lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ed966750-482e-50e3-7c27-028e135d3208@missinglinkelectronics.com>
Date: Wed, 5 Jul 2023 15:40:29 +0200
From: Joachim Förster
 <joachim.foerster@...singlinkelectronics.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: "David S . Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
 Tariq Toukan <tariqt@...dia.com>, Gal Pressman <gal@...dia.com>
Subject: Re: [PATCH] net: Fix special case of empty range in
 find_next_netdev_feature()

On 6/26/23 23:17, Jakub Kicinski wrote:
> On Fri, 23 Jun 2023 16:26:16 +0200 Joachim Foerster wrote:
>> Fixes: 85db6352fc8a ("net: Fix features skip in for_each_netdev_feature()")
>> Cc: stable@...r.kernel.org
> Nothing passes @feature with bit 0 set upstream, tho, right?
> Fix looks fine, but it doesn't need the fixes tag and CC stable,
> since its theoretical/forward looking.
We are triggering this issue by using the inline function 
for_each_netdev_feature() from the kernel header files in a custom 
module running on a stable kernel involving NETIF_F_SG, which happens to 
be bit 0. So my argument is that the function is part of the public API. 
Or is this actually not supposed to be treated like it is public API? 
Does this statement change the assessment in terms of tagging with CC 
stable?

Regarding the Fixes tag, I think, I made a mistake, since the previous 
commit 3b89ea9c5902 ("net: Fix for_each_netdev_feature on Big endian") 
on find_next_netdev_feature() already causes the issue by not 
considering the special case of bit 0. So I will repost with fixes tag 
updated ...

>
> Please repost explaining how we can hit this problem upstream
> or with the Fixes/CC stable replaced by a sentence stating that
> the problem can't currently be triggered.


-- 
Joachim Förster

Missing Link Electronics
http://www.missinglinkelectronics.com
Office DE: +49 (731) 141-149-0
Office US: +1  (408) 457-0700

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ