lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260107183909.2611315d@kernel.org>
Date: Wed, 7 Jan 2026 18:39:09 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Gal Pressman <gal@...dia.com>
Cc: Paolo Abeni <pabeni@...hat.com>, "David S. Miller"
 <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Andrew Lunn
 <andrew+netdev@...n.ch>, netdev@...r.kernel.org, Andrew Lunn
 <andrew@...n.ch>, Simon Horman <horms@...nel.org>, Dragos Tatulea
 <dtatulea@...dia.com>
Subject: Re: [PATCH net-next] ethtool: Clarify len/n_stats fields in/out
 semantics

On Wed, 7 Jan 2026 10:51:46 +0200 Gal Pressman wrote:
> On 07/01/2026 3:48, Jakub Kicinski wrote:
> > On Mon, 5 Jan 2026 18:39:23 +0200 Gal Pressman wrote:  
> >> - * @n_stats: On return, the number of statistics
> >> + * @n_stats: On entry, the number of stats requested.
> >> +	On return, the number of stats returned.
> >>   * @data: Array of statistics  
> > 
> > Missing a '*'  
> 
> Ah, missed it, thanks!
> 
> > But stepping back we should rephrase the comment to cover both
> > directions instead of mechanically adding the corresponding "On entry"  
> 
> What do you mean?
> How would you phrase it?

Maybe just "number of stats"? 

If you want you can (in the body of the doc) go into the detail that
setting the value on input is optional. And on output it will either 
be the number of stats reported or 0 if there's a mismatch?

> > FTR my recollection was that we never validated these field on entry and
> > if that's the case 7b07be1ff1cb6 is quite questionable, uAPI-breakage
> > wise.  
> 
> Can you describe the breakage please?
> 
> The kernel didn't look at this field on entry, but AFAICT, it was passed
> from userspace since the beginning of time.
> 
> As a precaution, the cited patch only looks at the input values if
> they're different than zero, so theoretical apps that didn't fill them
> shouldn't be affected.
> 
> Maybe if the app deliberately put a wrong length value on the input buffer?

Not deliberately, but there used to be nothing illegal about
malloc()'ing the area and only initializing cmd. n_stats was
clearly defined as output only, and zeroing out the buffer
was kinda pointless given that kernel was expected to override
the stats area immediately with data.

Don't think we need to revert the change now, let's see if anyone
complains (perhaps ethtool CLI is the main way people interact with
the stats?) But there have been LWN articles about this sort of "start
using an un-validate field" in the past. It's well understood to be
a no-no.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ