lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202402281231.F7A20FCE@keescook>
Date: Wed, 28 Feb 2024 12:39:42 -0800
From: Kees Cook <keescook@...omium.org>
To: Dominique Martinet <asmadeus@...ewreck.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org,
	patches@...ts.linux.dev, linux-kernel@...r.kernel.org,
	torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
	linux@...ck-us.net, shuah@...nel.org, patches@...nelci.org,
	lkft-triage@...ts.linaro.org, pavel@...x.de, jonathanh@...dia.com,
	f.fainelli@...il.com, sudipm.mukherjee@...il.com,
	srw@...dewatkins.net, rwarsow@....de, conor@...nel.org,
	allen.lkml@...il.com
Subject: Re: [PATCH 5.10 000/122] 5.10.211-rc1 review

On Wed, Feb 28, 2024 at 07:06:38AM +0100, Greg Kroah-Hartman wrote:
> On Wed, Feb 28, 2024 at 08:59:36AM +0900, Dominique Martinet wrote:
> > Greg Kroah-Hartman wrote on Tue, Feb 27, 2024 at 02:26:01PM +0100:
> > > Kees Cook <keescook@...omium.org>
> > >     net: dev: Convert sa_data to flexible array in struct sockaddr
> > > (ca13c2b1e9e4b5d982c2f1e75f28b1586e5c0f7f in this tree,
> > > b5f0de6df6dce8d641ef58ef7012f3304dffb9a1 upstream)
> > 
> > This commit breaks build of some 3rd party wireless module we use here
> > (because sizeof(sa->sa_data) no longer works and needs to use
> > sa_data_min)

Just FYI, it's possible that things using sizeof(sa->sa_data) were buggy
to begin with since the struct size isn't actually dictated by that size
(it's only the minimum possible size).

> > With that said I guess it really is a dependency on the arp_req_get
> > overflow, so probably necessary evil, and I don't think we explicitly
> > pretend to preserve APIs for 3rd party modules so this is probably
> > fine... The new warnings that poped up (and were reported in other
> > messages) a probably worth checking though.
> 
> We NEVER preserve in-kernel APIs for any out-of-tree code as obviously,
> we have no idea what out-of-tree code is actually using, so it would be
> impossible to do so.
> 
> Also, it's odd that a driver is hit by this as no in-kernel driver was,
> so perhaps it's using the wrong api to start with :)

The reason is that most drivers don't want this size (see above) and
all the in-tree code that did need adjustment got adjusted (visible in
the referenced patch). :) But that's the risk of an out-of-tree driver:
it doesn't get those fixes automatically.

Out of curiosity, which drivers broke and what's needed to get them into
upstream (or at least staging)?

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ