| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <62889a99-65e8-40a2-86a8-da083915fbbf@nvidia.com> Date: Thu, 8 Jan 2026 10:14:03 +0200 From: Gal Pressman <gal@...dia.com> To: Jakub Kicinski <kuba@...nel.org> Cc: Paolo Abeni <pabeni@...hat.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Andrew Lunn <andrew+netdev@...n.ch>, netdev@...r.kernel.org, Andrew Lunn <andrew@...n.ch>, Simon Horman <horms@...nel.org>, Dragos Tatulea <dtatulea@...dia.com> Subject: Re: [PATCH net-next] ethtool: Clarify len/n_stats fields in/out semantics On 08/01/2026 4:39, Jakub Kicinski wrote: > On Wed, 7 Jan 2026 10:51:46 +0200 Gal Pressman wrote: >> On 07/01/2026 3:48, Jakub Kicinski wrote: >>> On Mon, 5 Jan 2026 18:39:23 +0200 Gal Pressman wrote: >>>> - * @n_stats: On return, the number of statistics >>>> + * @n_stats: On entry, the number of stats requested. >>>> + On return, the number of stats returned. >>>> * @data: Array of statistics >>> >>> Missing a '*' >> >> Ah, missed it, thanks! >> >>> But stepping back we should rephrase the comment to cover both >>> directions instead of mechanically adding the corresponding "On entry" >> >> What do you mean? >> How would you phrase it? > > Maybe just "number of stats"? > > If you want you can (in the body of the doc) go into the detail that > setting the value on input is optional. And on output it will either > be the number of stats reported or 0 if there's a mismatch? Will do. > >>> FTR my recollection was that we never validated these field on entry and >>> if that's the case 7b07be1ff1cb6 is quite questionable, uAPI-breakage >>> wise. >> >> Can you describe the breakage please? >> >> The kernel didn't look at this field on entry, but AFAICT, it was passed >> from userspace since the beginning of time. >> >> As a precaution, the cited patch only looks at the input values if >> they're different than zero, so theoretical apps that didn't fill them >> shouldn't be affected. >> >> Maybe if the app deliberately put a wrong length value on the input buffer? > > Not deliberately, but there used to be nothing illegal about > malloc()'ing the area and only initializing cmd. n_stats was > clearly defined as output only, and zeroing out the buffer > was kinda pointless given that kernel was expected to override > the stats area immediately with data. Yes, passing an uninitialized buffer from userspace seems like bad practice, but you're right. > > Don't think we need to revert the change now, let's see if anyone > complains (perhaps ethtool CLI is the main way people interact with > the stats?) But there have been LWN articles about this sort of "start > using an un-validate field" in the past. It's well understood to be > a no-no. I agree with this statement, but it's usually referring to not start using unvalidated reserved fields. In this case, since ethtool always used this value with input semantics, it is slightly different.
Powered by blists - more mailing lists