lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <7346cdea74daedd0abecfcdcba2e7aa3be203a6e.camel@codeconstruct.com.au>
Date: Mon, 04 Nov 2024 11:57:55 +0800
From: Jeremy Kerr <jk@...econstruct.com.au>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Samuel Mendoza-Jonas <sam@...dozajonas.com>, "David S. Miller"
 <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni
 <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, netdev@...r.kernel.org
Subject: Re: [PATCH net-next] net: ncsi: check for netlink-driven responses
 before requiring a handler

Hi Jakub,

> > Currently, the NCSI response path will look up an opcode-specific
> > handler for all incoming response messages. However, we may be
> > receiving
> > a response from a netlink-generated request, which may not have a
> > corresponding in-kernel handler for that request opcode. In that
> > case,
> > we'll drop the response because we didn't find a opcode-specific
> > handler.
> 
> This makes it sound like the code is written this way
> unintentionally, which I doubt.

This seems like an oversight in the response path, failing on a missing
in-kernel handler even if we don't later use it. If we were
intentionally enforcing only known commands, then we'd also be checking
on the request side.

But yes, I can certainly word this in terms of what this change now
enables, and provide examples.

> > Perform the lookup for the pending request (and hence for
> > NETLINK_DRIVEN) before requiring an in-kernel handler, and defer
> > the
> > requirement for a corresponding kernel request until we know it's a
> > kernel-driven command.
> 
> As for the code - delaying handling ret != 0 makes me worried that
> someone will insert code in between and clobber it. Can you split
> the handling so that all the ret != 0 (or EPERM for netlink)
> are still handled in the if (ret) {} ?

Can do! The -EPERM case can probably be simplified a little too, as it
just indicates we didn't get a success response from the remote NCSI
device.

Will work on a v2 soon.

Cheers,


Jeremy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ