Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp1529738rdb; Mon, 19 Feb 2024 21:12:13 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCX3pttIQoIv1BeN2f3JIMCAEFi8C1MWNZYFMyYNoiqdMTW0+m/Cfx9d1+jh5moMDkUc9UMynJVLqutR1e4mTbBk4Shv1WLU94BaFx2dKw== X-Google-Smtp-Source: AGHT+IEEXYz+9sCUvftMtzCd7oMLgBaJ8nUFSPiX+ItShGQGehQlMUG6acRNVifAkrT0w3IvumbD X-Received: by 2002:a50:874f:0:b0:563:e5c0:af96 with SMTP id 15-20020a50874f000000b00563e5c0af96mr7708699edv.4.1708405933718; Mon, 19 Feb 2024 21:12:13 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708405933; cv=pass; d=google.com; s=arc-20160816; b=jWUxon3I/nULaJQLd5Q9QAsQ5B1ql6TU0JrgQaYIQ5WgcusR1zlYjOCsRobIQ2L3Dh 0pt2R0Bs6tMNIZk8BRwOw/j58kaN84y+CeC+AWZ4D2JQeUqecAb1U6dcp81NZQqD0nTJ /NxYpjEymU8maXPNZFlb9fNbi6CR36bTSFmXbwsgYknEw4FRyteUZBus081l8BedKTsX FIpqyPaYshM7l+iMgI+y+15ByIoy+gdkOztj/khGy6NOvvc4lGUORnSPFkbxozBJz4t8 I9gk5f77sbTtTlhY0JBY0+Nc1WY7jxeisbNgzYGEmOpcQ80MB7iq0UP3l9fNWLBO9c1E xfbw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=ho97+Z9XyV0V3EKFp1nj4w01pW7dIUQTWF51opt+P0k=; fh=9DjUmnkieI1bDvjlYLvOvA8w3NZZ3qePbaQHpuEiEnQ=; b=LaSVkkdplC5k2lLJ/HImh6hccFN++Di9ioqdm/hGEqKPu3F6eME/2y8vLFpNAJpD6I dP8FO3kYXCfndkl9gdjzqkxagy3J5niP94NLkySf34riFuRkEc0NiiTNsiRx1x0KYMxe 7JSZeu5hATRLPhxb3kpI7YzS80ky7SwFUhFMZOQwnkNon3FosBVrN7QBnyMrSw256zkk 5ufH/RvF8vT5A89cs205nPMijXI+Bl8PzskEcZB2D/6dJ5uj8rR03HXSF1lKu6oU1Bst hquTmvJtD77rnMP5ZEFEdfGnfAqJwTUgvTNBGdCxdKXhKsu7370OJfVEVEhTp8j5g4Yl 7DYQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=z0nkvVgq; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-72337-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-72337-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id dh18-20020a0564021d3200b00563ce99a187si3114486edb.539.2024.02.19.21.12.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Feb 2024 21:12:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-72337-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=z0nkvVgq; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-72337-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-72337-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 796441F242E8 for ; Tue, 20 Feb 2024 05:12:13 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0B71555E56; Tue, 20 Feb 2024 05:12:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="z0nkvVgq" Received: from mail-lf1-f47.google.com (mail-lf1-f47.google.com [209.85.167.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F6F056760 for ; Tue, 20 Feb 2024 05:12:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.47 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708405924; cv=none; b=uv+rExU58yNZqet2WiC5SbPCpzBKqUIEgo4mVm1ESWr1232sR9OUVFQituVuPpPCsA51HXLW5wOhYiqa77IpKL8O3c7La0dy7I3PArjW3Cq4iC3kZziS1r0Ay86lQRgRPcts3DycNU5EuVTKyma3iWnL89wUf7aVMv9IgiTI8rk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708405924; c=relaxed/simple; bh=P+/HhRLclhnIoaOWdptZq/oDYI5tJKDJu31V4vnvpRw=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=UAh9MYRuDcWKjQs2s/PYSfp/89rb7qBkBwROoIuCJaebxSxpvRjs9nLHl340wMWSaACHE5EsTiGSUNfFH3pa0ngItLNBr3nxdrmckkJyh/4GW/AoDZrJn3+CxRjC202C6JWnnljmdP8+pMlySNGDXyQtUeuIrb2kFcUhZIyk/BE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=z0nkvVgq; arc=none smtp.client-ip=209.85.167.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-lf1-f47.google.com with SMTP id 2adb3069b0e04-512bc0e8ce1so1684774e87.0 for ; Mon, 19 Feb 2024 21:12:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1708405921; x=1709010721; darn=vger.kernel.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=ho97+Z9XyV0V3EKFp1nj4w01pW7dIUQTWF51opt+P0k=; b=z0nkvVgqvrUlYCgPkRVoo/MkW+ZcCTslIch3mycrdlwr9/1Godr/RkDltgOCxoBcdw 1I3nDr4I9dQciV0dTXPQl3FJtrCqZ7CBctQdx7BW9PT/RdFUtfWs+QWOQF/f0frLqX0y vgu1lCNXKfNyXIAiOY8hjUO1lKnetqc+Ln3BZzJVxzoH+moIH9Meg3D2jbInhiJEBBHd hH0EPrLR0cdjcTxXTHrFfwjv8kh8Zaspgn1wKJRngK2A06Fk+O3GokIQUcPUcWOPGgzq 5A/e4ZCcFV7g1htR6l+/Sj3l5d9ja7ZXMRChLOtuJWvzJfQwbw/jopSmH1xqnofVdiVw 7Iaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708405921; x=1709010721; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ho97+Z9XyV0V3EKFp1nj4w01pW7dIUQTWF51opt+P0k=; b=q0VoFaIXwBZeO0bvmtqv9emXAG9ayLoFbbLEB2QpaPL6UnGV5F0ln+j+WZC/vJIO8w vsrxI19aOh3iDTm6blcgRE87C7oWNapfS/hrssFVEL0fsuyBdVmzrDTOtlf8szNAkb9U nrqC/TkQlwwtLlAe9gdnSKOVYsdQifPPUhzGZQPCY2FlN0iiwJKccOvhmB9R3L/WfEZT CKDFYYHOMwXYZfco6MpV+EJyue3FrtVF51IJfICT5RTanGC72SHK18MYMluL92cT4fZn YxLdKow3XEK/MlRWwQSXW/Buj8Ugj1m5v9pNUzcpJoaa7eDLgTIHNb2bHbBksJDH3nrr c/UA== X-Forwarded-Encrypted: i=1; AJvYcCXyHdn4vzfOfca9A1QAQVYPeLo0Su6Kq1Ful3aq9p7ocUQ8iVHka00arb9Bi6WjiiB57BVW1x950kBQ1lsA8YHGZ/ieRo8W5D9UWLA5 X-Gm-Message-State: AOJu0YwQhflCEXhZqVuZfSYIBrvq0TKN85sC6iKHU/gb8Ts/4GULeaPK tOGIizncJVZFMHPKdmOd18dC5F/Y+VBVbTnYR8yFkDU3NJJ3yLlzH2CCxKBnoHU= X-Received: by 2002:a19:f706:0:b0:511:9746:6794 with SMTP id z6-20020a19f706000000b0051197466794mr9220992lfe.60.1708405920674; Mon, 19 Feb 2024 21:12:00 -0800 (PST) Received: from localhost ([102.222.70.76]) by smtp.gmail.com with ESMTPSA id x19-20020a1709065ad300b00a3e786d8729sm2082419ejs.168.2024.02.19.21.11.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Feb 2024 21:12:00 -0800 (PST) Date: Tue, 20 Feb 2024 08:11:53 +0300 From: Dan Carpenter To: Christophe JAILLET Cc: gustavo@embeddedor.com, keescook@chromium.org, Gerd Hoffmann , Sumit Semwal , Christian =?iso-8859-1?Q?K=F6nig?= , Daniel Vetter , linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-media@vger.kernel.org, linaro-mm-sig@lists.linaro.org Subject: Re: [PATCH v2] udmabuf: Fix a potential (and unlikely) access to unallocated memory Message-ID: References: <91d964c2-3d5a-4e96-a4db-e755455c5b5c@moroto.mountain> <3fe4c327-b69b-464e-8e4e-005fa1813279@wanadoo.fr> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <3fe4c327-b69b-464e-8e4e-005fa1813279@wanadoo.fr> On Mon, Feb 19, 2024 at 06:59:02PM +0100, Christophe JAILLET wrote: > Le 19/02/2024 ? 09:37, Dan Carpenter a ?crit?: > > On Sun, Feb 18, 2024 at 06:46:44PM +0100, Christophe JAILLET wrote: > > > If 'list_limit' is set to a very high value, 'lsize' computation could > > > overflow if 'head.count' is big enough. > > > > > > > The "list_limit" is set via module parameter so if you set that high > > enough to lead to an integer overflow then you kind of deserve what > > you get. > > > > This patch is nice for kernel hardening and making the code easier to > > read/audit but the real world security impact is negligible. > > Agreed. > > That is what I meant by "and unlikely". > Maybe the commit message could be more explicit if needed. > > Let me know if ok as-is or if I should try to re-word the description. No, it's fine. But in the future if there is an integer overflow then lets mention in the commit message who it affects or what the impact is. regards, dan carpenter