lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 16 Oct 2023 18:17:22 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Pedro Tammela <pctammela@...atatu.com>
Cc: netdev@...r.kernel.org, jhs@...atatu.com, xiyou.wangcong@...il.com,
 jiri@...nulli.us, davem@...emloft.net, edumazet@...gle.com,
 pabeni@...hat.com, Christian Theune <ct@...ingcircus.io>, Budimir Markovic
 <markovicbudimir@...il.com>
Subject: Re: [PATCH net 2/2] net/sched: sch_hfsc: upgrade 'rt' to 'sc' when
 it becomes a inner curve

On Fri, 13 Oct 2023 12:10:57 -0300 Pedro Tammela wrote:
> Budimir's original patch disallows users to add classes with a 'rt'
> parent, but this is too strict as it breaks users that have been using
> 'rt' as a inner class. Another approach, taken by this patch, is to
> upgrade the inner 'rt' into a 'sc', warning the user in the process.
> It avoids the UAF reported by Budimir while also being more permissive
> to bad scripts/users/code using 'rt' as a inner class.

Perfect, thank you.

> Users checking the `tc class ls [...]` or `tc class get [...]` dumps would
> observe the curve change and are potentially breaking with this change.
> 
> Cc: Christian Theune <ct@...ingcircus.io>
> Cc: Budimir Markovic <markovicbudimir@...il.com>
> Fixes: 0c9570eeed69 ("net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve")

git says this SHA does not exist. From the title I'm guessing this is
the patch itself, some mis-automation, perhaps?

All in all I think you can squash the revert into this and use
b3d26c5702c7d6c45 for Fixes. I don't think there's a reason to keep
the revert separate, given how small it is. And if the revert is
first what if someone backports just the revert..
-- 
pw-bot: cr

Powered by blists - more mailing lists