lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 09 Jan 2020 11:05:14 -0800 (PST)
From:   David Miller <davem@...emloft.net>
To:     mathew.j.martineau@...ux.intel.com
Cc:     netdev@...r.kernel.org, mptcp@...ts.01.org, ast@...nel.org,
        daniel@...earbox.net, bpf@...r.kernel.org, pabeni@...hat.com,
        matthieu.baerts@...sares.net
Subject: Re: [PATCH net-next v7 02/11] sock: Make sk_protocol a 16-bit value

From: Mat Martineau <mathew.j.martineau@...ux.intel.com>
Date: Thu,  9 Jan 2020 07:59:15 -0800

> Match the 16-bit width of skbuff->protocol. Fills an 8-bit hole so
> sizeof(struct sock) does not change.
> 
> Also take care of BPF field access for sk_type/sk_protocol. Both of them
> are now outside the bitfield, so we can use load instructions without
> further shifting/masking.
> 
> v5 -> v6:
>  - update eBPF accessors, too (Intel's kbuild test robot)
> v2 -> v3:
>  - keep 'sk_type' 2 bytes aligned (Eric)
> v1 -> v2:
>  - preserve sk_pacing_shift as bit field (Eric)
> 
> Cc: Alexei Starovoitov <ast@...nel.org>
> Cc: Daniel Borkmann <daniel@...earbox.net>
> Cc: bpf@...r.kernel.org
> Co-developed-by: Paolo Abeni <pabeni@...hat.com>
> Signed-off-by: Paolo Abeni <pabeni@...hat.com>
> Co-developed-by: Matthieu Baerts <matthieu.baerts@...sares.net>
> Signed-off-by: Matthieu Baerts <matthieu.baerts@...sares.net>
> Signed-off-by: Mat Martineau <mathew.j.martineau@...ux.intel.com>

This is worrisome for me.

We have lots of places that now are going to be assigning  sk->sk_protocol
into a u8 somewhere else.  A lot of them are ok because limits are enforced
in various places, but for example:

net/ipv6/udp.c:	fl6.flowi6_proto = sk->sk_protocol;
net/l2tp/l2tp_ip6.c:	fl6.flowi6_proto = sk->sk_protocol;

net/ipv6/inet6_connection_sock.c:	fl6->flowi6_proto = sk->sk_protocol;

net/ipv6/af_inet6.c:		fl6.flowi6_proto = sk->sk_protocol;
net/ipv6/datagram.c:	fl6->flowi6_proto = sk->sk_protocol;

This is one just one small example situation, where flowi6_proto is a u8.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ