On 11/25, Borislav Petkov wrote:
>
> On Mon, Nov 25, 2013 at 08:50:28PM +0100, Oleg Nesterov wrote:
> > This won't work if va + len overflows?
>
> Oh, right,
>
> > Perhaps we should makes this clear, and we can even check the overflow
> > in the generic code (iirc Linus suggested to do this).
>
>
On 11/25, Borislav Petkov wrote:
On Mon, Nov 25, 2013 at 08:50:28PM +0100, Oleg Nesterov wrote:
This won't work if va + len overflows?
Oh, right,
Perhaps we should makes this clear, and we can even check the overflow
in the generic code (iirc Linus suggested to do this).
maybe
On Mon, Nov 25, 2013 at 08:50:28PM +0100, Oleg Nesterov wrote:
> This won't work if va + len overflows?
Oh, right,
> Perhaps we should makes this clear, and we can even check the overflow
> in the generic code (iirc Linus suggested to do this).
maybe something like
((va + len - 1) >=
Frederic. Thanks for doing this ;)
On 11/24, Borislav Petkov wrote:
>
> On Sun, Nov 24, 2013 at 11:32:49AM +0100, Frederic Weisbecker wrote:
> >
> > - return (va >= TASK_SIZE) && ((va + len - 1) >= TASK_SIZE);
> > + return (va >= TASK_SIZE) || ((va + len - 1) >= TASK_SIZE);
>
> Well, can't
Frederic. Thanks for doing this ;)
On 11/24, Borislav Petkov wrote:
On Sun, Nov 24, 2013 at 11:32:49AM +0100, Frederic Weisbecker wrote:
- return (va = TASK_SIZE) ((va + len - 1) = TASK_SIZE);
+ return (va = TASK_SIZE) || ((va + len - 1) = TASK_SIZE);
Well, can't you simplify it
On Mon, Nov 25, 2013 at 08:50:28PM +0100, Oleg Nesterov wrote:
This won't work if va + len overflows?
Oh, right,
Perhaps we should makes this clear, and we can even check the overflow
in the generic code (iirc Linus suggested to do this).
maybe something like
((va + len - 1) =
On Sun, Nov 24, 2013 at 11:32:49AM +0100, Frederic Weisbecker wrote:
> From: Oleg Nesterov
>
> arch_check_bp_in_kernelspace() tries to avoid the overflow and does 2
> TASK_SIZE checks but it needs OR, not AND. Consider va = TASK_SIZE -1
> and len = 2 case.
>
> Note: TASK_SIZE doesn't look right
From: Oleg Nesterov
arch_check_bp_in_kernelspace() tries to avoid the overflow and does 2
TASK_SIZE checks but it needs OR, not AND. Consider va = TASK_SIZE -1
and len = 2 case.
Note: TASK_SIZE doesn't look right at least on x86, I think it should
be replaced by TASK_SIZE_MAX.
Signed-off-by:
From: Oleg Nesterov o...@redhat.com
arch_check_bp_in_kernelspace() tries to avoid the overflow and does 2
TASK_SIZE checks but it needs OR, not AND. Consider va = TASK_SIZE -1
and len = 2 case.
Note: TASK_SIZE doesn't look right at least on x86, I think it should
be replaced by TASK_SIZE_MAX.
On Sun, Nov 24, 2013 at 11:32:49AM +0100, Frederic Weisbecker wrote:
From: Oleg Nesterov o...@redhat.com
arch_check_bp_in_kernelspace() tries to avoid the overflow and does 2
TASK_SIZE checks but it needs OR, not AND. Consider va = TASK_SIZE -1
and len = 2 case.
Note: TASK_SIZE doesn't
10 matches
Mail list logo