| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000301db1bbc$453feae0$cfbfc0a0$@huawei.com> Date: Fri, 11 Oct 2024 12:02:05 +0300 From: Gur Stavi <gur.stavi@...wei.com> To: 'Willem de Bruijn' <willemdebruijn.kernel@...il.com> CC: <davem@...emloft.net>, <edumazet@...gle.com>, <kuba@...nel.org>, <linux-kernel@...r.kernel.org>, <linux-kselftest@...r.kernel.org>, <netdev@...r.kernel.org>, <pabeni@...hat.com>, <shuah@...nel.org> Subject: RE: [PATCH net-next v02 1/2] af_packet: allow fanout_add when socket is not RUNNING > > If we don't care about opening up fanout groups to ETH_P_NONE, then > patch v2 seems sufficient. If explicitly blocking this, the ENXIO > return can be added, but ideally without touching the other lines. I don't think that allowing ETH_P_NONE is relevant. In my opinion the 2 options that should be considered to fail fanout_add are: 1. Testing proto == 0 2. Testing proto == 0 || ifindex == -1 The only corner case that is caught by [2] and missed by [1] is the "unlisted" case during do_bind. It is such a rare case that probably no one will ever encounter bind "unlisted" followed by FANOUT_ADD. And this is not a dangerous corner case that leads to system crash. However, being a purist, I see the major goal of code review to promote correctness by identifying corner cases while improving style is a secondary priority. Since we did identify this corner case in our discussion I think we should still use [2]. I don't consider the code complex. In fact, to me, the ifindex clause is a more understandable direct reason for failure than the proto which is indirect. Having the ifindex clause helps figuring out the proto clause.
Powered by blists - more mailing lists