lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <dcbf9bee124097e131a11f744b32bbeabc250c98.camel@sipsolutions.net>
Date: Tue, 03 Dec 2024 17:45:39 +0100
From: Johannes Berg <johannes@...solutions.net>
To: "Gustavo A. R. Silva" <gustavo@...eddedor.com>, Haoyu Li
	 <lihaoyu499@...il.com>
Cc: Kees Cook <kees@...nel.org>, "Gustavo A . R . Silva"
 <gustavoars@...nel.org>,  Jeff Johnson <quic_jjohnson@...cinc.com>,
 linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org, 
 linux-hardening@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] net: wireless: sme: Initialize n_channels before
 accessing channels in cfg80211_conn_scan

On Tue, 2024-12-03 at 10:20 -0600, Gustavo A. R. Silva wrote:
> 
> "Right now, any addition of a counted_by annotation must also
> include an open-coded assignment of the counter variable after
> the allocation:
> 
>    p = alloc(p, array, how_many);
>    p->counter = how_many;

Not sure where you copied that from, but quite obviously Kees didn't
follow that guidance in e3eac9f32ec0 ("wifi: cfg80211: Annotate struct
cfg80211_scan_request with __counted_by"), otherwise we wouldn't have
this patch.

>   -- Built-in Function: TYPE __builtin_counted_by_ref (PTR)

Even with that though, we still have to actually implement it, and make
sure we use struct_size everywhere when we allocate these things... In
fact we probably need a new allocation function, not just struct_size,
but rather kzalloc_struct_size(...) or so.

Which e3eac9f32ec0 didn't do, and which anyway we still don't do e.g. in
nl80211_trigger_scan() because we have multiple variable things in the
allocation, so we *can't*.

That therefore doesn't even help here.

So that's not a very convincing argument. In a way moving again to "you
need the newest unreleased compiler" makes it *worse*, not *better*?

But of course if you do that now it'll basically mean again nobody is
running it and you get to kick the can further down the road ... I still
think it's a failed experiment. It didn't do any good here as far as I
can tell, and we've spent a ton of time on it.

johannes


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ