Re: [PATCH] test_kmod: fix limit check on number of test devices created
From: Kees Cook
Date: Tue Feb 27 2018 - 18:24:16 EST
On Fri, Feb 23, 2018 at 7:00 PM, Luis R. Rodriguez <mcgrof@xxxxxxxxxx> wrote:
> As reported by Dan the parentheses is in the wrong place, and since
> unlikely() call returns either 0 or 1 it's never less than zero.
> The second issue is that signed integer overflows like "INT_MAX + 1" are
> undefined behavior.
>
> Since num_test_devs represents the number of devices, we want to stop
> prior to hitting the max, and not rely on the wrap arround at all. So
> just cap at num_test_devs + 1, prior to assigning a new device.
>
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress test the module loader")
> Signed-off-by: Luis R. Rodriguez <mcgrof@xxxxxxxxxx>
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
-Kees
> ---
> lib/test_kmod.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/test_kmod.c b/lib/test_kmod.c
> index e372b97eee13..0e5b7a61460b 100644
> --- a/lib/test_kmod.c
> +++ b/lib/test_kmod.c
> @@ -1141,7 +1141,7 @@ static struct kmod_test_device *register_test_dev_kmod(void)
> mutex_lock(®_dev_mutex);
>
> /* int should suffice for number of devices, test for wrap */
> - if (unlikely(num_test_devs + 1) < 0) {
> + if (num_test_devs + 1 == INT_MAX) {
> pr_err("reached limit of number of test devices\n");
> goto out;
> }
> --
> 2.16.2
>
--
Kees Cook
Pixel Security