[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202211161454.D5FA4ED44@keescook>
Date: Wed, 16 Nov 2022 14:56:25 -0800
From: Kees Cook <keescook@...omium.org>
To: Jakub Kicinski <kuba@...nel.org>
Cc: David Ahern <dsahern@...nel.org>, davem@...emloft.net,
netdev@...r.kernel.org, edumazet@...gle.com, pabeni@...hat.com,
"Gustavo A. R. Silva" <gustavo@...eddedor.com>,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH net-next v2] netlink: split up copies in the ack
construction
[sorry for the dup; resending with Gustavo actually CCed]
On Mon, Nov 14, 2022 at 09:06:14AM -0800, Jakub Kicinski wrote:
> On Sun, 13 Nov 2022 19:39:27 -0700 David Ahern wrote:
> > On Thu, Oct 27, 2022 at 02:25:53PM -0700, Jakub Kicinski wrote:
> > > diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h
> > > index e2ae82e3f9f7..5da0da59bf01 100644
> > > --- a/include/uapi/linux/netlink.h
> > > +++ b/include/uapi/linux/netlink.h
> > > @@ -48,6 +48,7 @@ struct sockaddr_nl {
> > > * @nlmsg_flags: Additional flags
> > > * @nlmsg_seq: Sequence number
> > > * @nlmsg_pid: Sending process port ID
> > > + * @nlmsg_data: Message payload
> > > */
> > > struct nlmsghdr {
> > > __u32 nlmsg_len;
> > > @@ -55,6 +56,7 @@ struct nlmsghdr {
> > > __u16 nlmsg_flags;
> > > __u32 nlmsg_seq;
> > > __u32 nlmsg_pid;
> > > + __u8 nlmsg_data[];
> >
> > This breaks compile of iproute2 with clang. It does not like the
> > variable length array in the middle of a struct. While I could re-do the
> > structs in iproute2, I doubt it is alone in being affected by this
> > change.
Eww.
>
> Kees, would you mind lending your expertise?
>
> Not sure why something like (simplified):
>
> struct top {
> struct nlmsghdr hdr;
> int tail;
> };
>
> generates a warning:
>
> In file included from stat-mr.c:7:
> In file included from ./res.h:9:
> In file included from ./rdma.h:21:
> In file included from ../include/utils.h:17:
> ../include/libnetlink.h:41:18: warning: field 'nlh' with variable sized type 'struct nlmsghdr' not at the end of a struct or class is a GNU extension [-Wgnu-variable-sized-type-not-at-end]
> struct nlmsghdr nlh;
> ^
>
> which is not confined to -Wpedantic.
> Seems like a useless warning :S
Yeah, this surprises me. But I can certainly reproduce it:
https://godbolt.org/z/fczq8sqbv
Gustavo, do you know what's happening here? GCC (and Clang) get mad
about doing this in the same struct:
struct nlmsghdr {
__u32 nlmsg_len;
__u16 nlmsg_flags;
__u32 nlmsg_seq;
__u32 nlmsg_pid;
__u8 nlmsg_data[];
int wat;
};
<source>:10:21: error: flexible array member not at end of struct
10 | __u8 nlmsg_data[];
| ^~~~~~~~~~
But the overlapping with other composite structs has been used in other
areas, I thought? (When I looked at this last, I thought the types just
had to overlap, but that doesn't seem to help here.)
-Kees
--
Kees Cook
Powered by blists - more mailing lists