| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHk-=wgfeAjTNomdTU3gx308O+k5+3STqwBMSqrM7=D8CyEydQ@mail.gmail.com>
Date: Tue, 30 Sep 2025 08:48:07 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Paul Moore <paul@...l-moore.com>
Cc: selinux@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] selinux/selinux-pr-20250926
On Fri, 26 Sept 2025 at 20:07, Paul Moore <paul@...l-moore.com> wrote:
>
> - Remove our use of get_zeroed_page() in sel_read_bool()
>
> Update sel_read_bool() to use a four byte stack buffer instead of a
> memory page fetched via get_zeroed_page(), and fix a memory in the
> process.
>
> Needless to say we should have done this a long time ago, but it was
> in a very old chunk of code that "just worked" and I don't think
> anyone had taken a real look at it in many years.
Lol.
... and when I looked at this, I went "scnprintf for a 4-byte buffer?"
It uses
len = scnprintf(buffer, sizeof(buffer), "%d %d", ..
and I went "printing two numbers and just four bytes" before I noticed
that they are just booleans and so 'len' always is just 3.
It literally could have done
char buffer[] = { '0' + !a, ' ', '0' + !!b, 0 };
instead, and I guess a compiler could do that transformation in a perfect world.
But this isn't exactly performance-crticial, so nobody cares.
Linus
Powered by blists - more mailing lists