lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20230705092559.4b60f7b1@kernel.org>
Date: Wed, 5 Jul 2023 09:25:59 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Joachim Förster
 <joachim.foerster@...singlinkelectronics.com>
Cc: "David S . Miller" <davem@...emloft.net>, netdev@...r.kernel.org, Tariq
 Toukan <tariqt@...dia.com>, Gal Pressman <gal@...dia.com>
Subject: Re: [PATCH] net: Fix special case of empty range in
 find_next_netdev_feature()

On Wed, 5 Jul 2023 15:40:29 +0200 Joachim Förster wrote:
> On 6/26/23 23:17, Jakub Kicinski wrote:
> > On Fri, 23 Jun 2023 16:26:16 +0200 Joachim Foerster wrote:  
> >> Fixes: 85db6352fc8a ("net: Fix features skip in for_each_netdev_feature()")
> >> Cc: stable@...r.kernel.org  
> > Nothing passes @feature with bit 0 set upstream, tho, right?
> > Fix looks fine, but it doesn't need the fixes tag and CC stable,
> > since its theoretical/forward looking.  
> We are triggering this issue by using the inline function 
> for_each_netdev_feature() from the kernel header files in a custom 
> module running on a stable kernel involving NETIF_F_SG, which happens to 
> be bit 0. So my argument is that the function is part of the public API. 
> Or is this actually not supposed to be treated like it is public API? 
> Does this statement change the assessment in terms of tagging with CC 
> stable?

I believe so, if an upstream user can't hit the problem its not
a bug for upstream. I'm not familiar with the concept of public 
API, but I'm afraid it may be a bit of a pandora's box. We have
Documentation/process/stable-api-nonsense.rst, tho, I'm not sure 
it applies to this case.

> Regarding the Fixes tag, I think, I made a mistake, since the previous 
> commit 3b89ea9c5902 ("net: Fix for_each_netdev_feature on Big endian") 
> on find_next_netdev_feature() already causes the issue by not 
> considering the special case of bit 0. So I will repost with fixes tag 
> updated ...

For networking stable == fixes more or less, so if it's not a bug
fix it should not have a Fixes tag either. But we're not maintaining
stable ourselves, we primarily care about describing the situation
and tagging appropriately in the commit message. You can still try
to convince Greg KH to pull it into stable afterwards. Who knows, 
maybe Sasha's AI will even suck it in automatically..

> > Please repost explaining how we can hit this problem upstream
> > or with the Fixes/CC stable replaced by a sentence stating that
> > the problem can't currently be triggered.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ