Re: [git pull] vfs fixes

From: Al Viro
Date: Sun Mar 23 2014 - 12:45:42 EST

Next message: KOSAKI Motohiro: "Re: [PATCH 1/5] vrange: Add vrange syscall and handle splitting/merging and marking vmas"
Previous message: Linus Torvalds: "Re: 3.14-rc7 crashes in drm ([PATCH] a crash in mga_driver_irq_uninstall)"
In reply to: Linus Torvalds: "Re: [git pull] vfs fixes"
Next in thread: Linus Torvalds: "Re: [git pull] vfs fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Mar 23, 2014 at 09:36:28AM -0700, Linus Torvalds wrote:
> On Sun, Mar 23, 2014 at 12:16 AM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
> > Several fixes; first 4 commits are obvious fixes (a couple
> > of fdget_pos()-related ones from Eric Biggers, prepend_name() fix, missing
> > checks for false negatives from __lookup_mnt() in fs/namei.c)
>
> I'm not seeing the obvious fix in the prepend_name() thing, and I
> think it's horrible to *update* the name-len to negative like it now
> does.
>
> Why is anybody calling it with a negative buffer length in the first
> place? *That* is the bug. Making the buflen become negative just makes
> the bug worse, imnsho.

It's easier to skip checking the overflow on prepend() of "\0" in the
beginning of the whole thing and just let the next operation to fail.
That's where the corner case comes from.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: KOSAKI Motohiro: "Re: [PATCH 1/5] vrange: Add vrange syscall and handle splitting/merging and marking vmas"
Previous message: Linus Torvalds: "Re: 3.14-rc7 crashes in drm ([PATCH] a crash in mga_driver_irq_uninstall)"
In reply to: Linus Torvalds: "Re: [git pull] vfs fixes"
Next in thread: Linus Torvalds: "Re: [git pull] vfs fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]