| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHk-=wgo9iEZ20wB4rOpt6h36Dymudqf6HXww1N094bVoqyMmg@mail.gmail.com>
Date: Mon, 29 Jul 2024 12:27:05 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, Henrik Rydberg <rydberg@...math.org>,
"linux-input@...r.kernel.org" <linux-input@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH (resend)] Input: MT - limit max slots
On Mon, 29 Jul 2024 at 12:12, Dmitry Torokhov <dmitry.torokhov@...il.com> wrote:
>
> OK, if you want to have limits be it. You probably want to lower from
> 1024 to 128 or something, because with 1024 slots the structure will be
> larger than one page and like I said mt->red table will be 4Mb.
So this is why subsystem maintainers should be involved and helpful.
It's hard to know what practical limits are.
That said, a 4MB allocation for some test code is nothing.
And yes, if syzbot hits other cases where the input layer just takes
user input without any limit sanity checking, those should be fixed
*too*.
"The allocation failed" is not some graceful thing. Large pointless
allocations can be very very very expensive *before* they fail,
because the VM layer will spend lots of time trying to clean things
up.
So a sane limit *UP FRONT* instead of "let's see if this random
allocation succeeds" is always the right answer when at all possible.
Linus
Powered by blists - more mailing lists