lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202309291123.FAE665CC7@keescook>
Date: Fri, 29 Sep 2023 11:24:56 -0700
From: Kees Cook <keescook@...omium.org>
To: "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc: Jamal Hadi Salim <jhs@...atatu.com>, Jakub Kicinski <kuba@...nel.org>,
	Cong Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH][next] net: sched: cls_u32: Fix allocation in u32_init()

On Mon, Aug 21, 2023 at 11:48:02AM -0700, Jakub Kicinski wrote:
> On Mon, 21 Aug 2023 10:35:29 -0400 Jamal Hadi Salim wrote:
> > > Sure, but why are you doing this? And how do you know the change is
> > > correct?
> > >
> > > There are 2 other instances where we allocate 1 entry or +1 entry.
> > > Are they not all wrong?
> > >
> > > Also some walking code seems to walk <= divisor, divisor IIUC being
> > > the array bound - 1?
> > >
> > > Jamal acked so changes are this is right, but I'd really like to
> > > understand what's going on, and I shouldn't have to ask you all
> > > these questions :S  
> > 
> > This is a "bug fix" given that the structure had no zero array
> > construct as was implied by d61491a51f7e . I didnt want to call it out
> > as a bug fix (for -net) because existing code was not harmful but
> > allocated extra memory which this patch gives back.
> > The other instances have a legit need for "flexible array".
> 
> Based on the link provided it seems like the Fixes comes in because
> someone reported compilation issues. But from the thread it seems
> like the problem only appears when sizeof_struct() is modified.
> In which case - you're right, Fixes and Reported-by tags should go.

Gustavo, can you please respin this with an updated commit log and
adjusted tags for netdev to pick up?

-- 
Kees Cook

Powered by blists - more mailing lists