lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 13 Apr 2023 10:34:48 +0200
From:   Kevin Brodsky <kevin.brodsky@....com>
To:     Christoph Hellwig <hch@....de>
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        Eric Dumazet <edumazet@...gle.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>
Subject: Re: [PATCH] net: Finish up ->msg_control{,_user} split

On 12/04/2023 17:25, Christoph Hellwig wrote:
> On Tue, Apr 11, 2023 at 01:26:25PM +0100, Kevin Brodsky wrote:
>> This patch is attempting to complete the split. Most issues are about
>> msg_control being used when in fact a user pointer is stored in the
>> union; msg_control_user is now used instead. An exception is made
>> for null checks, as it should be safe to use msg_control
>> unconditionally for that purpose.
> So all of the fixes looks good to me.
>
>> Additionally, a special situation in
>> cmsghdr_from_user_compat_to_kern() is addressed. There the input
>> struct msghdr holds a user pointer (msg_control_user), but a kernel
>> pointer is stored in msg_control when returning. msg_control_is_user
>> is now updated accordingly.
> But this is a small isolated real bugfix.  So I'd suggest to split
> this into a simple and easily backportable patch, and do the rest
> in another.
>
>> diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
>> index 2917dd8d198c..ae818ff46224 100644
>> --- a/net/ipv6/ipv6_sockglue.c
>> +++ b/net/ipv6/ipv6_sockglue.c
>> @@ -716,6 +716,7 @@ int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
>>                      goto done;
>>
>>              msg.msg_controllen = optlen;
>> +            msg.msg_control_is_user = false;
> And this is another one that has a real effect.

Thank you, both good points! Will split that up into a series of three
patches.

Kevin
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ