lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YxBTaxMmHKiLjcCo@unreal>
Date:   Thu, 1 Sep 2022 09:38:35 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     Stefan Schmidt <stefan@...enfreihafen.org>,
        Alexander Aring <alex.aring@...il.com>,
        Gal Pressman <gal@...dia.com>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-wpan@...r.kernel.org
Subject: Re: [PATCH net-next] net: ieee802154: Fix compilation error when
 CONFIG_IEEE802154_NL802154_EXPERIMENTAL is disabled

On Wed, Aug 31, 2022 at 02:09:47PM -0700, Jakub Kicinski wrote:
> On Wed, 31 Aug 2022 22:59:14 +0200 Stefan Schmidt wrote:
> > I was swamped today and I am only now finding time to go through mail.
> > 
> > Given the problem these ifdef are raising I am ok with having these 
> > commands exposed without them.
> > 
> > Our main reason for having this feature marked as experimental is that 
> > it does not have much exposure and we fear that some of it needs rewrites.
> > 
> > If that really is going to happen we will simply treat the current 
> > commands as reserved/burned and come up with other ones if needed. While 
> > I hope this will not be needed it is a fair plan for mitigating this.
> 
> Thanks for the replies. I keep going back and forth in my head on
> what's better - un-hiding or just using NL802154_CMD_SET_WPAN_PHY_NETNS + 1 
> as the start of validation, since it's okay to break experimental commands.
> 
> Any preference?

Jakub,

There is no such thing like experimental UAPI. Once you put something
in UAPI headers and/or allowed users to issue calls from userspace
to kernel, they can use it. We don't control how users compile their
kernels.

So it is not break "experimental commands", but break commands that
maybe shouldn't exist in first place.

nl802154 code suffers from two basic mistakes:
1. User visible defines are not part of UAPI headers. For example,
include/net/nl802154.h should be in include/uapi/net/....
2. Used Kconfig option for pseudo-UAPI header.

In this specific case, I checked that Fedora didn't enable this
CONFIG_IEEE802154_NL802154_EXPERIMENTAL knob, but someone needs
to check debian and other distros too.

Most likely it is not used at all.

https://src.fedoraproject.org/rpms/kernel/tree/rawhide

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ