lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID:
 <MW3PR15MB391324648F78241D4AC721A6FA57A@MW3PR15MB3913.namprd15.prod.outlook.com>
Date: Tue, 15 Jul 2025 18:22:37 +0000
From: David Wilder <wilder@...ibm.com>
To: Simon Horman <horms@...nel.org>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "jv@...sburgh.net"
	<jv@...sburgh.net>,
        "pradeeps@...ux.vnet.ibm.com"
	<pradeeps@...ux.vnet.ibm.com>,
        Pradeep Satyanarayana <pradeep@...ibm.com>,
        "i.maximets@....org" <i.maximets@....org>,
        Adrian Moreno Zapata
	<amorenoz@...hat.com>,
        Hangbin Liu <haliu@...hat.com>
Subject: RE: [PATCH net-next v5 6/7] bonding: Update for extended arp_ip_target
 format.




________________________________________
From: Simon Horman <horms@...nel.org>
Sent: Tuesday, July 15, 2025 6:58 AM
To: David Wilder
Cc: netdev@...r.kernel.org; jv@...sburgh.net; pradeeps@...ux.vnet.ibm.com; Pradeep Satyanarayana; i.maximets@....org; Adrian Moreno Zapata; Hangbin Liu
Subject: [EXTERNAL] Re: [PATCH net-next v5 6/7] bonding: Update for extended arp_ip_target format.

>On Mon, Jul 14, 2025 at 03:54:51PM -0700, David Wilder wrote:
>> Updated bond_fill_info() to support extended arp_ip_target format.
>>
>> Forward and backward compatibility between the kernel and iprout2 is
>> preserved.
>>
>> Signed-off-by: David Wilder <wilder@...ibm.com>
>> ---
>>  drivers/net/bonding/bond_netlink.c | 28 ++++++++++++++++++++++++++--
>>  include/net/bonding.h              |  1 +
>>  2 files changed, 27 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/net/bonding/bond_netlink.c b/drivers/net/bonding/bond_netlink.c
>> index 5486ef40907e..6e8aebe5629f 100644
>> --- a/drivers/net/bonding/bond_netlink.c
>> +++ b/drivers/net/bonding/bond_netlink.c
>> @@ -701,8 +701,32 @@ static int bond_fill_info(struct sk_buff *skb,
>>
>>       targets_added = 0;
>>       for (i = 0; i < BOND_MAX_ARP_TARGETS; i++) {
>> -             if (bond->params.arp_targets[i].target_ip) {
>> -                     if (nla_put_be32(skb, i, bond->params.arp_targets[i].target_ip))
>> +             struct bond_arp_target *target = &bond->params.arp_targets[i];
>> +             struct Data {
>> +                     __u32 addr;
>> +                     struct bond_vlan_tag vlans[BOND_MAX_VLAN_TAGS + 1];
>> +             } data;
>> +             int size = 0;
>> +
>> +             if (target->target_ip) {
>> +                     data.addr = target->target_ip;
>
>Hi David,
>
>There appears to be an endian mismatch here. Sparse says:
>
  >.../bond_netlink.c:712:35: warning: incorrect type in assignment (different base types)
  >.../bond_netlink.c:712:35:    expected unsigned int [usertype] addr
  >.../bond_netlink.c:712:35:    got restricted __be32 [usertype] target_ip
>
>> +                     size = sizeof(target->target_ip);
>> +             }
>
>It seems that data.addr may be used uninitialised below
>if the if condition above is not met.

>Flagged by Smatch.

Hi Simon

Thanks for catching this,  I will make the following change in the next version.

@@ -703,15 +703,14 @@ static int bond_fill_info(struct sk_buff *skb,
        for (i = 0; i < BOND_MAX_ARP_TARGETS; i++) {
                struct bond_arp_target *target = &bond->params.arp_targets[i];
                struct Data {
-                       __u32 addr;
+                       __be32 addr;
                        struct bond_vlan_tag vlans[BOND_MAX_VLAN_TAGS + 1];
                } data;
                int size = 0;

-               if (target->target_ip) {
-                       data.addr = target->target_ip;
-                       size = sizeof(target->target_ip);
-               }
+               BUG_ON(!target->target_ip);
+               data.addr = target->target_ip;
+               size = sizeof(target->target_ip);

                for (int level = 0; target->flags & BOND_TARGET_USERTAGS && target->tags; level++) {
                        if (level > BOND_MAX_VLAN_TAGS)

David Wilder

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ