lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 18 Oct 2022 23:39:28 +0200
From:   Andrew Lunn <andrew@...n.ch>
To:     Andrew Davis <afd@...com>
Cc:     Sean Anderson <sean.anderson@...o.com>,
        "David S . Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Madalin Bucur <madalin.bucur@....com>,
        Jakub Kicinski <kuba@...nel.org>,
        Eric Dumazet <edumazet@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>,
        Camelia Groza <camelia.groza@....com>,
        Geert Uytterhoeven <geert@...ux-m68k.org>
Subject: Re: [PATCH net] net: fman: Use physical address for userspace
 interfaces

On Tue, Oct 18, 2022 at 01:33:55PM -0500, Andrew Davis wrote:
> On 10/18/22 12:37 PM, Sean Anderson wrote:
> > Hi Andrew,
> > 
> > On 10/18/22 1:22 PM, Andrew Lunn wrote:
> > > On Mon, Oct 17, 2022 at 12:28:06PM -0400, Sean Anderson wrote:
> > > > For whatever reason, the address of the MAC is exposed to userspace in
> > > > several places. We need to use the physical address for this purpose to
> > > > avoid leaking information about the kernel's memory layout, and to keep
> > > > backwards compatibility.
> > > 
> > > How does this keep backwards compatibility? Whatever is in user space
> > > using this virtual address expects a virtual address. If it now gets a
> > > physical address it will probably do the wrong thing. Unless there is
> > > a one to one mapping, and you are exposing virtual addresses anyway.
> > > 
> > > If you are going to break backwards compatibility Maybe it would be
> > > better to return 0xdeadbeef? Or 0?
> > > 
> > >         Andrew
> > > 
> > 
> > The fixed commit was added in v6.1-rc1 and switched from physical to
> > virtual. So this is effectively a partial revert to the previous
> > behavior (but keeping the other changes). See [1] for discussion.

Please don't assume a reviewer has seen the previous
discussion. Include the background in the commit message to help such
reviewers.

> > 
> > --Sean
> > 
> > [1] https://lore.kernel.org/netdev/20220902215737.981341-1-sean.anderson@seco.com/T/#md5c6b66bc229c09062d205352a7d127c02b8d262
> 
> I see it asked in that thread, but not answered. Why are you exposing
> "physical" addresses to userspace? There should be no reason for that.

I don't see anything about needing physical or virtual address in the
discussion, or i've missed it.

If nobody knows why it is needed, either use an obfusticated value, or
remove it all together. If somebody/something does need it, they will
report the regression.

       Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ