* [PATCH] rose: correct integer overflow check
@ 2016-02-17 20:25 Insu Yun
2016-02-18 20:33 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: Insu Yun @ 2016-02-17 20:25 UTC (permalink / raw)
To: ralf, davem, linux-hams, netdev, linux-kernel
Cc: taesoo, yeongjin.jang, insu, changwoo, Insu Yun
Since rose_ndevs is signed integer type,
it can be overflowed when it is negative.
Signed-off-by: Insu Yun <wuninsu@gmail.com>
---
net/rose/af_rose.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 129d357..4f37fae 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1514,7 +1514,8 @@ static int __init rose_proto_init(void)
int i;
int rc;
- if (rose_ndevs > 0x7FFFFFFF/sizeof(struct net_device *)) {
+ if (rose_ndevs < 0 ||
+ rose_ndevs > 0x7FFFFFFF / sizeof(struct net_device *)) {
printk(KERN_ERR "ROSE: rose_proto_init - rose_ndevs parameter to large\n");
rc = -EINVAL;
goto out;
--
1.9.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] rose: correct integer overflow check
2016-02-17 20:25 [PATCH] rose: correct integer overflow check Insu Yun
@ 2016-02-18 20:33 ` David Miller
[not found] ` <CAGoFzNd3egg-36bg3DRU=2b5weyuf-CLTcgfWUQmY7kjdBwuNg@mail.gmail.com>
0 siblings, 1 reply; 3+ messages in thread
From: David Miller @ 2016-02-18 20:33 UTC (permalink / raw)
To: wuninsu
Cc: ralf, linux-hams, netdev, linux-kernel, taesoo, yeongjin.jang,
insu, changwoo
From: Insu Yun <wuninsu@gmail.com>
Date: Wed, 17 Feb 2016 15:25:13 -0500
> Since rose_ndevs is signed integer type,
> it can be overflowed when it is negative.
>
> Signed-off-by: Insu Yun <wuninsu@gmail.com>
That's not how the expression is evaluated.
Because of the types on the right hand side of the comparison
the expressions are all promoted to unsigned.
Did you look at the compiler's assembler output? I did when
reviewing your patch.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] rose: correct integer overflow check
[not found] ` <CAGoFzNd3egg-36bg3DRU=2b5weyuf-CLTcgfWUQmY7kjdBwuNg@mail.gmail.com>
@ 2016-02-18 23:21 ` Ralf Baechle
0 siblings, 0 replies; 3+ messages in thread
From: Ralf Baechle @ 2016-02-18 23:21 UTC (permalink / raw)
To: Insu Yun
Cc: David Miller, linux-hams, Netdev, LKML, Taesoo Kim, Yeongjin Jang,
Yun, Insu, Changwoo Min
On Thu, Feb 18, 2016 at 04:03:16PM -0500, Insu Yun wrote:
>
> Because of the types on the right hand side of the comparison
> the expressions are all promoted to unsigned.
>
> Did you look at the compiler's assembler output? I did when
> reviewing your patch.
>
>
> I checked the assembler output right now.
> You are right.
> I realized that right hand side becomes unsigned due to sizeof.
> I think this patch is wrong.
> Thanks.
On a different level, the current whole approach of ROSE to just generate
a fixed number of devices at initialization time of ROSE is if not wrong
then at least very archaic. The default number is 10 devices and probably
of those 9 are unused on a typical setup - that is, if the module has
been loaded intentionally at all.
As a solution I've implemented a patch to support creating of ROSE
devices through netlink plus the necessary changes to iproute2 to go
along with that.
Ralf
--
To unsubscribe from this list: send the line "unsubscribe linux-hams" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-02-18 23:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-17 20:25 [PATCH] rose: correct integer overflow check Insu Yun
2016-02-18 20:33 ` David Miller
[not found] ` <CAGoFzNd3egg-36bg3DRU=2b5weyuf-CLTcgfWUQmY7kjdBwuNg@mail.gmail.com>
2016-02-18 23:21 ` Ralf Baechle
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).