lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6af89ba8-e1bf-4609-8e67-4e9fecf1193a@gmail.com>
Date: Wed, 21 Feb 2024 20:50:30 +0100
From: Heiner Kallweit <hkallweit1@...il.com>
To: Andrew Lunn <andrew@...n.ch>
Cc: Russell King - ARM Linux <linux@...linux.org.uk>,
 Paolo Abeni <pabeni@...hat.com>, Jakub Kicinski <kuba@...nel.org>,
 David Miller <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next] ethtool: ignore unused/unreliable fields in
 set_eee op

On 21.02.2024 16:41, Andrew Lunn wrote:
> On Wed, Feb 21, 2024 at 08:24:40AM +0100, Heiner Kallweit wrote:
>> This function is used with the set_eee() ethtool operation. Certain
>> fields of struct ethtool_keee() are relevant only for the get_eee()
>> operation. In addition, in case of the ioctl interface, we have no
>> guarantee that userspace sends sane values in struct ethtool_eee.
>> Therefore explicitly ignore all fields not needed for set_eee().
>> This protects from drivers trying to use unchecked and unreliable
>> data, relying on specific userspace behavior.
>>
>> Note: Such unsafe driver behavior has been found and fixed in the
>> tg3 driver.
>>
>> Signed-off-by: Heiner Kallweit <hkallweit1@...il.com>
>> ---
>>  net/ethtool/ioctl.c | 7 -------
>>  1 file changed, 7 deletions(-)
>>
>> diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c
>> index 1763e8b69..ff28c113b 100644
>> --- a/net/ethtool/ioctl.c
>> +++ b/net/ethtool/ioctl.c
>> @@ -1513,20 +1513,13 @@ static void eee_to_keee(struct ethtool_keee *keee,
>>  {
>>  	memset(keee, 0, sizeof(*keee));
>>  
>> -	keee->supported_u32 = eee->supported;
>>  	keee->advertised_u32 = eee->advertised;
>> -	keee->lp_advertised_u32 = eee->lp_advertised;
> 
> This overlaps with the last patch in my series, which removes all the
> _u32 members from keee. They are no longer used at the end of my
> series. I added this removal patch because i kept missing a _u32, and
> i wanted the compiler to tell me.
> 
Ah, didn't see this. Then I'll wait for your series to be applied,
afterwards will check whether parts of my patch are still applicable.

> 	Andrew

Heiner

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ