args __user *user_args = argp;
> > + struct ntsync_sem_args args;
> > + struct ntsync_obj *sem;
> > + __u32 id;
> > + int ret;
> > +
> > + if (copy_from_user(&args, argp, sizeof(args)))
> > + return -EFAULT;
> > +
> > + if (args.count > args.max)
> > + return -EINVAL;
>
> No bounds checking on count or max?
>
> What's the relationship between count and max?
Indeed, no bounds checking. The counter is just the semaphore's internal value
and has no meaning other than that.
It's basically like an EFD_SEMAPHORE, except that the maximum is configurable
rather than always being 2**64-2.
> Some sort of real
> documentation is needed here, the changelog needs to explain this. Or
> somewhere, but as-is, this patch series is pretty unreviewable as I
> can't figure out how to review it because I don't know what it wants to
> do.
There is some comprehensive documentation in the series, but for ease of
review I will try to write a basic description of the API in each relevant
patch in v2.
Powered by blists - more mailing lists