lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240613185728.6e7bf9ad@kernel.org>
Date: Thu, 13 Jun 2024 18:57:28 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Przemek Kitszel <przemyslaw.kitszel@...el.com>
Cc: <davem@...emloft.net>, <netdev@...r.kernel.org>, <edumazet@...gle.com>,
 <pabeni@...hat.com>
Subject: Re: [PATCH net-next] net: make for_each_netdev_dump() a little more
 bug-proof

On Fri, 14 Jun 2024 03:45:47 +0200 Przemek Kitszel wrote:
> you are right, it would be easier to go one step [of macros] up, we have
>   453│ #define xa_for_each_range(xa, index, entry, start, last)         \
>   454│         for (index = start,                                      \
>   455│              entry = xa_find(xa, &index, last, XA_PRESENT);      \
>   456│              entry;                                              \
>   457│              entry = xa_find_after(xa, &index, last, XA_PRESENT))
> 
> You could simply change L456 to:
> entry || (index = 0);
> to achieve what you want; but that would slow down a little lot's of
> places, only to change value of the index that should not be used :P
> 
> For me a proper solution would be to fast forward into C11 era, and move
> @index allocation into the loop, so value could not be abused.

I think we're already in C11 era for that exact reason 🤐️
But please don't take this as an invitation to do crazy things!

In netlink dumps, tho, we keep the index in persistent socket context,
because the iteration is split into multiple recvmsg() calls,
each one continuing where the previous one left off.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ