| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1bc0eb81-3ccf-479e-924d-f0672daf5fab@suse.de>
Date: Thu, 21 Aug 2025 08:47:12 +0200
From: Hannes Reinecke <hare@...e.de>
To: Wilfred Mallawa <wilfred.opensource@...il.com>, chuck.lever@...cle.com,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, donald.hunter@...il.com, borisp@...dia.com,
john.fastabend@...il.com
Cc: alistair.francis@....com, dlemoal@...nel.org,
kernel-tls-handshake@...ts.linux.dev, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC v2 1/1] net/tls: allow limiting maximum record size
On 8/21/25 08:18, Wilfred Mallawa wrote:
> On Mon, 2025-08-18 at 08:31 +0200, Hannes Reinecke wrote:
>>
> [snip]
>>> --- a/include/uapi/linux/handshake.h
>>> +++ b/include/uapi/linux/handshake.h
>>> @@ -54,6 +54,7 @@ enum {
>>> HANDSHAKE_A_DONE_STATUS = 1,
>>> HANDSHAKE_A_DONE_SOCKFD,
>>> HANDSHAKE_A_DONE_REMOTE_AUTH,
>>> + HANDSHAKE_A_DONE_RECORD_SIZE_LIMIT,
>>>
>>> __HANDSHAKE_A_DONE_MAX,
>>> HANDSHAKE_A_DONE_MAX = (__HANDSHAKE_A_DONE_MAX - 1)
>>> diff --git a/net/handshake/genl.c b/net/handshake/genl.c
>>> index f55d14d7b726..44c43ce18361 100644
>>> --- a/net/handshake/genl.c
>>> +++ b/net/handshake/genl.c
>>> @@ -16,10 +16,11 @@ static const struct nla_policy
>>> handshake_accept_nl_policy[HANDSHAKE_A_ACCEPT_HAN
>>> };
>>>
>>> /* HANDSHAKE_CMD_DONE - do */
>>> -static const struct nla_policy
>>> handshake_done_nl_policy[HANDSHAKE_A_DONE_REMOTE_AUTH + 1] = {
>>> +static const struct nla_policy
>>> handshake_done_nl_policy[HANDSHAKE_A_DONE_RECORD_SIZE_LIMIT + 1] =
>>> {
>>
> Hey Hannes,
>
> I did consider using HANDSHAKE_A_DONE_MAX, but wasn't sure if the
> existing convention is there for some reason. But I can switch over if
> you think that is best.
>
I guess, no reason, just an oversight.
>> Shouldn't that be 'HANDSHAKE_A_DONE_MAX'?
>>
>>> [HANDSHAKE_A_DONE_STATUS] = { .type = NLA_U32, },
>>> [HANDSHAKE_A_DONE_SOCKFD] = { .type = NLA_S32, },
>>> [HANDSHAKE_A_DONE_REMOTE_AUTH] = { .type = NLA_U32, },
>>> + [HANDSHAKE_A_DONE_RECORD_SIZE_LIMIT] = { .type = NLA_U32,
>>> },
>>> };
>>>
>>> /* Ops table for handshake */
>>> @@ -35,7 +36,7 @@ static const struct genl_split_ops
>>> handshake_nl_ops[] = {
>>> .cmd = HANDSHAKE_CMD_DONE,
>>> .doit = handshake_nl_done_doit,
>>> .policy =
>>> handshake_done_nl_policy,
>>> - .maxattr = HANDSHAKE_A_DONE_REMOTE_AUTH,
>>> + .maxattr =
>>> HANDSHAKE_A_DONE_RECORD_SIZE_LIMIT,
>>
>> HANDSHAKE_A_DONE_MAX - 1?
>
> Shouldn't it be `HANDSHAKE_A_DONE_MAX`? Unless the existing
> `HANDSHAKE_A_DONE_REMOTE_AUTH` is incorrect?
>
Yes, you are right.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@...e.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
Powered by blists - more mailing lists