From: Jason Gunthorpe <jgg@ziepe.ca>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Parav Pandit <parav@mellanox.com>,
netdev@vger.kernel.org, Leon Romanovsky <leon@kernel.org>,
Eli Cohen <eli@mellanox.com>, Doug Ledford <dledford@redhat.com>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
"kernel-janitors@vger.kernel.org"
<kernel-janitors@vger.kernel.org>
Subject: Re: [PATCH] IB/mlx5: add checking for "vf" from do_setvfinfo()
Date: Wed, 24 Apr 2019 14:24:26 +0000 [thread overview]
Message-ID: <20190424142426.GH16061@ziepe.ca> (raw)
In-Reply-To: <20190424140820.GB14798@kadam>
On Wed, Apr 24, 2019 at 05:08:20PM +0300, Dan Carpenter wrote:
> I think I'm just going to ask netdev for an opinion on this. It could
> be that we're just reading the code wrong...
I don't think you are reading it wrong.
Allowing the compiler to implicitly cast a user controlled u32 to an
int is simply wrong in all cases, IMHO.
If the value was intended to be signed from the user it should have
been a s32. Allowing an unsigned value to become interpreted as
negative so often leads to security bugs.
IMHO it would be a good thing for smatch to warn on the general case
of implicit casting of user controlled data to a smaller range
type. Particularly it can do a bounds analysis to show the control
flow hasn't somehow restricted the bounds to be compatible.
I've seen more that a few real world security bugs that are caused by
wrong use of 'int' like this :(
Jason
next prev parent reply other threads:[~2019-04-24 14:24 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-12 17:55 [PATCH] IB/mlx5: add checking for "vf" from do_setvfinfo() Dan Carpenter
2019-04-12 20:25 ` Parav Pandit
2019-04-15 9:32 ` Dan Carpenter
2019-04-15 9:46 ` Dan Carpenter
2019-04-15 20:04 ` Parav Pandit
2019-04-16 8:21 ` Dan Carpenter
2019-04-16 22:54 ` Parav Pandit
2019-04-22 8:08 ` Dan Carpenter
2019-04-22 15:09 ` Parav Pandit
2019-04-23 15:49 ` Dan Carpenter
2019-04-23 22:32 ` Parav Pandit
2019-04-24 14:08 ` Dan Carpenter
2019-04-24 14:24 ` Jason Gunthorpe [this message]
2019-04-24 22:12 ` Parav Pandit
2019-04-25 0:36 ` Jakub Kicinski
2019-04-25 6:15 ` Parav Pandit
2019-09-24 9:21 ` Dan Carpenter
2019-09-25 17:14 ` Parav Pandit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190424142426.GH16061@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=dan.carpenter@oracle.com \
--cc=dledford@redhat.com \
--cc=eli@mellanox.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=leon@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=parav@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox