From: Dan Carpenter <dan.carpenter@oracle.com>
To: walter harms <wharms@bfs.de>
Cc: Jens Axboe <axboe@kernel.dk>,
Paul Gortmaker <paul.gortmaker@windriver.com>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] relay: prevent integer overflow in relay_open()
Date: Thu, 09 Feb 2012 12:36:17 +0000 [thread overview]
Message-ID: <20120209123617.GC4141@mwanda> (raw)
In-Reply-To: <4F33B448.1040207@bfs.de>
[-- Attachment #1: Type: text/plain, Size: 445 bytes --]
On Thu, Feb 09, 2012 at 12:55:52PM +0100, walter harms wrote:
> numerical this is ok, but ...
> maybe it is better to cap the chan->n_subbufs at a useful number ?
We considered this question already earlier in the thread.
> The user can still allocate an insane number of bytes.
> Restricting subbuf_size*n_subbufs seems more logical (otherwise is this a real problem ?)
>
Yes. It is a real problem.
regards,
dan carpenter
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: walter harms <wharms@bfs.de>
Cc: Jens Axboe <axboe@kernel.dk>,
Paul Gortmaker <paul.gortmaker@windriver.com>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] relay: prevent integer overflow in relay_open()
Date: Thu, 9 Feb 2012 15:36:17 +0300 [thread overview]
Message-ID: <20120209123617.GC4141@mwanda> (raw)
In-Reply-To: <4F33B448.1040207@bfs.de>
[-- Attachment #1: Type: text/plain, Size: 445 bytes --]
On Thu, Feb 09, 2012 at 12:55:52PM +0100, walter harms wrote:
> numerical this is ok, but ...
> maybe it is better to cap the chan->n_subbufs at a useful number ?
We considered this question already earlier in the thread.
> The user can still allocate an insane number of bytes.
> Restricting subbuf_size*n_subbufs seems more logical (otherwise is this a real problem ?)
>
Yes. It is a real problem.
regards,
dan carpenter
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2012-02-09 12:36 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-07 14:11 integer overflows in kernel/relay.c Dan Carpenter
2012-02-08 8:34 ` Jens Axboe
2012-02-08 22:25 ` Andrew Morton
2012-02-09 12:41 ` Jens Axboe
2012-02-09 17:39 ` Andrew Morton
2012-02-09 12:41 ` [PATCH RFC] slab: introduce knalloc/kxnalloc Xi Wang
2012-02-09 13:05 ` Pekka Enberg
2012-02-09 13:19 ` Jens Axboe
2012-02-09 13:26 ` Xi Wang
2012-02-09 13:48 ` [PATCH RFC v2] slab: introduce kmalloc_array Xi Wang
2012-02-09 22:42 ` David Rientjes
2012-02-09 23:08 ` Andrew Morton
2012-02-09 22:47 ` Jesper Juhl
2012-02-09 23:06 ` Andrew Morton
2012-02-09 23:43 ` Joe Perches
2012-02-13 15:08 ` Xi Wang
2012-02-13 16:01 ` Christoph Lameter
2012-02-13 19:44 ` Dan Carpenter
2012-02-13 20:27 ` Christoph Lameter
2012-02-14 7:20 ` Dan Carpenter
2012-02-14 7:35 ` Pekka Enberg
2012-02-14 11:12 ` Xi Wang
2012-02-14 15:02 ` Christoph Lameter
2012-02-14 16:30 ` Xi Wang
2012-02-14 16:34 ` Christoph Lameter
2012-02-14 16:43 ` Xi Wang
2012-02-14 19:33 ` Uninline kcalloc Christoph Lameter
2012-02-14 19:37 ` Christoph Lameter
2012-02-14 20:46 ` Andrew Morton
2012-02-14 20:50 ` Nick Bowler
2012-02-14 21:24 ` Christoph Lameter
2012-02-15 20:17 ` Nick Bowler
2012-02-15 20:24 ` Nick Bowler
2012-02-14 20:45 ` Andrew Morton
2012-02-14 20:58 ` Pekka Enberg
2012-02-14 21:09 ` Christoph Lameter
2012-02-14 21:31 ` Pekka Enberg
2012-02-14 21:38 ` Christoph Lameter
2012-02-14 21:46 ` Xi Wang
2012-02-14 22:08 ` Christoph Lameter
2012-02-15 19:14 ` Xi Wang
2012-02-15 19:34 ` Christoph Lameter
2012-02-16 3:10 ` Xi Wang
2012-02-16 14:51 ` Christoph Lameter
2012-02-16 18:32 ` Xi Wang
2012-02-16 20:47 ` Christoph Lameter
2012-02-10 13:09 ` [PATCH RFC v2] slab: introduce kmalloc_array Alexey Dobriyan
2012-02-10 13:11 ` Alexey Dobriyan
2012-02-10 13:55 ` Xi Wang
2012-02-10 13:58 ` Alexey Dobriyan
2012-02-10 14:09 ` Xi Wang
2012-02-11 12:19 ` Alexey Dobriyan
2012-02-12 5:46 ` Xi Wang
2012-02-09 12:56 ` integer overflows in kernel/relay.c Pekka Enberg
2012-02-09 10:44 ` [patch] relay: prevent integer overflow in relay_open() Dan Carpenter
2012-02-09 10:44 ` Dan Carpenter
2012-02-09 11:55 ` walter harms
2012-02-09 11:55 ` walter harms
2012-02-09 12:36 ` Dan Carpenter [this message]
2012-02-09 12:36 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120209123617.GC4141@mwanda \
--to=dan.carpenter@oracle.com \
--cc=axboe@kernel.dk \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul.gortmaker@windriver.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wharms@bfs.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.