lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zd_qaxKc9V6dMkOA@codewreck.org>
Date: Thu, 29 Feb 2024 11:22:35 +0900
From: Dominique Martinet <asmadeus@...ewreck.org>
To: Kees Cook <keescook@...omium.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org,
	patches@...ts.linux.dev, linux-kernel@...r.kernel.org,
	torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
	linux@...ck-us.net, shuah@...nel.org, patches@...nelci.org,
	lkft-triage@...ts.linaro.org, pavel@...x.de, jonathanh@...dia.com,
	f.fainelli@...il.com, sudipm.mukherjee@...il.com,
	srw@...dewatkins.net, rwarsow@....de, conor@...nel.org,
	allen.lkml@...il.com
Subject: Re: [PATCH 5.10 000/122] 5.10.211-rc1 review

Kees Cook wrote on Wed, Feb 28, 2024 at 12:39:42PM -0800:
> > > This commit breaks build of some 3rd party wireless module we use here
> > > (because sizeof(sa->sa_data) no longer works and needs to use
> > > sa_data_min)
> 
> Just FYI, it's possible that things using sizeof(sa->sa_data) were buggy
> to begin with since the struct size isn't actually dictated by that size
> (it's only the minimum possible size).

Yes, I definitely agree with this.
As it's "vendor stuff" I just replaced with sa_data_min because that
preserves the values, but it ought to get a second look.
I'd love to pretend that driver's upstream will do the right thing and
use proper values here on newer kernel but upon checking its >6.2 tree
support now they apparently did the same instead of getting the size
properly.

> > We NEVER preserve in-kernel APIs for any out-of-tree code as obviously,
> > we have no idea what out-of-tree code is actually using, so it would be
> > impossible to do so.

Right, I just don't see much "common struct" changes in stable tree
patches -- stuff like livepatches or weak modules and whatsnot don't
like these so some downstreams (redhat to name them) try very hard to
keep these constants for the lifetime of a given stable release... iirc
they go as far as adding some padding fields to some structs that are
likely to need fiddling so they can do this while preserving binary
compatibility.

I understand the upstream stable kernels don't make such promise (and
given the amount of work that probably goes into it, rightfully so! I
wouldn't exect you or anyone to do this here), just pointed it out
as part of my usual test round for anyone else who'd care.

> Out of curiosity, which drivers broke and what's needed to get them into
> upstream (or at least staging)?

Sure, it was NXP's wifi chips driver:
https://github.com/nxp-imx/mwifiex/

It's mostly based on drivers/net/wireless/marvell/mwifiex but has since
been quite extensively modified, so it'd take quite a bit of effort to
upstream as a separate entity (changing a few names to avoid conflcts so
both can be built together... Add to that the requirement for a
compatible firmware with a restrictive license... And that NXP isn't
exactly focused on upstreaming); I have little hope of seeing it
upstream at this point unfortunately and gave up on it as part of
maintaining an embedded kernel "port" as it's sadly far from being
only one :/

(I especially don't get it as I consider maintaining a bunch of
spaghetti ifdef on kernel versions to be much more work than getting the
driver upstream once, but I guess I'm barking at the wrong tree here)


Thanks,
-- 
Dominique Martinet | Asmadeus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ