lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 3 Jan 2024 14:16:54 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Ahmed Zaki <ahmed.zaki@...el.com>
Cc: <netdev@...r.kernel.org>, <corbet@....net>,
 <jesse.brandeburg@...el.com>, <anthony.l.nguyen@...el.com>,
 <davem@...emloft.net>, <edumazet@...gle.com>, <pabeni@...hat.com>,
 <vladimir.oltean@....com>, <andrew@...n.ch>, <horms@...nel.org>,
 <mkubecek@...e.cz>, <willemdebruijn.kernel@...il.com>, <gal@...dia.com>,
 <alexander.duyck@...il.com>, <ecree.xilinx@...il.com>, Jacob Keller
 <jacob.e.keller@...el.com>
Subject: Re: [PATCH net-next 2/2] net: ethtool: add a NO_CHANGE uAPI for new
 RXFH's input_xfrm

On Wed, 3 Jan 2024 08:40:47 -0700 Ahmed Zaki wrote:
> On 2024-01-02 17:05, Jakub Kicinski wrote:
> > On Thu, 21 Dec 2023 11:42:35 -0700 Ahmed Zaki wrote:  
> >> +	     rxfh.key_size == 0 && rxfh.hfunc == ETH_RSS_HASH_NO_CHANGE &&
> >> +	     rxfh.input_xfrm == RXH_XFRM_NO_CHANGE))  
> > 
> > This looks fine, but we also need a check to make sure input_xfrm
> > doesn't have bits other than RXH_XFRM_SYM_XOR set, right?  
> 
> I wrote the xfrm as a  bitmap/flags assuming we can have multiple 
> transformations set. Not sure what future transformations will look like 
> (other than RSS-sort,... and discussed before).

Ack, but right now the only valid inputs for the kernel are
0 (disable all), RXH_XFRM_NO_CHANGE and RXH_XFRM_SYM_XOR.
We need to reject all other inputs. If we accept random
inputs without validation we won't be able to use them later.
Refer to many LWN articles about how some syscall didn't check
that unused flags are 0 and now they can't allocate bits.
Because some user space was passing in garbage.

> Else, we can do the check you mentioned or may be better to have it as 
> enum (which would give us 256, not 8, allowable transformations).

Given that RXH_XFRM_SYM_XOR is 1 we can change the exact semantics
later. All that matters is that we reject unsupported for now.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ