lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 05 Nov 2007 18:59:26 -0500
From:	Chuck Lever <chuck.lever@...cle.com>
To:	David Miller <davem@...emloft.net>
CC:	netdev@...r.kernel.org
Subject: Re: [PATCH] NET: Remove unneeded type cast in skb_truesize_check()

David Miller wrote:
> From: Chuck Lever <chuck.lever@...cle.com>
> Date: Fri, 02 Nov 2007 15:14:26 -0400
> 
>> The (int) type cast in skb_truesize_check() is unneeded: without it, all
>> the variable types in the conditional expression are unsigned integers.  As
>> it stands, the type cast causes a comparison between a signed and an
>> unsigned integer, which can produce unexpected results.
>>
>> Signed-off-by: Chuck Lever <chuck.lever@...cle.com>
> 
> This is checking for skb->truesize being decremented too much by other
> code, which could cause a wraparound below zero, so we do want
> negaitve checks here.

If that's truly the case, document the requirement (perhaps using
something the compiler itself can verify) instead of using a clever
type cast trick.

Here's the problem with leaving these little surprises in commonly used 
kernel headers.  Suppose the developer of a network driver or network 
file system that uses one of these headers wants to employ static code 
analysis to identify issues introduced by new patches to their 
subsystem.  The tool warnings generated in kernel headers are just 
noise, and make using such code analysis difficult.

View attachment "chuck.lever.vcf" of type "text/x-vcard" (260 bytes)

Powered by blists - more mailing lists