Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/vegard/statuses/111996475706522968">Vegard Nossum 🥑 (vegard@mastodon.social)'s status on Tuesday, 27-Feb-2024 00:34:39 JST</a><a href="https://mastodon.social/@vegard" title="vegard@mastodon.social"><img src="https://gnusocial.jp/avatar/25475-48-20230328130305.webp" width="48" height="48" alt="Vegard Nossum 🥑" style="position: absolute; left: 0; top: 0;">Vegard Nossum 🥑</a><div><a href="https://mastodon.social/@vegard/111996426931071509" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/101452" title="gregkh@social.kernel.org">Greg K-H</a></li><li><a href="https://gnusocial.jp/user/107149" title="kees@fosstodon.org">Kees Cook :tux:</a></li></ul></div></section><article><p><a href="https://fosstodon.org/@kees">@kees</a> <a href="https://better.boston/@vathpela">@vathpela</a> <a href="https://social.kernel.org/users/gregkh">@gregkh</a> In this specific case I feel like much of the analysis has already been carried out, see <a href="https://lwn.net/Articles/627419/" rel="nofollow noreferrer">https://lwn.net/Articles/627419/</a> and <a href="https://lwn.net/Articles/723317/" rel="nofollow noreferrer">https://lwn.net/Articles/723317/</a>.</p><p>If we believe otherwise, that should be documented or discussed (like Jann's reply: <a href="https://mastodon.social/@jann@infosec.exchange/111995095738261114" rel="nofollow noreferrer">https://mastodon.social/@jann@infosec.exchange/111995095738261114</a>).</p><p>I'm fine admitting some wiggle room for borderline cases, but in this case the CVE description is literally "this can't actually fail" and "adding a check ... makes the static checkers happy".</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2763987#notice-5479848">In conversation</a><time datetime="2024-02-27T00:34:39+09:00" title="Tuesday, 27-Feb-2024 00:34:39 JST">about a year ago</time> <span>from <span><a href="https://mastodon.social/@vegard/111996475706522968" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@vegard/111996475706522968">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: static.lwn.net</div><h5><a href="https://lwn.net/Articles/627419/">The "too small to fail" memory-allocation rule</a></h5><div></div></header><div>Kernel developers have long been told that, with few exceptions, attempts
to allocate memory can fail if the system does not have sufficient
resources.  As a result, in well-written code, every call to a function
like kmalloc(), vmalloc(), or __get_free_pages()
is accompanied by carefully thought-out error-handling code.  It turns out,
though, the behavior actually implemented in the memory-management
subsystem is a bit different from what is written in the brochure.  That
difference can lead to unfortunate run-time behavior, but the fix might
just be worse.</div><footer></footer></article></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/2308323">Untitled attachment</a></label><br></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://mastodon.social/redirect/statuses/111995095738261114">Mastodon</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Vegard Nossum 🥑 (vegard@mastodon.social)'s status on Tuesday, 27-Feb-2024 00:34:39 JSTVegard Nossum 🥑
in reply to
@kees @vathpela @gregkh In this specific case I feel like much of the analysis has already been carried out, see https://lwn.net/Articles/627419/ and https://lwn.net/Articles/723317/.
If we believe otherwise, that should be documented or discussed (like Jann's reply: https://mastodon.social/@jann@infosec.exchange/111995095738261114).
I'm fine admitting some wiggle room for borderline cases, but in this case the CVE description is literally "this can't actually fail" and "adding a check ... makes the static checkers happy".
In conversationabout a year ago from mastodon.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: static.lwn.net
  The "too small to fail" memory-allocation rule
  Kernel developers have long been told that, with few exceptions, attempts to allocate memory can fail if the system does not have sufficient resources. As a result, in well-written code, every call to a function like kmalloc(), vmalloc(), or __get_free_pages() is accompanied by carefully thought-out error-handling code. It turns out, though, the behavior actually implemented in the memory-management subsystem is a bit different from what is written in the brochure. That difference can lead to unfortunate run-time behavior, but the fix might just be worse.
2. Untitled attachment
3. No result found on File_thumbnail lookup.
  Mastodon

Public

Embed Notice

HTML Code

Corresponding Notice