lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 24 Apr 2019 17:36:16 -0700
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     Dan Carpenter <dan.carpenter@...cle.com>
Cc:     Parav Pandit <parav@...lanox.com>, netdev@...r.kernel.org,
        Leon Romanovsky <leon@...nel.org>,
        Eli Cohen <eli@...lanox.com>,
        Doug Ledford <dledford@...hat.com>,
        Jason Gunthorpe <jgg@...pe.ca>,
        "linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
        "kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>
Subject: Re: [PATCH] IB/mlx5: add checking for "vf" from do_setvfinfo()

On Wed, 24 Apr 2019 17:08:20 +0300, Dan Carpenter wrote:
> To me making "vf" a u32 throughout seems like a good idea but it's an
> extensive patch and I'm not really able to test it at all.  But maybe
> there is a better place to check for negatives.  Or maybe we are already
> checking for negatives and I haven't seen it.  (I don't know this code
> very well at all).

Could we please add the checks in the core?

We already have the infra in place for calculating dump sizes - i.e.

int num_vfs = dev_num_vf(dev->dev.parent);

We just need to validate the set params.


Callback parameters should really be validated by the core to the extent
possible, unfortunately driver authors have little incentive to improve
that once an API is implemented, realistically we all need to support
old kernels wouldn't do the checking..

Powered by blists - more mailing lists