From: Kees Cook <keescook@chromium.org>
To: Paolo Abeni <pabeni@redhat.com>
Cc: Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>, Jens Axboe <axboe@kernel.dk>,
Pavel Begunkov <asml.silence@gmail.com>,
David Ahern <dsahern@kernel.org>, Dylan Yudaken <dylany@fb.com>,
Yajun Deng <yajun.deng@linux.dev>,
Petr Machata <petrm@nvidia.com>,
Hangbin Liu <liuhangbin@gmail.com>,
Leon Romanovsky <leon@kernel.org>,
syzbot <syzkaller@googlegroups.com>,
Willem de Bruijn <willemb@google.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
netdev@vger.kernel.org, Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Tom Rix <trix@redhat.com>, "D. Wythe" <alibuda@linux.alibaba.com>,
Jeremy Kerr <jk@codeconstruct.com.au>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Menglong Dong <imagedong@tencent.com>,
Kuniyuki Iwashima <kuniyu@amazon.com>,
Congyu Liu <liu3101@purdue.edu>,
Wolfram Sang <wsa+renesas@sang-engineering.com>,
Ziyang Xuan <william.xuanziyang@huawei.com>,
linux-kernel@vger.kernel.org, llvm@lists.linux.dev,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH][next] net: dev: Convert sa_data to flexible array in struct sockaddr
Date: Fri, 21 Oct 2022 18:52:39 -0700 [thread overview]
Message-ID: <202210211841.031AB46@keescook> (raw)
In-Reply-To: <bd11473cd4e2a92c4ce2a32d370800522862ad4b.camel@redhat.com>
On Thu, Oct 20, 2022 at 10:58:50AM +0200, Paolo Abeni wrote:
> On Tue, 2022-10-18 at 02:56 -0700, Kees Cook wrote:
> > [...]
> > struct sockaddr {
> > sa_family_t sa_family; /* address family, AF_xxx */
> > - char sa_data[14]; /* 14 bytes of protocol address */
> > + union {
> > + char sa_data_min[14]; /* Minimum 14 bytes of protocol address */
> > + DECLARE_FLEX_ARRAY(char, sa_data);
>
> Any special reason to avoid preserving the old name for the array and
> e.g. using sa_data_flex for the new field, so we don't have to touch
> the sockaddr users?
Yes -- the reason is exactly to not touch the sockaddr users (who
generally treat sa_data as a fake flexible array). By switching it to a
flex-array the behavior will stay the same (especially under the coming
-fstrict-flex-arrays option), except that it breaks sizeof(). But the
broken sizeof() allows us to immediately find all the places where the
code explicitly depends on sa_data being 14 bytes. And for those cases,
we switch to sizeof(sa_data_min).
If we went the reverse route (and added -fstrict-flex-arrays) we might
end up adding a bunch of false positives all at once, because the places
that treated it as a flex-array would suddenly all begin behaving as a
14-byte array.
--
Kees Cook
next prev parent reply other threads:[~2022-10-22 1:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-18 9:56 [PATCH][next] net: dev: Convert sa_data to flexible array in struct sockaddr Kees Cook
2022-10-20 8:58 ` Paolo Abeni
2022-10-22 1:52 ` Kees Cook [this message]
2022-10-25 21:30 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202210211841.031AB46@keescook \
--to=keescook@chromium.org \
--cc=alibuda@linux.alibaba.com \
--cc=asml.silence@gmail.com \
--cc=axboe@kernel.dk \
--cc=bigeasy@linutronix.de \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=dylany@fb.com \
--cc=edumazet@google.com \
--cc=imagedong@tencent.com \
--cc=jk@codeconstruct.com.au \
--cc=kuba@kernel.org \
--cc=kuniyu@amazon.com \
--cc=leon@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=liu3101@purdue.edu \
--cc=liuhangbin@gmail.com \
--cc=llvm@lists.linux.dev \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=petrm@nvidia.com \
--cc=syzkaller@googlegroups.com \
--cc=trix@redhat.com \
--cc=willemb@google.com \
--cc=william.xuanziyang@huawei.com \
--cc=wsa+renesas@sang-engineering.com \
--cc=yajun.deng@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.