lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 12 Jan 2024 16:44:17 +0100
From: Jiri Pirko <jiri@...nulli.us>
To: Eric Dumazet <edumazet@...gle.com>
Cc: "David S . Miller" <davem@...emloft.net>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Willem de Bruijn <willemb@...gle.com>, netdev@...r.kernel.org,
	eric.dumazet@...il.com,
	syzbot+7f4d0ea3df4d4fa9a65f@...kaller.appspotmail.com
Subject: Re: [PATCH net] net: add more sanity check in virtio_net_hdr_to_skb()

Fri, Jan 12, 2024 at 02:11:43PM CET, edumazet@...gle.com wrote:
>On Fri, Jan 12, 2024 at 2:00 PM Jiri Pirko <jiri@...nulli.us> wrote:
>>
>> Fri, Jan 12, 2024 at 01:28:16PM CET, edumazet@...gle.com wrote:
>> >syzbot/KMSAN reports access to uninitialized data from gso_features_check() [1]
>> >
>> >The repro use af_packet, injecting a gso packet and hdrlen == 0.
>> >
>> >We could fix the issue making gso_features_check() more careful
>> >while dealing with NETIF_F_TSO_MANGLEID in fast path.
>> >
>> >Or we can make sure virtio_net_hdr_to_skb() pulls minimal network and
>> >transport headers as intended.
>>
>> You describe "either or", but don't really say what to do. Bit
>> confusing :/
>
>Not sure I understand your point?
>
> Patch title is " net: add more sanity check in virtio_net_hdr_to_skb() ",
>and the change is implementing that option.

Right. Patch desctiption does not clearly say it, that's what made me
wonder.


>
>I am saying I prefer not touching gso_features_check(), even if we
>could just do this.
>
>Had I been silent about that option, I am sure some reviewers would
>have raised the question,
>given the stack trace ?
>
>Apparently you are saying these kinds of things should not be ever mentioned,
>because of some "imperative mood" request that you often raise with my patches.

I woudn't dare :) I just find it hard to understand from time to time,
sorry about that.


>
>I have not written a novel, only one sentence, admittedly not written
>in perfect English.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ