| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAADnVQKZXEsN_SNg+WgOT02hdREM93zyDr=9fhgdJZYVzv2rfw@mail.gmail.com> Date: Sun, 21 Sep 2025 19:20:37 -0700 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Haofeng Li <920484857@...com> Cc: Quentin Monnet <qmo@...nel.org>, 13266079573@....com, Andrii Nakryiko <andrii@...nel.org>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, lihaofeng@...inos.cn, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] bpf: fix netfilter link comparison to handle unsigned flags On Sun, Sep 21, 2025 at 6:52 PM Haofeng Li <920484857@...com> wrote: > > Thank you for your review and feedback. > > >Did you actually observe an overflow producing an error when sorting, > >here? Or did you run into some compiler warning? > > I did not encounter a runtime error or a compiler warning caused by this potential overflow. > The issue was identified during code review as a potential risk, > considering the theoretical possibility of wrap-around with unsigned subtraction, > which prompted me to submit this patch for code robustness. > > >This being said, I don't mind making the code cleaner for these > >comparisons, but we should probably treat all three attributes the same, > >and update the rest of the function as well? > > Thank you for pointing this out. > I will prepare a v2 patch that thoroughly reviews and updates the comparison > logic for all three fields (netfilter.pf, netfilter.hooknum, and netfilter.flags), > replacing all subtraction-based comparisons with explicit conditional checks. Don't. We don't fix theoretical issues.
Powered by blists - more mailing lists