Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5949191imm; Mon, 27 Aug 2018 07:09:57 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZzwC+npBidfpfGVNpFmNf8UD6kd6tfZltgPHZ9Ggt3NOxoOP7gpcExym96DBcdYvj+Xz5Z X-Received: by 2002:a17:902:6808:: with SMTP id h8-v6mr13458088plk.27.1535378997923; Mon, 27 Aug 2018 07:09:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535378997; cv=none; d=google.com; s=arc-20160816; b=PrKL3uO29OKReCQbPVQ8ifW7Wm519H5Sg5y9HjTh5yAENM3ONyfgr+pWH9No+J5Obd FFDWig1+qqWbRjL3KP5lI3mYfPz1c73sVc2tBqsOIGwOP+nF9s0UP/R+8vayM72gz8Hp jZk9f8LThkGLkSJt6ggtjduLvViw+kThX/H2AKv7ex8VWT0PAJJhSIAjeCNAyZbmmPn9 5Zd7azKwVT5N+5TpGxO2KD7BcB9x9EQ1uO1wM5WGx6Udt3SpNiFPsOdBxZU/AuWmBZD4 JyYCkhLJG2oabkwp/PQGUO8/hryDxCBdnfFJDMVsZhw63l0U6lZ4cBTdrkSv4L720yMY dsHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=Wj/ntfMH1aXHXmf8ycogpilKRiyvb6Bx+uVsUwBwse8=; b=d7AueKrfYXOpYMJ1XBglNbGr1HHW+wzyvumSV9c0B/l8GWMQ2E31qMFDTEpLnpjW9E lsCoF25F3qXwZ07W2slDv7kH+GicikUQJSSZibtCkUqTtwUkCeWKHdeqEDoM8QDyd9HK gkb2pc368zzMWxFmWD3s+/d0JZPPr94BEIO5efgCfcnWoxpVLMmsqAhX7akEloDausSB Q0bspwF/Fm1PyjR+eL8c1ZIbLBARTahlmC6THp0Wqwa1Pe8ch0JwlJIlNZ3+c0pE/WDw cSpXtLMfQjlRViUjVAWCVTo61V9w9tAU1UTyP6XNwUuOj+RiG8QN42gXNjk19Xy+7uVB d3tg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=S9zJ6BHD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n190-v6si10173820pfn.358.2018.08.27.07.09.41; Mon, 27 Aug 2018 07:09:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=S9zJ6BHD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727299AbeH0RzO (ORCPT + 99 others); Mon, 27 Aug 2018 13:55:14 -0400 Received: from mail-yw1-f65.google.com ([209.85.161.65]:44639 "EHLO mail-yw1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726925AbeH0RzN (ORCPT ); Mon, 27 Aug 2018 13:55:13 -0400 Received: by mail-yw1-f65.google.com with SMTP id l9-v6so5589214ywc.11 for ; Mon, 27 Aug 2018 07:08:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Wj/ntfMH1aXHXmf8ycogpilKRiyvb6Bx+uVsUwBwse8=; b=S9zJ6BHD0JfFOanSxo3egzfLmvedTQsaT3TqDlxu4MMDas7uscVl+VqjVouhKE9Lnf j9dtnoSF7w5tvwCBkU9VqpsH7+T070kwucH6DCzj0ah33gyUh1LIe4OrmToizdzsPLvr wYAFcQOJt369VSXC45rPN7rlaF1pI8JgP+HpI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Wj/ntfMH1aXHXmf8ycogpilKRiyvb6Bx+uVsUwBwse8=; b=EOLhz20EoPx/hw+247x3Q+0W0m1WG//Zwx9d+zuChmaXT2PIOBXfbSb4nbJCCm5FQh 0T35elFxiB0Eg+EWZM5qsJO1yfOCGPMZ8vFCJ06phst/eDdzHuf1ZfyNcBoFJoJWtGQN Q5bcA2umLk9J95O7oIgsL280Iet7pKGoS33Vf3ZA3ir0BAIix4PJI+GnRYr3/bD6RqCV IADv76mPo9fVIp2+Nwd2g6r21H2y3PXKIttuw7Iqn0yaRoXxbPzxuRcSvQoSemBFqNbs oWdSCxgY4LvK4NDUZ1OqJAwMcyhdnByXgSVakYVrpb+H9OBGpRgva4up/VHMzxGa7Uav kkbg== X-Gm-Message-State: APzg51AJI2nl5N/v3I0KD63Mn3qsU7vJ8bUzwE3tOWdzek4ZAyISBOgx fWkmuP299eZeDdZ5t8E+8BNcjPEa2oM= X-Received: by 2002:a81:30c9:: with SMTP id w192-v6mr7260149yww.45.1535378905607; Mon, 27 Aug 2018 07:08:25 -0700 (PDT) Received: from mail-yb0-f175.google.com (mail-yb0-f175.google.com. [209.85.213.175]) by smtp.gmail.com with ESMTPSA id m82-v6sm7007380ywc.29.2018.08.27.07.08.23 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Aug 2018 07:08:24 -0700 (PDT) Received: by mail-yb0-f175.google.com with SMTP id l16-v6so6043903ybk.11 for ; Mon, 27 Aug 2018 07:08:23 -0700 (PDT) X-Received: by 2002:a25:e5c3:: with SMTP id c186-v6mr6931735ybh.209.1535378903175; Mon, 27 Aug 2018 07:08:23 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:2c11:0:0:0:0:0 with HTTP; Mon, 27 Aug 2018 07:08:22 -0700 (PDT) In-Reply-To: References: <20180826055801.GA42063@beast> <20180826061534.GT6515@ZenIV.linux.org.uk> <5c88b08d-b9ca-f3df-ae78-cf685ee6723a@mojatatu.com> From: Kees Cook Date: Mon, 27 Aug 2018 07:08:22 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] net: sched: Fix memory exposure from short TCA_U32_SEL To: Jamal Hadi Salim Cc: Al Viro , LKML , Cong Wang , Jiri Pirko , "David S. Miller" , Network Development Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 27, 2018 at 4:46 AM, Jamal Hadi Salim wrote: > On 2018-08-26 5:56 p.m., Kees Cook wrote: >> >> On Sun, Aug 26, 2018 at 10:30 AM, Jamal Hadi Salim >> wrote: >>> >>> We should add an nla_policy later. >> >> >> What's the right way to do that for cases like this? > > > Meant something like attached which you alluded-to in your comments > would give an upper bound (Max allowed keys is 128). The problem is that policy doesn't parse the contents: "nkeys" determines the size, so we have to both validate minimum size (to be sure the location of "nkeys" is valid) and check that the size is at least nkeys * struct long. I don't think there is a way to do this with the existing policy language. -Kees -- Kees Cook Pixel Security