lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 11 Apr 2022 18:27:54 +0200
From:   Nicolas Dichtel <nicolas.dichtel@...nd.com>
To:     Vladimir Oltean <olteanv@...il.com>
Cc:     Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>,
        Paolo Abeni <pabeni@...hat.com>
Subject: Re: What is the purpose of dev->gflags?


Le 11/04/2022 à 18:20, Vladimir Oltean a écrit :
> On Mon, Apr 11, 2022 at 06:10:49PM +0200, Nicolas Dichtel wrote:
>>
>> Le 11/04/2022 à 17:49, Vladimir Oltean a écrit :
>>> On Mon, Apr 11, 2022 at 05:43:01PM +0200, Nicolas Dichtel wrote:
>>>>
>>>> Le 11/04/2022 à 17:33, Vladimir Oltean a écrit :
>>>> [snip]
>>>>> Would you agree that the __dev_set_allmulti() -> __dev_notify_flags()
>>>>> call path is dead code? If it is, is there any problem it should be
>>>>> addressing which it isn't, or can we just delete it?
>>>> I probably miss your point, why is it dead code?
>>>
>>> Because __dev_set_allmulti() doesn't update dev->gflags, it means
>>> dev->gflags == old_gflags. In turn, it means dev->gflags ^ old_gflags,
>>> passed to "gchanges" of __dev_notify_flags(), is 0.
>> I didn't take any assumptions on dev->gflags because two functions are called
>> with dev as parameter (dev_change_rx_flags() and dev_set_rx_mode()).
> 
> You mean ops->ndo_change_rx_flags() or ops->ndo_set_rx_mode() are
> expected to update dev->gflags?
No, I just say that I didn't take any assumptions on what there are expected to do.

> 
>> Even if __dev_notify_flags() is called with 0 for the last arg, it calls
>> notifiers. Thus, this is not "dead code".
> 
> The relevant "changes" (dev->flags & old_flags) of the net_device which
> may have changed from __dev_set_allmulti() are masked out from
> call_netdevice_notifiers(), are they not?
> 
> 	if (changes & IFF_UP) {
> 		/* doesn't apply */
> 	}
> 
> 	if (dev->flags & IFF_UP &&
> 	    (changes & ~(IFF_UP | IFF_PROMISC | IFF_ALLMULTI | IFF_VOLATILE))) {
> 	               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 	               these changes are masked out
Same here. Some complex path are called (eg. dev_change_rx_flags =>
ops->ndo_change_rx_flags() => vlan_dev_change_rx_flags => dev_set_allmulti =>
__dev_set_allmulti => etc).
Maybe you made an audit to check that other flags cannot be changed. But, if it
changes in the future, we will miss them here.

Did you see a bug? What is the issue?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ