| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 May 2020 20:50:25 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Stephen Kitt <steve@....org>
Cc: "David S . Miller" <davem@...emloft.net>,
Joe Perches <joe@...ches.com>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] net: Protect INET_ADDR_COOKIE on 32-bit
architectures
On Fri, 8 May 2020 14:04:57 +0200 Stephen Kitt wrote:
> Commit c7228317441f ("net: Use a more standard macro for
> INET_ADDR_COOKIE") added a __deprecated marker to the cookie name on
> 32-bit architectures, with the intent that the compiler would flag
> uses of the name. However since commit 771c035372a0 ("deprecate the
> '__deprecated' attribute warnings entirely and for good"),
> __deprecated doesn't do anything and should be avoided.
>
> This patch changes INET_ADDR_COOKIE to declare a dummy struct so that
> any subsequent use of the cookie's name will in all likelihood break
> the build. It also removes the __deprecated marker.
>
> Signed-off-by: Stephen Kitt <steve@....org>
> ---
> Changes since v1:
> - use a dummy struct rather than a typedef
>
> include/net/inet_hashtables.h | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h
> index ad64ba6a057f..889d9b00c905 100644
> --- a/include/net/inet_hashtables.h
> +++ b/include/net/inet_hashtables.h
> @@ -301,8 +301,9 @@ static inline struct sock *inet_lookup_listener(struct net *net,
> ((__sk)->sk_bound_dev_if == (__sdif))) && \
> net_eq(sock_net(__sk), (__net)))
> #else /* 32-bit arch */
> +/* Break the build if anything tries to use the cookie's name. */
I think the macro is supposed to cause a warning when the variable
itself is accessed. And I don't think that happens with your patch
applied.
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 2bbaaf0c7176..6c4a3904ed8b 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -360,6 +360,8 @@ struct sock *__inet_lookup_established(struct net *net,
unsigned int slot = hash & hashinfo->ehash_mask;
struct inet_ehash_bucket *head = &hashinfo->ehash[slot];
+ kfree(&acookie);
begin:
sk_nulls_for_each_rcu(sk, node, &head->chain) {
if (sk->sk_hash != hash)
$ make ARCH=i386
make[1]: Entering directory `/netdev/net-next/build_allmodconfig_warn_32bit'
GEN Makefile
CALL ../scripts/atomic/check-atomics.sh
CALL ../scripts/checksyscalls.sh
CHK include/generated/compile.h
CC net/ipv4/inet_hashtables.o
CHK kernel/kheaders_data.tar.xz
AR net/ipv4/built-in.a
AR net/built-in.a
GEN .version
CHK include/generated/compile.h
UPD include/generated/compile.h
CC init/version.o
AR init/built-in.a
LD vmlinux.o
MODPOST vmlinux.o
Builds fine.
> #define INET_ADDR_COOKIE(__name, __saddr, __daddr) \
> - const int __name __deprecated __attribute__((unused))
> + struct {} __name __attribute__((unused))
>
> #define INET_MATCH(__sk, __net, __cookie, __saddr, __daddr, __ports, __dif, __sdif) \
> (((__sk)->sk_portpair == (__ports)) && \
Powered by blists - more mailing lists