| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zqf00C_eOBwcEiWG@google.com> Date: Mon, 29 Jul 2024 13:00:16 -0700 From: Dmitry Torokhov <dmitry.torokhov@...il.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, Henrik Rydberg <rydberg@...math.org>, "linux-input@...r.kernel.org" <linux-input@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH (resend)] Input: MT - limit max slots On Mon, Jul 29, 2024 at 12:27:05PM -0700, Linus Torvalds wrote: > On Mon, 29 Jul 2024 at 12:12, Dmitry Torokhov <dmitry.torokhov@...il.com> wrote: > > > > OK, if you want to have limits be it. You probably want to lower from > > 1024 to 128 or something, because with 1024 slots the structure will be > > larger than one page and like I said mt->red table will be 4Mb. > > So this is why subsystem maintainers should be involved and helpful. > It's hard to know what practical limits are. > > That said, a 4MB allocation for some test code is nothing. > > And yes, if syzbot hits other cases where the input layer just takes > user input without any limit sanity checking, those should be fixed > *too*. Hmm, maybe the checks should go into drivers/input/misc/uinput.c which is the only place that allows userspace to create input device instances and drive them rather than into input core logic because all other devices are backed by real hardware. Thanks. -- Dmitry
Powered by blists - more mailing lists