From: Al Viro <viro@ZenIV.linux.org.uk>
To: Davidlohr Bueso <dave@stgolabs.net>
Cc: Marcus Gelderie <redmnic@gmail.com>,
mtk.manpages@gmail.com, Doug Ledford <dledford@redhat.com>,
lkml <linux-kernel@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
John Duffy <jb_duffy@btinternet.com>,
Arto Bendiken <arto@bendiken.net>,
Linux API <linux-api@vger.kernel.org>,
akpm@linux-foundation.org
Subject: Re: [PATCH 2/1] ipc,mqueue: Delete bogus overflow check
Date: Sat, 11 Jul 2015 03:03:00 +0100 [thread overview]
Message-ID: <20150711020300.GH17109@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1436575691.27924.53.camel@stgolabs.net>
On Fri, Jul 10, 2015 at 05:48:11PM -0700, Davidlohr Bueso wrote:
> Mathematically, returning -EOVERFLOW in mq_attr_ok()
> cannot occur under this condition:
>
> mq_treesize = attr->mq_maxmsg * sizeof(struct msg_msg) +
> min_t(unsigned int, attr->mq_maxmsg, MQ_PRIO_MAX) *
> sizeof(struct posix_msg_tree_node);
> total_size = attr->mq_maxmsg * attr->mq_msgsize;
> if (total_size + mq_treesize < total_size)
> return -EOVERFLOW;
A proof would be nice. More detailed one than "cannot occur", that is.
Condition in question is basically mq_treesize < 0 or
total_size + mq_treesize (in natural numbers) > 2^BITS_PER_LONG.
Now, the maximal values of ->mq_maxmsg and ->mq_msgsize are 2^16 and
2^24 resp. and we are guaranteed that their product is below 2^BITS_PER_LONG.
For mq_treesize we are guaranteed that it's below 2^31. Now, on a 64bit
box that would suffice to avoid overflow - the product is at most 2^40 and
its sum with mq_treesize can't wrap around.
For 32bit system, though... Suppose attr->mq_maxmsg == 65535 and
attr->mq_msgsize == 65537. Their product *is* below 2^BITS_PER_LONG - it's
exactly 1 less than that. _Any_ non-zero value for mq_tresize (and it
will be non-zero in the above) will lead to wraparound.
Looks like a counterexample to your assertion above...
next prev parent reply other threads:[~2015-07-11 6:52 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-22 22:25 [PATCH v2] ipc: Modify message queue accounting to reflect both total user data and auxiliary kernel data Marcus Gelderie
2015-06-25 5:47 ` Davidlohr Bueso
2015-06-25 7:23 ` Michael Kerrisk (man-pages)
2015-06-25 18:21 ` Davidlohr Bueso
2015-07-06 15:49 ` [PATCH v3] ipc: Modify message queue accounting to not take kernel data structures into account Marcus Gelderie
2015-07-07 5:16 ` Davidlohr Bueso
2015-07-07 13:01 ` Michael Kerrisk (man-pages)
2015-07-08 19:17 ` Doug Ledford
2015-07-08 19:53 ` Michael Kerrisk (man-pages)
2015-07-08 21:49 ` Davidlohr Bueso
2015-07-10 0:00 ` Davidlohr Bueso
2015-07-11 0:48 ` [PATCH 2/1] ipc,mqueue: Delete bogus overflow check Davidlohr Bueso
2015-07-11 2:03 ` Al Viro [this message]
2015-07-11 2:59 ` Doug Ledford
2015-07-14 16:11 ` Marcus Gelderie
2015-06-25 18:50 ` [PATCH v2] ipc: Modify message queue accounting to reflect both total user data and auxiliary kernel data Marcus Gelderie
2015-07-07 18:49 ` Doug Ledford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150711020300.GH17109@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=arto@bendiken.net \
--cc=dave@stgolabs.net \
--cc=dhowells@redhat.com \
--cc=dledford@redhat.com \
--cc=jb_duffy@btinternet.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=redmnic@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox