lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <68b06b79-d8fb-456d-9c21-b95087bde815@redhat.com>
Date: Tue, 22 Oct 2024 13:23:50 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Simon Horman <horms@...nel.org>, Oliver Neukum <oneukum@...e.com>
Cc: edumazet@...gle.com, kuba@...nel.org, netdev@...r.kernel.org,
 Greg Thelen <gthelen@...gle.com>, John Sperbeck <jsperbeck@...gle.com>
Subject: Re: [PATCH net] net: usb: usbnet: fix name regression

On 10/17/24 18:11, Simon Horman wrote:
> On Thu, Oct 17, 2024 at 09:18:37AM +0200, Oliver Neukum wrote:
>> The fix for MAC addresses broke detection of the naming convention
>> because it gave network devices no random MAC before bind()
>> was called. This means that the check for the local assignment bit
>> was always negative as the address was zeroed from allocation,
>> instead of from overwriting the MAC with a unique hardware address.
>>
>> The correct check for whether bind() has altered the MAC is
>> done with is_zero_ether_addr
>>
>> Signed-off-by: Oliver Neukum <oneukum@...e.com>
>> Reported-by: Greg Thelen <gthelen@...gle.com>
>> Diagnosed-by: John Sperbeck <jsperbeck@...gle.com>
>> Fixes: bab8eb0dd4cb9 ("usbnet: modern method to get random MAC")
> 
> I accidently provided my feedback in response to an earlier version [1]
> https://lore.kernel.org/all/20241017134413.GL1697@kernel.org/
> 
> It is:
> 
> I think works for the case where a random address will be assigned
> as per the cited commit. But I'm unsure that is correct wrt
> to the case where ->bind assigns an address with 0x2 set in the 0th octet.
> 
> Can that occur in practice? Perhaps not because the driver would
> rely on usbnet_probe() to set a random address. But if so then
> it would previously have hit the "eth%d" logic, but does not anymore.

My understanding is that the naming detection is 'best effort' and the
current logic fails 100% of times, so this looks a worthy improvement no
matter what.

Cheers,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ