| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<MW3PR15MB391324648F78241D4AC721A6FA57A@MW3PR15MB3913.namprd15.prod.outlook.com>
Date: Tue, 15 Jul 2025 18:22:37 +0000
From: David Wilder <wilder@...ibm.com>
To: Simon Horman <horms@...nel.org>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"jv@...sburgh.net"
<jv@...sburgh.net>,
"pradeeps@...ux.vnet.ibm.com"
<pradeeps@...ux.vnet.ibm.com>,
Pradeep Satyanarayana <pradeep@...ibm.com>,
"i.maximets@....org" <i.maximets@....org>,
Adrian Moreno Zapata
<amorenoz@...hat.com>,
Hangbin Liu <haliu@...hat.com>
Subject: RE: [PATCH net-next v5 6/7] bonding: Update for extended arp_ip_target
format.
________________________________________
From: Simon Horman <horms@...nel.org>
Sent: Tuesday, July 15, 2025 6:58 AM
To: David Wilder
Cc: netdev@...r.kernel.org; jv@...sburgh.net; pradeeps@...ux.vnet.ibm.com; Pradeep Satyanarayana; i.maximets@....org; Adrian Moreno Zapata; Hangbin Liu
Subject: [EXTERNAL] Re: [PATCH net-next v5 6/7] bonding: Update for extended arp_ip_target format.
>On Mon, Jul 14, 2025 at 03:54:51PM -0700, David Wilder wrote:
>> Updated bond_fill_info() to support extended arp_ip_target format.
>>
>> Forward and backward compatibility between the kernel and iprout2 is
>> preserved.
>>
>> Signed-off-by: David Wilder <wilder@...ibm.com>
>> ---
>> drivers/net/bonding/bond_netlink.c | 28 ++++++++++++++++++++++++++--
>> include/net/bonding.h | 1 +
>> 2 files changed, 27 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/net/bonding/bond_netlink.c b/drivers/net/bonding/bond_netlink.c
>> index 5486ef40907e..6e8aebe5629f 100644
>> --- a/drivers/net/bonding/bond_netlink.c
>> +++ b/drivers/net/bonding/bond_netlink.c
>> @@ -701,8 +701,32 @@ static int bond_fill_info(struct sk_buff *skb,
>>
>> targets_added = 0;
>> for (i = 0; i < BOND_MAX_ARP_TARGETS; i++) {
>> - if (bond->params.arp_targets[i].target_ip) {
>> - if (nla_put_be32(skb, i, bond->params.arp_targets[i].target_ip))
>> + struct bond_arp_target *target = &bond->params.arp_targets[i];
>> + struct Data {
>> + __u32 addr;
>> + struct bond_vlan_tag vlans[BOND_MAX_VLAN_TAGS + 1];
>> + } data;
>> + int size = 0;
>> +
>> + if (target->target_ip) {
>> + data.addr = target->target_ip;
>
>Hi David,
>
>There appears to be an endian mismatch here. Sparse says:
>
>.../bond_netlink.c:712:35: warning: incorrect type in assignment (different base types)
>.../bond_netlink.c:712:35: expected unsigned int [usertype] addr
>.../bond_netlink.c:712:35: got restricted __be32 [usertype] target_ip
>
>> + size = sizeof(target->target_ip);
>> + }
>
>It seems that data.addr may be used uninitialised below
>if the if condition above is not met.
>Flagged by Smatch.
Hi Simon
Thanks for catching this, I will make the following change in the next version.
@@ -703,15 +703,14 @@ static int bond_fill_info(struct sk_buff *skb,
for (i = 0; i < BOND_MAX_ARP_TARGETS; i++) {
struct bond_arp_target *target = &bond->params.arp_targets[i];
struct Data {
- __u32 addr;
+ __be32 addr;
struct bond_vlan_tag vlans[BOND_MAX_VLAN_TAGS + 1];
} data;
int size = 0;
- if (target->target_ip) {
- data.addr = target->target_ip;
- size = sizeof(target->target_ip);
- }
+ BUG_ON(!target->target_ip);
+ data.addr = target->target_ip;
+ size = sizeof(target->target_ip);
for (int level = 0; target->flags & BOND_TARGET_USERTAGS && target->tags; level++) {
if (level > BOND_MAX_VLAN_TAGS)
David Wilder
Powered by blists - more mailing lists