lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <670937c990fca_234aca29481@willemb.c.googlers.com.notmuch>
Date: Fri, 11 Oct 2024 10:35:53 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Gur Stavi <gur.stavi@...wei.com>, 
 'Willem de Bruijn' <willemdebruijn.kernel@...il.com>
Cc: davem@...emloft.net, 
 edumazet@...gle.com, 
 kuba@...nel.org, 
 linux-kernel@...r.kernel.org, 
 linux-kselftest@...r.kernel.org, 
 netdev@...r.kernel.org, 
 pabeni@...hat.com, 
 shuah@...nel.org
Subject: RE: [PATCH net-next v02 1/2] af_packet: allow fanout_add when socket
 is not RUNNING

Gur Stavi wrote:
> > 
> > If we don't care about opening up fanout groups to ETH_P_NONE, then
> > patch v2 seems sufficient. If explicitly blocking this, the ENXIO
> > return can be added, but ideally without touching the other lines.
> 
> I don't think that allowing ETH_P_NONE is relevant.
> In my opinion the 2 options that should be considered to fail
> fanout_add are:
> 1. Testing proto == 0
> 2. Testing proto == 0 || ifindex == -1
> 
> The only corner case that is caught by [2] and missed by [1] is
> the "unlisted" case during do_bind. It is such a rare case that
> probably no one will ever encounter bind "unlisted" followed by
> FANOUT_ADD. And this is not a dangerous corner case that leads to
> system crash.
> 
> However, being a purist, I see the major goal of code review to promote
> correctness by identifying corner cases while improving style is a
> secondary priority. Since we did identify this corner case in our
> discussion I think we should still use [2].
> I don't consider the code complex. In fact, to me, the ifindex clause
> is a more understandable direct reason for failure than the proto which
> is indirect. Having the ifindex clause helps figuring out the proto
> clause.

It's interesting that the unlisted fix does not return ENODEV, but
returns success and leaves the socket in an unbound state, equivalent
to binding to ETH_P_NONE and ifindex 0. This seems surprising behavior
to the caller.

On rereading that, I still do not see a purpose of special ifindex -1.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ