lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7472bddc-86ad-45fb-8337-4ee21ea7a941@lunn.ch>
Date: Wed, 21 Feb 2024 16:41:25 +0100
From: Andrew Lunn <andrew@...n.ch>
To: Heiner Kallweit <hkallweit1@...il.com>
Cc: Russell King - ARM Linux <linux@...linux.org.uk>,
	Paolo Abeni <pabeni@...hat.com>, Jakub Kicinski <kuba@...nel.org>,
	David Miller <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next] ethtool: ignore unused/unreliable fields in
 set_eee op

On Wed, Feb 21, 2024 at 08:24:40AM +0100, Heiner Kallweit wrote:
> This function is used with the set_eee() ethtool operation. Certain
> fields of struct ethtool_keee() are relevant only for the get_eee()
> operation. In addition, in case of the ioctl interface, we have no
> guarantee that userspace sends sane values in struct ethtool_eee.
> Therefore explicitly ignore all fields not needed for set_eee().
> This protects from drivers trying to use unchecked and unreliable
> data, relying on specific userspace behavior.
> 
> Note: Such unsafe driver behavior has been found and fixed in the
> tg3 driver.
> 
> Signed-off-by: Heiner Kallweit <hkallweit1@...il.com>
> ---
>  net/ethtool/ioctl.c | 7 -------
>  1 file changed, 7 deletions(-)
> 
> diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c
> index 1763e8b69..ff28c113b 100644
> --- a/net/ethtool/ioctl.c
> +++ b/net/ethtool/ioctl.c
> @@ -1513,20 +1513,13 @@ static void eee_to_keee(struct ethtool_keee *keee,
>  {
>  	memset(keee, 0, sizeof(*keee));
>  
> -	keee->supported_u32 = eee->supported;
>  	keee->advertised_u32 = eee->advertised;
> -	keee->lp_advertised_u32 = eee->lp_advertised;

This overlaps with the last patch in my series, which removes all the
_u32 members from keee. They are no longer used at the end of my
series. I added this removal patch because i kept missing a _u32, and
i wanted the compiler to tell me.

	Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ