| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202211171855.9AEB6E3@keescook>
Date: Thu, 17 Nov 2022 19:27:59 -0800
From: Kees Cook <keescook@...omium.org>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Stephen Hemminger <stephen@...workplumber.org>,
"Gustavo A. R. Silva" <gustavo@...eddedor.com>,
David Ahern <dsahern@...nel.org>, davem@...emloft.net,
netdev@...r.kernel.org, edumazet@...gle.com, pabeni@...hat.com,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH net-next v2] netlink: split up copies in the ack
construction
On Thu, Nov 17, 2022 at 04:28:22PM -0800, Jakub Kicinski wrote:
> On Thu, 17 Nov 2022 14:35:32 -0800 Kees Cook wrote:
> > As for testing, I can do that if you want -- the goal was to make sure
> > the final result doesn't trip FORTIFY when built with -fstrict-flex-arrays
> > (not yet in a released compiler version, but present in both GCC and Clang
> > truck builds) and with __builtin_dynamic_object_size() enabled (which
> > is not yet in -next, as it is waiting on the last of ksize() clean-ups).
>
> I got distracted, sorry. Does this work?
>
> -->8--------------
>
> From: Jakub Kicinski <kuba@...nel.org>
> Subject: netlink: remove the flex array from struct nlmsghdr
>
> I've added a flex array to struct nlmsghdr to allow accessing
> the data easily. But it leads to warnings with clang, when user
> space wraps this structure into another struct and the flex
> array is not at the end of the container.
>
> Link: https://lore.kernel.org/all/20221114023927.GA685@u2004-local/
> Signed-off-by: Jakub Kicinski <kuba@...nel.org>
Thanks! Yes, this seems to be happy with all the future stuff enabled.
Reviewed-by: Kees Cook <keescook@...omium.org>
-Kees
> ---
> include/uapi/linux/netlink.h | 2 --
> net/netlink/af_netlink.c | 2 +-
> 2 files changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h
> index 5da0da59bf01..e2ae82e3f9f7 100644
> --- a/include/uapi/linux/netlink.h
> +++ b/include/uapi/linux/netlink.h
> @@ -48,7 +48,6 @@ struct sockaddr_nl {
> * @nlmsg_flags: Additional flags
> * @nlmsg_seq: Sequence number
> * @nlmsg_pid: Sending process port ID
> - * @nlmsg_data: Message payload
> */
> struct nlmsghdr {
> __u32 nlmsg_len;
> @@ -56,7 +55,6 @@ struct nlmsghdr {
> __u16 nlmsg_flags;
> __u32 nlmsg_seq;
> __u32 nlmsg_pid;
> - __u8 nlmsg_data[];
> };
>
> /* Flags values */
> diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
> index 9ebdf3262015..d73091f6bb0f 100644
> --- a/net/netlink/af_netlink.c
> +++ b/net/netlink/af_netlink.c
> @@ -2514,7 +2514,7 @@ void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err,
> if (!nlmsg_append(skb, nlmsg_len(nlh)))
> goto err_bad_put;
>
> - memcpy(errmsg->msg.nlmsg_data, nlh->nlmsg_data,
> + memcpy(nlmsg_data(&errmsg->msg), nlmsg_data(nlh),
> nlmsg_len(nlh));
> }
>
> --
> 2.38.1
>
--
Kees Cook
Powered by blists - more mailing lists