* [patch] module: static checker complains about negative values
@ 2014-05-19 20:36 Dan Carpenter
2014-05-20 1:46 ` Rusty Russell
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2014-05-19 20:36 UTC (permalink / raw)
To: Rusty Russell; +Cc: linux-kernel, kernel-janitors
We cap "stat.size" at INT_MAX but we don't check for negative values so
my static checker complains. At this point, you already have control of
the kernel and if you start passing negative values here then you
deserve what happens next.
On 64 bit systems the vmalloc() will definitely fail. On 32 bit systems
we truncate the upper 32 bits away so that could succeed. I haven't
followed it further than that.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/kernel/module.c b/kernel/module.c
index 626d164..26e0d15 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2536,7 +2536,7 @@ static int copy_module_from_fd(int fd, struct load_info *info)
}
/* Don't hand 0 to vmalloc, it whines. */
- if (stat.size == 0) {
+ if (stat.size <= 0) {
err = -EINVAL;
goto out;
}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [patch] module: static checker complains about negative values
2014-05-19 20:36 [patch] module: static checker complains about negative values Dan Carpenter
@ 2014-05-20 1:46 ` Rusty Russell
2014-05-20 8:19 ` Dan Carpenter
0 siblings, 1 reply; 3+ messages in thread
From: Rusty Russell @ 2014-05-20 1:46 UTC (permalink / raw)
To: Dan Carpenter; +Cc: linux-kernel, kernel-janitors
Dan Carpenter <dan.carpenter@oracle.com> writes:
> We cap "stat.size" at INT_MAX but we don't check for negative values so
> my static checker complains. At this point, you already have control of
> the kernel and if you start passing negative values here then you
> deserve what happens next.
>
> On 64 bit systems the vmalloc() will definitely fail. On 32 bit systems
> we truncate the upper 32 bits away so that could succeed. I haven't
> followed it further than that.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
If vfs_getattr() returns a negative stat.size, we have worse problems.
I'd rather see you sprinkle assertions like that into the code, so we
can make sure that can't happen for any fs's getattr().
Cheers,
Rusty.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch] module: static checker complains about negative values
2014-05-20 1:46 ` Rusty Russell
@ 2014-05-20 8:19 ` Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2014-05-20 8:19 UTC (permalink / raw)
To: Rusty Russell; +Cc: linux-kernel, kernel-janitors
On Tue, May 20, 2014 at 11:16:04AM +0930, Rusty Russell wrote:
> Dan Carpenter <dan.carpenter@oracle.com> writes:
>
> > We cap "stat.size" at INT_MAX but we don't check for negative values so
> > my static checker complains. At this point, you already have control of
> > the kernel and if you start passing negative values here then you
> > deserve what happens next.
> >
> > On 64 bit systems the vmalloc() will definitely fail. On 32 bit systems
> > we truncate the upper 32 bits away so that could succeed. I haven't
> > followed it further than that.
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> If vfs_getattr() returns a negative stat.size, we have worse problems.
>
> I'd rather see you sprinkle assertions like that into the code, so we
> can make sure that can't happen for any fs's getattr().
Yeah. I was lazy. Sorry. I can just hand edit my database to say that
i_size_read() returns a reasonable number...
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-05-20 8:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-19 20:36 [patch] module: static checker complains about negative values Dan Carpenter
2014-05-20 1:46 ` Rusty Russell
2014-05-20 8:19 ` Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox