lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20230623142616.144923-1-joachim.foerster@missinglinkelectronics.com>
Date: Fri, 23 Jun 2023 16:26:16 +0200
From: Joachim Foerster <joachim.foerster@...singlinkelectronics.com>
To: Jakub Kicinski <kuba@...nel.org>,
	"David S . Miller" <davem@...emloft.net>
Cc: netdev@...r.kernel.org,
	Tariq Toukan <tariqt@...dia.com>,
	Gal Pressman <gal@...dia.com>
Subject: [PATCH] net: Fix special case of empty range in find_next_netdev_feature()

Avoids running into an infinite loop when the lowest feature bit is
asserted.

In case of the "start" argument of find_next_netdev_feature() being 0, the
result will be the index of the highest asserted bit in its argument
"feature".  Given that for_each_netdev_feature() uses the return value of
find_next_netdev_feature() - which can of course be 0 (=> bit index 0) - as
the next "start" value, find_next_netdev_feature() has to deal with that,
in order to make sure that the loop of for_each_netdev_feature() ends when
having iterated over all asserted bits.

Fixes: 85db6352fc8a ("net: Fix features skip in for_each_netdev_feature()")
Cc: stable@...r.kernel.org
Signed-off-by: Joachim Foerster <joachim.foerster@...singlinkelectronics.com>
---
 include/linux/netdev_features.h | 6 ++++++
 1 file changed, 6 insertions(+)

Of course one could also argue, that this should be fixed in
for_each_netdev_feature() itself. However that could complicate this macro.

On the other hand, I don't know whether there is a possibility to also
cover the special case as part of the masking and shifting in
find_next_netdev_feature().

Since the past commit 85db6352fc8a has introduced in 5.18, this fix here
could be queued for -stable >= 5.18. And should probably be queued for >=
6.1?

diff --git a/include/linux/netdev_features.h b/include/linux/netdev_features.h
index 7c2d77d75a88..30f5364c2e85 100644
--- a/include/linux/netdev_features.h
+++ b/include/linux/netdev_features.h
@@ -173,6 +173,12 @@ enum {
  */
 static inline int find_next_netdev_feature(u64 feature, unsigned long start)
 {
+	/* catch special case of start == 0, which indicates "empty range";
+	 * caller for_each_netdev_feature() depends on this
+	 */
+	if (unlikely(!start))
+		return -1;
+
 	/* like BITMAP_LAST_WORD_MASK() for u64
 	 * this sets the most significant 64 - start to 0.
 	 */
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ