lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 18 Dec 2023 20:12:07 +0000
From: "Arnd Bergmann" <arnd@...db.de>
To: Thomas Weißschuh <linux@...ssschuh.net>,
 "David S . Miller" <davem@...emloft.net>,
 "Eric Dumazet" <edumazet@...gle.com>, "Jakub Kicinski" <kuba@...nel.org>,
 "Paolo Abeni" <pabeni@...hat.com>, "Simon Horman" <horms@...nel.org>
Cc: Netdev <netdev@...r.kernel.org>, linux-kernel@...r.kernel.org,
 "kernel test robot" <lkp@...el.com>, stable@...r.kernel.org
Subject: Re: [PATCH] net: avoid build bug in skb extension length calculation

On Mon, Dec 18, 2023, at 17:06, Thomas Weißschuh wrote:
> GCC seems to incorrectly fail to evaluate skb_ext_total_length() at
> compile time under certain conditions.
>
> The issue even occurs if all values in skb_ext_type_len[] are "0",
> ruling out the possibility of an actual overflow.
>
> As the patch has been in mainline since v6.6 without triggering the
> problem it seems to be a very uncommon occurrence.
>
> As the issue only occurs when -fno-tree-loop-im is specified as part of
> CFLAGS_GCOV, disable the BUILD_BUG_ON() only when building with coverage
> reporting enabled.
>
> Reported-by: kernel test robot <lkp@...el.com>
> Closes: 
> https://lore.kernel.org/oe-kbuild-all/202312171924.4FozI5FG-lkp@intel.com/
> Suggested-by: Arnd Bergmann <arnd@...db.de>
> Link: 
> https://lore.kernel.org/lkml/487cfd35-fe68-416f-9bfd-6bb417f98304@app.fastmail.com/
> Fixes: 5d21d0a65b57 ("net: generalize calculation of skb extensions 
> length")
> Cc:  <stable@...r.kernel.org>
> Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net>

Acked-by: Arnd Bergmann <arnd@...db.de>

> ---
>  net/core/skbuff.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
> index 83af8aaeb893..94cc40a6f797 100644
> --- a/net/core/skbuff.c
> +++ b/net/core/skbuff.c
> @@ -4825,7 +4825,9 @@ static __always_inline unsigned int 
> skb_ext_total_length(void)
>  static void skb_extensions_init(void)
>  {
>  	BUILD_BUG_ON(SKB_EXT_NUM >= 8);
> +#if !IS_ENABLED(CONFIG_KCOV_INSTRUMENT_ALL)
>  	BUILD_BUG_ON(skb_ext_total_length() > 255);
> +#endif

The way I would write this is

BUILD_BUG_ON(!IS_ENABLED(CONFIG_KCOV_INSTRUMENT_ALL) &&
             skb_ext_total_length() > 255);

but of course the effect is the same.

     Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ