lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <496B56B7.3080703@trash.net>
Date:	Mon, 12 Jan 2009 15:41:59 +0100
From:	Patrick McHardy <kaber@...sh.net>
To:	klimes@...trum.cz
CC:	netdev@...r.kernel.org
Subject: Re: XFRM structures binary compability

klimes@...trum.cz wrote:
> Hello,
> 
> I face a problem due to binary incompatibility of XFRM structures.
> 
> I use XFRM interface to create IPsec SAs. My user application is compiled as 32bit binary.
> It works properly when running against 32bit kernel. However when I've run it on 64bit kernel, netlink returns an error (EINVAL).
> I use Fedora for both 32 and 64-bit environment.
> 
> I'm aware that it is due to incompatibility (different alignment and padding) of XFRM structures passed between user space and kernel
> (defined here for user space: /usr/include/linux/xfrm.h)
> My question is: shall not the structures be designed to be the same in 32 and 64bit environment?
> I think a padding should be added to meet the more strict alignment rules (i.e. 64bit environment).
> 
> I used pahole tool (available in dwarves package) to display structure alignment (see attachment).
> pahole_32.txt - structures from 32bit binary
> pahole_64.txt - structures from 64bit binary
> 
> What causes my trouble is "xfrm_usersa_info" which is padded with 7 bytes at the end in 64-bit,
> so that the whole structure is 224 bytes in 64bit application against 220 bytes in 32bit (just 3-byte padding).
> An explicit 7-byte padding in the structure would cure the case, IMHO.

That would break on 32 bit because userspace binaries compiled
with the old layout would send "short" messages. I'd suggest
to explicitly use the smaller value for the xfrm_msg_min checks
(i.e. replace sizeof by numerical constant).
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ