[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 3/8] libelf: loop safety: Call elf_iter_ok[_counted] in every loop
Jan Beulich writes ("Re: [PATCH 3/8] libelf: loop safety: Call elf_iter_ok[_counted] in every loop"): > On 12.12.16 at 16:38, <ian.jackson@xxxxxxxxxxxxx> wrote: > > So the calls to elf_memset_unchecked, to zero name and value, imply > > that there must be a call to elf_iter_ok_counted. The count parameter > > should be the actual work done. > > Hmm, if the rules say that, I'll then have to question the rules: > Shouldn't accounting be based on what the workload the image > causes us, instead of our own overhead? The purpose of the accounting is to prevent the image from causing us to do lots of work. The work calculation should be based on the actual algorithm, not on some hypothetical other algorithm that might be more efficient. Otherwise if our algorithm is inefficient in some surprising way, when faced with certain unusual images, that would be a DOS vulnerability. I think it is easier to write these checks, in terms of the actual work done, than attempt to construct a proof that the algorithm always only does a reasonable amount of work. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |