Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp1033970ima;
        Wed, 24 Oct 2018 13:12:21 -0700 (PDT)
X-Google-Smtp-Source: AJdET5c0Xus5d1vG5kh56JFsPsqe0D9tG7KWs41OCLZEjhlAtNJTwiEmp1uPuSr90I16eletVn4a
X-Received: by 2002:a17:902:b706:: with SMTP id d6-v6mr3822304pls.53.1540411941388;
        Wed, 24 Oct 2018 13:12:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540411941; cv=none;
        d=google.com; s=arc-20160816;
        b=TVJHgZrC8fw42+RmxijB8Oysyrrv7q1fOrqcfUoR2Gn8VHaJN2NoaoIEyAtjfPBgSA
         YC8g7Pd7Afly6qEVzzDoatoUTGwVI0hqnpyDiwuKgebYrU3du52A9NAUkJr5X79Q1YvN
         xPIHtQmHC2vbcMRmwny9gNiwnQnaw9o/cNXDDWEgfcShsGkv5TjJ7N6cXMzCSXYVZx8Z
         3bM6qhke7kzVxFTnOrGZUqLZpofjXDEuugKGOBRjRYB7noOWigUvjHSzmMCZLdy7nZuF
         fUC27dz4xty43Ap+YjRTM0+NBPoZSRZ6Tzppp21rDunSwsIkQUw3OQo4ryS18qmOfig1
         jw5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=R+IQ/AJ8wNOsOpbcmRacUBxXkQjv2aVdSBfEouVmg5s=;
        b=sNDhUlkEd93LSylmbVCrDdYSsEAwFzBQ4b10LUBSsA6djmhUyTtlrdEeP4D13PiAAi
         Gc0gYlmpzrkxSf+V77nDx+HyN6I7AM7H9mkoYNca9IJu1EKDNurZu1Q2BOwlUDD2QBGL
         CAWyAaIhPfZ7t0a/DkvVjQZx9NndMvnBWEyZ3C9Z3N+43duxyDPMWtjuwEPdYDIwv63F
         pe7ie+bzdZxCN7OTWbOrk+grsxu2UXf7sB8n0kF4Lhu9hYYdqR8ITyRfzjC38ZJTUtnG
         ueEqz5MNEeRBPxuUcx441YCpDv18fI5V++gNRIep3wqv9r9jwmdg9p4YWKtM3PZPjT8w
         pgEQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h1-v6si5295785pgc.459.2018.10.24.13.12.05;
        Wed, 24 Oct 2018 13:12:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726804AbeJYEjx (ORCPT <rfc822;chenhe.dev@gmail.com>
        + 99 others); Thu, 25 Oct 2018 00:39:53 -0400
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:35499 "EHLO 1wt.eu"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725829AbeJYEjx (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 25 Oct 2018 00:39:53 -0400
Received: (from willy@localhost)
        by pcw.home.local (8.15.2/8.15.2/Submit) id w9OK9kEP025492;
        Wed, 24 Oct 2018 22:09:46 +0200
Date:   Wed, 24 Oct 2018 22:09:46 +0200
From:   Willy Tarreau <w@1wt.eu>
To:     Eric Dumazet <edumazet@google.com>
Cc:     joe@perches.com, wanghaifine@gmail.com,
        David Miller <davem@davemloft.net>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        netdev <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Change judgment len position
Message-ID: <20181024200946.GB25475@1wt.eu>
References: <20181024154729.5312-1-wanghaifine@gmail.com>
 <20181024155739.GA25314@1wt.eu>
 <60f08664db5751949ddfb34666bfda77f99682f1.camel@perches.com>
 <20181024163230.GA25382@1wt.eu>
 <bbc4eba31b89cb487962c0a5980a12c53b1aa58b.camel@perches.com>
 <CANn89iLH=VP1i=KS5QV1x41EpQM5-o1TJfDh01Y++bMpFpfBRg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CANn89iLH=VP1i=KS5QV1x41EpQM5-o1TJfDh01Y++bMpFpfBRg@mail.gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Oct 24, 2018 at 10:03:08AM -0700, Eric Dumazet wrote:
> On Wed, Oct 24, 2018 at 9:54 AM Joe Perches <joe@perches.com> wrote:
> 
> > I think if the point is to test for negative numbers,
> > it's clearer to do that before using min_t.and it's
> > probably clearer not to use min_t at all.
> >
> 
> ...
> 
> >
> >         if (len > sizeof(int))
> >                 len = sizeof(int);
> 
> It is a matter of taste really, I know some people (like me) sometimes
> mixes min() and max()

I do mix them up a lot as well because I tend to read "x=min(y,4)" as
"take y with a minimum value of 4" which in fact would be "max(y,4)".

> I would  suggest that if someones wants to change the current code, a
> corresponding test
> would be added in tools/testing/selftests/net

In any case, what matters to me is that for now the only risk the existing
code represents is to overwrite up to one int of some userspace if the size
is negative, and we don't want that a wrong fix results in doing something
worse by accident like reading 2GB of kernel memory. I agree that Joe's
test with len<0 then len>sizeof(int) seems to work, but a test is probably
useful at least to ensure that the next person who passes there and wants
to turn this into min_t() again clearly catches all bad cases.

Regards,
Willy