Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1576662ybh; Thu, 23 Jul 2020 12:22:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwa7YyjAxH6nSBXOFKLyaMe/PXMaXl4aTctgyf7r93RMEoXhn5YHBMsiTahChMF8QwSuQxr X-Received: by 2002:aa7:c885:: with SMTP id p5mr5857897eds.100.1595532138399; Thu, 23 Jul 2020 12:22:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595532138; cv=none; d=google.com; s=arc-20160816; b=AhhYfckFQN/5tIKeGyBRBuWD/wcvZRzHi1yNYNGQN80sDK2l+iFa/wwSx2myakVDGw 16ggiaFhUg0n8P6KeZVXnVVeWZ3wvb9reZ7qln3BuBPXr4gNvBalInNxCS9YiQAjfOMl yxknWZEJ7TPzbz59lGqs/MHSSdSCD/vT2VX1BeSzT7qveUuBfazAOkczSdMtr1MUypCN TV6bjPCKS/BwfQ5hzQaG1qBi+OydqpaNj+p7oZRjguFWA0g4RJhNOpQ8CFWfwCUiRzEm 0uUPOEMc7nE4f+f7VRANZNYGqnIaw8nihFyD7e1UMW077MEcicGVplTX+pdtKSDalXpz 9eZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=aTHXlDhRoJ4n41Q56xyogI+DST9kGn214tq0QBzj9pk=; b=oXAJc6gHo8KOlUOdFzyZ6m4/9t2VkGTdXSyAvMCO461S5zAtSPrKsRY8gMS0a1BGTW hEMpHnnC3ga/jDofClzNqJfjpYSIHlzsr/JUuX7s04f+v9fDzjnwNOTnCIQcturjsXUK Pt7+pzFdtnLOqbVOyzcnljVqGu88az350+GlnB9XJeXDtGrNwfoSUCfqTf5kB2oAIsgJ 5eZ0Xs/LAMEEU5p2pgvRc9I57l7ZXYxP8QthYgI9a9dtGvCftS1Do+RBM3xmSiVY2nSs 8yR751mg9rV05cmUwNvTUnO69SGxhIuRBnUN/vBVHvDSjwvlr60AufdhSnHpT/jfkWZD 3xHw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y17si2434111edw.91.2020.07.23.12.21.55; Thu, 23 Jul 2020 12:22:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728214AbgGWTTb (ORCPT + 99 others); Thu, 23 Jul 2020 15:19:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726758AbgGWTTb (ORCPT ); Thu, 23 Jul 2020 15:19:31 -0400 Received: from shards.monkeyblade.net (shards.monkeyblade.net [IPv6:2620:137:e000::1:9]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60E2EC0619DC; Thu, 23 Jul 2020 12:19:31 -0700 (PDT) Received: from localhost (unknown [IPv6:2601:601:9f00:477::3d5]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id ED87011E45902; Thu, 23 Jul 2020 12:02:45 -0700 (PDT) Date: Thu, 23 Jul 2020 12:19:30 -0700 (PDT) Message-Id: <20200723.121930.163681559677190095.davem@davemloft.net> To: salyzyn@android.com Cc: linux-kernel@vger.kernel.org, kernel-team@android.com, netdev@vger.kernel.org, kuba@kernel.org, tgraf@suug.ch Subject: Re: [PATCH] netlink: add buffer boundary checking From: David Miller In-Reply-To: <20200723182136.2550163-1-salyzyn@android.com> References: <20200723182136.2550163-1-salyzyn@android.com> X-Mailer: Mew version 6.8 on Emacs 26.3 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Thu, 23 Jul 2020 12:02:46 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Salyzyn Date: Thu, 23 Jul 2020 11:21:32 -0700 > Many of the nla_get_* inlines fail to check attribute's length before > copying the content resulting in possible out-of-boundary accesses. > Adjust the inlines to perform nla_len checking, for the most part > using the nla_memcpy function to faciliate since these are not > necessarily performance critical and do not need a likely fast path. > > Signed-off-by: Mark Salyzyn > Cc: netdev@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Cc: kernel-team@android.com > Cc: "David S. Miller" > Cc: Jakub Kicinski > Cc: Thomas Graf > Fixes: bfa83a9e03cf ("[NETLINK]: Type-safe netlink messages/attributes interface") Please, let's avoid stuff like this. Now it is going to be expensive to move several small attributes, which is common. And there's a multiplier when dumping, for example, thousands of networking devices, routes, or whatever, and all of their attributes in a dump. If you can document actual out of bounds accesses, let's fix them. Usually contextually the attribute type and size has been validated by the time we execute these accessors. I'm not applying this, sorry.