| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZuTdhIZtw8Hc7LXP@pop-os.localdomain> Date: Fri, 13 Sep 2024 17:49:08 -0700 From: Cong Wang <xiyou.wangcong@...il.com> To: Stanislav Fomichev <stfomichev@...il.com> Cc: Eric Dumazet <edumazet@...gle.com>, Qianqiang Liu <qianqiang.liu@....com>, davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] net: check the return value of the copy_from_sockptr On Wed, Sep 11, 2024 at 01:05:27PM -0700, Stanislav Fomichev wrote: > On 09/11, Cong Wang wrote: > > On Wed, Sep 11, 2024 at 11:49:32AM -0700, Stanislav Fomichev wrote: > > > Can you explain what is not correct? > > > > > > Calling BPF_CGROUP_RUN_PROG_GETSOCKOPT with max_optlen=0 should not be > > > a problem I think? (the buffer simply won't be accessible to the bpf prog) > > > > Sure. Sorry for not providing all the details. > > > > If I understand the behavior of copy_from_user() correctly, it may > > return partially copied data in case of error, which then leads to a > > partially-copied 'max_optlen'. > > > > So, do you expect a partially-copied max_optlen to be passed to the > > eBPF program meanwhile the user still expects a complete one (since no > > -EFAULT)? > > > > Thanks. > > Partial copy is basically the same as user giving us garbage input, right? > That should still be handled correctly I think. Not to me. For explict garbage input, users (mostly syzbot) already expect it is a garbage. For partial copy, users expect either an error (like EFAULT) or a success with the _original_ value. It is all about expectation of the API. Thanks.
Powered by blists - more mailing lists