| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3ace9a7f-159f-4c61-807a-c0d9be996986@I-love.SAKURA.ne.jp>
Date: Tue, 30 Jul 2024 14:38:19 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: Dmitry Torokhov <dmitry.torokhov@...il.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Henrik Rydberg <rydberg@...math.org>,
"linux-input@...r.kernel.org" <linux-input@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH (resend)] Input: MT - limit max slots
On 2024/07/30 2:59, Dmitry Torokhov wrote:
> Please do not. Or you will have to patch it again when we will still see
> the same allocation failures because someone requested an input device
> with "too many" slots (1024 results in 4Mb mt->red table for example).
>
> Just fix malloc/syzkaller not to trigger on benign memory allocation
> hickups. They are normal.
I chose 1024 because as far as I know 4MB is max acceptable size for
all environments without triggering too large allocation warning.
You worry about mt->red, but did you notice that syzbot was reporting that
memory allocation for mt->red has an integer overflow bug, which can cause
out of bounds write or ZERO_SIZE_PTR pointer dereference bug at input_mt_set_matrix() ?
https://lkml.kernel.org/r/6d878e01-6c2f-8766-2578-c95030442369@I-love.SAKURA.ne.jp
Lucky thing is that the uinput interface is for only the "root" user...
Powered by blists - more mailing lists