lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 26 Mar 2024 16:26:43 +0100
From: David Sterba <dsterba@...e.cz>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Chris Mason <clm@...com>, Qu Wenruo <wqu@...e.com>,
	Josef Bacik <josef@...icpanda.com>, David Sterba <dsterba@...e.com>,
	linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] btrfs: qgroup: delete unnecessary check in
 btrfs_qgroup_check_inherit()

On Thu, Mar 07, 2024 at 05:53:47PM +0300, Dan Carpenter wrote:
> This check "if (inherit->num_qgroups > PAGE_SIZE)" is confusing and
> unnecessary.
> 
> The problem with the check is that static checkers flag it as a
> potential mixup of between units of bytes vs number of elements.
> Fortunately, the check can safely be deleted because the next check is
> correct and applies an even stricter limit:
> 
> 	if (size != struct_size(inherit, qgroups, inherit->num_qgroups))
> 		return -EINVAL;
> 
> The "inherit" struct ends in a variable array of __u64 and
> "inherit->num_qgroups" is the number of elements in the array.  At the
> start of the function we check that:
> 
> 	if (size < sizeof(*inherit) || size > PAGE_SIZE)
> 		return -EINVAL;
> 
> Thus, since we verify that the whole struct fits within one page, that
> means that the number of elements in the inherit->qgroups[] array must
> be less than PAGE_SIZE.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>

Added to for-next, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ