[PATCH] rose: correct integer overflow check

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] rose: correct integer overflow check
@ 2016-02-17 20:25 Insu Yun
  2016-02-18 20:33 ` David Miller
  0 siblings, 1 reply; 4+ messages in thread
From: Insu Yun @ 2016-02-17 20:25 UTC (permalink / raw)
  To: ralf, davem, linux-hams, netdev, linux-kernel
  Cc: taesoo, yeongjin.jang, insu, changwoo, Insu Yun

Since rose_ndevs is signed integer type,
it can be overflowed when it is negative.

Signed-off-by: Insu Yun <wuninsu@gmail.com>
---
 net/rose/af_rose.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 129d357..4f37fae 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1514,7 +1514,8 @@ static int __init rose_proto_init(void)
 	int i;
 	int rc;
 
-	if (rose_ndevs > 0x7FFFFFFF/sizeof(struct net_device *)) {
+	if (rose_ndevs < 0 ||
+	    rose_ndevs > 0x7FFFFFFF / sizeof(struct net_device *)) {
 		printk(KERN_ERR "ROSE: rose_proto_init - rose_ndevs parameter to large\n");
 		rc = -EINVAL;
 		goto out;
-- 
1.9.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] rose: correct integer overflow check
  2016-02-17 20:25 [PATCH] rose: correct integer overflow check Insu Yun
@ 2016-02-18 20:33 ` David Miller
       [not found]   ` <CAGoFzNd3egg-36bg3DRU=2b5weyuf-CLTcgfWUQmY7kjdBwuNg@mail.gmail.com>
  0 siblings, 1 reply; 4+ messages in thread
From: David Miller @ 2016-02-18 20:33 UTC (permalink / raw)
  To: wuninsu
  Cc: ralf, linux-hams, netdev, linux-kernel, taesoo, yeongjin.jang,
	insu, changwoo

From: Insu Yun <wuninsu@gmail.com>
Date: Wed, 17 Feb 2016 15:25:13 -0500

> Since rose_ndevs is signed integer type,
> it can be overflowed when it is negative.
> 
> Signed-off-by: Insu Yun <wuninsu@gmail.com>

That's not how the expression is evaluated.

Because of the types on the right hand side of the comparison
the expressions are all promoted to unsigned.

Did you look at the compiler's assembler output?  I did when
reviewing your patch.

^ permalink raw reply	[flat|nested] 4+ messages in thread

[parent not found: <CAGoFzNd3egg-36bg3DRU=2b5weyuf-CLTcgfWUQmY7kjdBwuNg@mail.gmail.com>]

* Re: [PATCH] rose: correct integer overflow check
       [not found]   ` <CAGoFzNd3egg-36bg3DRU=2b5weyuf-CLTcgfWUQmY7kjdBwuNg@mail.gmail.com>
@ 2016-02-18 23:21       ` Ralf Baechle
  0 siblings, 0 replies; 4+ messages in thread
From: Ralf Baechle @ 2016-02-18 23:21 UTC (permalink / raw)
  To: Insu Yun
  Cc: David Miller, linux-hams, Netdev, LKML, Taesoo Kim, Yeongjin Jang,
	Yun, Insu, Changwoo Min

On Thu, Feb 18, 2016 at 04:03:16PM -0500, Insu Yun wrote:

> 
>     Because of the types on the right hand side of the comparison
>     the expressions are all promoted to unsigned.
> 
>     Did you look at the compiler's assembler output?  I did when
>     reviewing your patch.
> 
> 
> I checked the assembler output right now.
> You are right.
> I realized that right hand side becomes unsigned due to sizeof.
> I think this patch is wrong. 
> Thanks. 

On a different level, the current whole approach of ROSE to just generate
a fixed number of devices at initialization time of ROSE is if not wrong
then at least very archaic.  The default number is 10 devices and probably
of those 9 are unused on a typical setup - that is, if the module has
been loaded intentionally at all.

As a solution I've implemented a patch to support creating of ROSE
devices through netlink plus the necessary changes to iproute2 to go
along with that.

  Ralf
--
To unsubscribe from this list: send the line "unsubscribe linux-hams" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] rose: correct integer overflow check
@ 2016-02-18 23:21       ` Ralf Baechle
  0 siblings, 0 replies; 4+ messages in thread
From: Ralf Baechle @ 2016-02-18 23:21 UTC (permalink / raw)
  To: Insu Yun
  Cc: David Miller, linux-hams, Netdev, LKML, Taesoo Kim, Yeongjin Jang,
	Yun, Insu, Changwoo Min

On Thu, Feb 18, 2016 at 04:03:16PM -0500, Insu Yun wrote:

> 
>     Because of the types on the right hand side of the comparison
>     the expressions are all promoted to unsigned.
> 
>     Did you look at the compiler's assembler output?  I did when
>     reviewing your patch.
> 
> 
> I checked the assembler output right now.
> You are right.
> I realized that right hand side becomes unsigned due to sizeof.
> I think this patch is wrong. 
> Thanks. 

On a different level, the current whole approach of ROSE to just generate
a fixed number of devices at initialization time of ROSE is if not wrong
then at least very archaic.  The default number is 10 devices and probably
of those 9 are unused on a typical setup - that is, if the module has
been loaded intentionally at all.

As a solution I've implemented a patch to support creating of ROSE
devices through netlink plus the necessary changes to iproute2 to go
along with that.

  Ralf

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-02-18 23:53 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-17 20:25 [PATCH] rose: correct integer overflow check Insu Yun
2016-02-18 20:33 ` David Miller
     [not found]   ` <CAGoFzNd3egg-36bg3DRU=2b5weyuf-CLTcgfWUQmY7kjdBwuNg@mail.gmail.com>
2016-02-18 23:21     ` Ralf Baechle
2016-02-18 23:21       ` Ralf Baechle

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.