From: Al Viro <viro-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
To: Davidlohr Bueso <dave-h16yJtLeMjHk1uMJSBkQmQ@public.gmane.org>
Cc: Marcus Gelderie <redmnic-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
lkml <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
John Duffy <jb_duffy-FhtRXb7CoQBt1OO0OYaSVA@public.gmane.org>,
Arto Bendiken <arto-TQ6thHYR8Svk1uMJSBkQmQ@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org
Subject: Re: [PATCH 2/1] ipc,mqueue: Delete bogus overflow check
Date: Sat, 11 Jul 2015 03:03:00 +0100 [thread overview]
Message-ID: <20150711020300.GH17109@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1436575691.27924.53.camel-h16yJtLeMjHk1uMJSBkQmQ@public.gmane.org>
On Fri, Jul 10, 2015 at 05:48:11PM -0700, Davidlohr Bueso wrote:
> Mathematically, returning -EOVERFLOW in mq_attr_ok()
> cannot occur under this condition:
>
> mq_treesize = attr->mq_maxmsg * sizeof(struct msg_msg) +
> min_t(unsigned int, attr->mq_maxmsg, MQ_PRIO_MAX) *
> sizeof(struct posix_msg_tree_node);
> total_size = attr->mq_maxmsg * attr->mq_msgsize;
> if (total_size + mq_treesize < total_size)
> return -EOVERFLOW;
A proof would be nice. More detailed one than "cannot occur", that is.
Condition in question is basically mq_treesize < 0 or
total_size + mq_treesize (in natural numbers) > 2^BITS_PER_LONG.
Now, the maximal values of ->mq_maxmsg and ->mq_msgsize are 2^16 and
2^24 resp. and we are guaranteed that their product is below 2^BITS_PER_LONG.
For mq_treesize we are guaranteed that it's below 2^31. Now, on a 64bit
box that would suffice to avoid overflow - the product is at most 2^40 and
its sum with mq_treesize can't wrap around.
For 32bit system, though... Suppose attr->mq_maxmsg == 65535 and
attr->mq_msgsize == 65537. Their product *is* below 2^BITS_PER_LONG - it's
exactly 1 less than that. _Any_ non-zero value for mq_tresize (and it
will be non-zero in the above) will lead to wraparound.
Looks like a counterexample to your assertion above...
next prev parent reply other threads:[~2015-07-11 2:03 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-22 22:25 [PATCH v2] ipc: Modify message queue accounting to reflect both total user data and auxiliary kernel data Marcus Gelderie
[not found] ` <20150622222546.GA32432-W7fNxlbxG8VSq9BJjBFyUp/QNRX+jHPU@public.gmane.org>
2015-06-25 5:47 ` Davidlohr Bueso
[not found] ` <1435211229.11852.23.camel-h16yJtLeMjHk1uMJSBkQmQ@public.gmane.org>
2015-06-25 7:23 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkieR5zdpKm=P2dcTDJ_3X4HMRoeOQ2D8yghYVKOjDsYAg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-06-25 18:21 ` Davidlohr Bueso
2015-07-06 15:49 ` [PATCH v3] ipc: Modify message queue accounting to not take kernel data structures into account Marcus Gelderie
[not found] ` <20150706154928.GA19828-W7fNxlbxG8VSq9BJjBFyUp/QNRX+jHPU@public.gmane.org>
2015-07-07 5:16 ` Davidlohr Bueso
[not found] ` <1436246210.12255.71.camel-h16yJtLeMjHk1uMJSBkQmQ@public.gmane.org>
2015-07-07 13:01 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkjy-+2TkN=0Fe11bVea4q6uLcUx=++Mf1eFxhmPmZoc9w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-07-08 19:17 ` Doug Ledford
[not found] ` <559D7760.1020909-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-07-08 19:53 ` Michael Kerrisk (man-pages)
2015-07-08 21:49 ` Davidlohr Bueso
2015-07-10 0:00 ` Davidlohr Bueso
2015-07-11 0:48 ` [PATCH 2/1] ipc,mqueue: Delete bogus overflow check Davidlohr Bueso
[not found] ` <1436575691.27924.53.camel-h16yJtLeMjHk1uMJSBkQmQ@public.gmane.org>
2015-07-11 2:03 ` Al Viro [this message]
[not found] ` <20150711020300.GH17109-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2015-07-11 2:59 ` Doug Ledford
[not found] ` <55A0867A.1060202-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-07-14 16:11 ` Marcus Gelderie
2015-06-25 18:50 ` [PATCH v2] ipc: Modify message queue accounting to reflect both total user data and auxiliary kernel data Marcus Gelderie
[not found] ` <20150625185019.GA17933-dYYy/5+rgCadFe0WYshgmA@public.gmane.org_W_724V_09011603_00_009>
2015-07-07 18:49 ` Doug Ledford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150711020300.GH17109@ZenIV.linux.org.uk \
--to=viro-3bdd1+5odreifsdqtta3olvcufugdwfn@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=arto-TQ6thHYR8Svk1uMJSBkQmQ@public.gmane.org \
--cc=dave-h16yJtLeMjHk1uMJSBkQmQ@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=jb_duffy-FhtRXb7CoQBt1OO0OYaSVA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=redmnic-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).