lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 07 Nov 2007 10:11:28 -0500
From:	Chuck Lever <chuck.lever@...cle.com>
To:	David Miller <davem@...emloft.net>
CC:	netdev@...r.kernel.org
Subject: Re: [PATCH] NET: Remove unneeded type cast in skb_truesize_check()

David Miller wrote:
> From: Chuck Lever <chuck.lever@...cle.com>
> Date: Mon, 05 Nov 2007 18:59:26 -0500
> 
>> If that's truly the case, document the requirement (perhaps using
>> something the compiler itself can verify) instead of using a clever
>> type cast trick.
> 
> Feel free to submit such a change.

Here's what I propose.

skb->truesize should be an int, not an unsigned int, since you expect 
that it may go below zero.

Explicitly assert that skb->truesize is greater than zero in 
skb_truesize_check().

Explicitly assert that skb->len + sizeof(sk_buff) is less than INT_MAX.

Leave the assertion that's already there, but ensure that the types on 
both side of the comparison are as we expect.

Thoughts?

>> Here's the problem with leaving these little surprises in commonly used 
>> kernel headers.  Suppose the developer of a network driver or network 
>> file system that uses one of these headers wants to employ static code 
>> analysis to identify issues introduced by new patches to their 
>> subsystem.  The tool warnings generated in kernel headers are just 
>> noise, and make using such code analysis difficult.
> 
> Here's the problem with submitting patches fixing non-bugs and
> removing useful assertions from kernel.  I won't apply them.

"removing useful assertions"

The (int) type cast in that assertion is nothing more than a comment. 
The compiler promotes that side of the comparison to match the type on 
the right side, and the explicit type cast is entirely ignored.  So in 
fact, my patch removed nothing but a mistaken assumption.  The assertion 
behaves the same after my patch as it did before.

Thus anyone might be confused at what exactly was being asserted in 
skb_truesize_check().  It's not a question of whether or not I reviewed 
the logic that uses skb->truesize before crafting my patch; I did review 
it.  The fact that skb_truesize_check() never before asserted that 
skb->truesize is greater than zero is not my fault.

View attachment "chuck.lever.vcf" of type "text/x-vcard" (316 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ