lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Oct 2022 18:52:39 -0700 From: Kees Cook <keescook@...omium.org> To: Paolo Abeni <pabeni@...hat.com> Cc: Jakub Kicinski <kuba@...nel.org>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jens Axboe <axboe@...nel.dk>, Pavel Begunkov <asml.silence@...il.com>, David Ahern <dsahern@...nel.org>, Dylan Yudaken <dylany@...com>, Yajun Deng <yajun.deng@...ux.dev>, Petr Machata <petrm@...dia.com>, Hangbin Liu <liuhangbin@...il.com>, Leon Romanovsky <leon@...nel.org>, syzbot <syzkaller@...glegroups.com>, Willem de Bruijn <willemb@...gle.com>, Pablo Neira Ayuso <pablo@...filter.org>, netdev@...r.kernel.org, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Tom Rix <trix@...hat.com>, "D. Wythe" <alibuda@...ux.alibaba.com>, Jeremy Kerr <jk@...econstruct.com.au>, Sebastian Andrzej Siewior <bigeasy@...utronix.de>, Menglong Dong <imagedong@...cent.com>, Kuniyuki Iwashima <kuniyu@...zon.com>, Congyu Liu <liu3101@...due.edu>, Wolfram Sang <wsa+renesas@...g-engineering.com>, Ziyang Xuan <william.xuanziyang@...wei.com>, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev, linux-hardening@...r.kernel.org Subject: Re: [PATCH][next] net: dev: Convert sa_data to flexible array in struct sockaddr On Thu, Oct 20, 2022 at 10:58:50AM +0200, Paolo Abeni wrote: > On Tue, 2022-10-18 at 02:56 -0700, Kees Cook wrote: > > [...] > > struct sockaddr { > > sa_family_t sa_family; /* address family, AF_xxx */ > > - char sa_data[14]; /* 14 bytes of protocol address */ > > + union { > > + char sa_data_min[14]; /* Minimum 14 bytes of protocol address */ > > + DECLARE_FLEX_ARRAY(char, sa_data); > > Any special reason to avoid preserving the old name for the array and > e.g. using sa_data_flex for the new field, so we don't have to touch > the sockaddr users? Yes -- the reason is exactly to not touch the sockaddr users (who generally treat sa_data as a fake flexible array). By switching it to a flex-array the behavior will stay the same (especially under the coming -fstrict-flex-arrays option), except that it breaks sizeof(). But the broken sizeof() allows us to immediately find all the places where the code explicitly depends on sa_data being 14 bytes. And for those cases, we switch to sizeof(sa_data_min). If we went the reverse route (and added -fstrict-flex-arrays) we might end up adding a bunch of false positives all at once, because the places that treated it as a flex-array would suddenly all begin behaving as a 14-byte array. -- Kees Cook
Powered by blists - more mailing lists