On Thu, May 09, 2024 at 09:19:48AM -0400, Chuck Lever wrote: > On Thu, May 09, 2024 at 01:48:28PM +0300, Dan Carpenter wrote: > > These lengths come from xdr_stream_decode_u32() and so we should be a > > bit careful with them. Use size_add() and struct_size() to avoid > > integer overflows. Saving size_add()/struct_size() results to a u32 is > > unsafe because it truncates away the high bits. > > > > Also generally storing sizes in longs is safer. Most systems these days > > use 64 bit CPUs. It's harder for an addition to overflow 64 bits than > > it is to overflow 32 bits. Also functions like vmalloc() can > > successfully allocate UINT_MAX bytes, but nothing can allocate ULONG_MAX > > bytes. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > --- > > I think my patch 1 fixes any real issues. It's hard to assign a Fixes > > tag to this. > > I agree that this is a defensive change only. As it is late in the > cycle and this doesn't seem urgent, I would prefer to queue this > change for v6.11. > Sounds good. I would imagine that eventually it will make its way back to the stable kernels but it's not a rush. regards, dan carpenter
