Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp3567893rwi; Fri, 21 Oct 2022 19:07:06 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4eaidcs9+bWy/xmvh20io8Bglp/30WYoM41DPpAhsafski9jGbD6M++q2HXpqx5mDmsFsP X-Received: by 2002:a17:90a:4bcb:b0:212:def0:cb00 with SMTP id u11-20020a17090a4bcb00b00212def0cb00mr1849384pjl.61.1666404425671; Fri, 21 Oct 2022 19:07:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666404425; cv=none; d=google.com; s=arc-20160816; b=OiVZWc07PKStgDdAYhrSygAyIhPwPQ+UpuhKNjgacEx6PuRtG58W+bL1kL571YpmhS amnSNu9omMYHlyIK5qz78IoqzwJxhTIgpLp4ISolECobYRWfh94AhOj6e6CwLaaT1Wyc DZ+E1HbeQevw1ydaGnFOm5LyjhXq/WR+6dRW+Y2T1k16kFaIGThiSwykKQfp46jC0RUj w8HK8moaF7v8qyW6RD72787XuCzvei8DFMTr4k9uSzluvL06QnV7oDitid4tO6t5B2RA lKL1DR3epukZ0jo5pb8NorAHI/aYPNOjN9IIBHOK7ThyYj3fF+ZZeGVzmYR0kqT3kuCm 1HTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=afdPZP8v0TX/Zy/NVaOu1EQ1KzFRj9XO5sdt02N1QIw=; b=x+WuCpcxMcUSeFdcWO6xi4L8f1Reo0RYMxsva6Dzg4+0XimsfydysPdubObWVY3f9C cyTwJmF/Yi+d0MzPoHYvBtqYXK8N+gC+dZnh4K/zJ5IW4I59RMZOr2GdObCQ7JQ356NS zmtRif25Z4iArpF8wcnMnu23OS7i11bLMt/NYw5GX37P6/gGd6M8FvjL3L2pImZYVpX+ /DXjzJrkNhNWBwLTvo4PXN4W77aEtFM6d9+mRNuWi+f2A/wOEgmV+vs3ipbVpSjpEji1 RWoxd6OeleNzcT79pjuzlfl4tY59zsyW7TY0yrzAg9OayxTmaT6vzmrC3uybupLhPzoz 8uLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=byBUNwzD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b13-20020a6541cd000000b00461ec258b85si27301262pgq.566.2022.10.21.19.06.50; Fri, 21 Oct 2022 19:07:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=byBUNwzD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229652AbiJVBwp (ORCPT + 99 others); Fri, 21 Oct 2022 21:52:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55058 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229585AbiJVBwm (ORCPT ); Fri, 21 Oct 2022 21:52:42 -0400 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD0E325C2D7 for ; Fri, 21 Oct 2022 18:52:41 -0700 (PDT) Received: by mail-pj1-x1035.google.com with SMTP id pb15so3842408pjb.5 for ; Fri, 21 Oct 2022 18:52:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=afdPZP8v0TX/Zy/NVaOu1EQ1KzFRj9XO5sdt02N1QIw=; b=byBUNwzD8BfQT9gPd+UCau35i3Ec29XlEf03viviGcFtuMa8DoaRnaCDMKhdTiatp8 5dQWKnm+fZbZN4Vmkd4XLd73XU6Vzb6AR5kS9QxTBuDw+YrG5xKFVjsWgwTFndV+RIZC Uf0XNfm4mPIBksl8MOtKh14ETZpxxZjKMiFoc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=afdPZP8v0TX/Zy/NVaOu1EQ1KzFRj9XO5sdt02N1QIw=; b=npk1Eumzw3JkgSYK7VEk8+WOfWo6Z6CKc7oLRCeqlMhlfZAxUJMP9b+oTmSigvoB49 cJEm0qQntrRJeajOOOqyp14vHCoTog+6Z421rZT/LWCgFPveNLlEUlqUTPycyuJVEi5B NgeOazVEYYtDrYqLfbkOWMm3s36fS7fd75ea3jfRVz09yhgDBALLpDYkxXcHZS1PrxlU YM+VE3ocltmC24I81sgwB2b0ypbF5ada/6WZPkW8t4+coGZtLhkwjO9Wza7jP8/hOF70 Q5Ogg+JyUgufqHh/cSnVZj0Lzeq3Lmvg/3lgqLjlEcURH7Wj6kAMCz8ffRMDIuTcbyUs A8DQ== X-Gm-Message-State: ACrzQf2l2UB5vuzYcwdTdC66OW/M7QO/Pt+mQnc3/9ciPG1WlxJOjbDA sEuNiyzU7w/hmCWBjx9qdauQ3g== X-Received: by 2002:a17:902:d2ce:b0:185:3f05:acf4 with SMTP id n14-20020a170902d2ce00b001853f05acf4mr22427322plc.35.1666403561336; Fri, 21 Oct 2022 18:52:41 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id pf9-20020a17090b1d8900b00212cf2fe8c3sm3180998pjb.1.2022.10.21.18.52.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Oct 2022 18:52:40 -0700 (PDT) Date: Fri, 21 Oct 2022 18:52:39 -0700 From: Kees Cook To: Paolo Abeni Cc: Jakub Kicinski , "David S. Miller" , Eric Dumazet , Jens Axboe , Pavel Begunkov , David Ahern , Dylan Yudaken , Yajun Deng , Petr Machata , Hangbin Liu , Leon Romanovsky , syzbot , Willem de Bruijn , Pablo Neira Ayuso , netdev@vger.kernel.org, Nathan Chancellor , Nick Desaulniers , Tom Rix , "D. Wythe" , Jeremy Kerr , Sebastian Andrzej Siewior , Menglong Dong , Kuniyuki Iwashima , Congyu Liu , Wolfram Sang , Ziyang Xuan , linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org Subject: Re: [PATCH][next] net: dev: Convert sa_data to flexible array in struct sockaddr Message-ID: <202210211841.031AB46@keescook> References: <20221018095503.never.671-kees@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 20, 2022 at 10:58:50AM +0200, Paolo Abeni wrote: > On Tue, 2022-10-18 at 02:56 -0700, Kees Cook wrote: > > [...] > > struct sockaddr { > > sa_family_t sa_family; /* address family, AF_xxx */ > > - char sa_data[14]; /* 14 bytes of protocol address */ > > + union { > > + char sa_data_min[14]; /* Minimum 14 bytes of protocol address */ > > + DECLARE_FLEX_ARRAY(char, sa_data); > > Any special reason to avoid preserving the old name for the array and > e.g. using sa_data_flex for the new field, so we don't have to touch > the sockaddr users? Yes -- the reason is exactly to not touch the sockaddr users (who generally treat sa_data as a fake flexible array). By switching it to a flex-array the behavior will stay the same (especially under the coming -fstrict-flex-arrays option), except that it breaks sizeof(). But the broken sizeof() allows us to immediately find all the places where the code explicitly depends on sa_data being 14 bytes. And for those cases, we switch to sizeof(sa_data_min). If we went the reverse route (and added -fstrict-flex-arrays) we might end up adding a bunch of false positives all at once, because the places that treated it as a flex-array would suddenly all begin behaving as a 14-byte array. -- Kees Cook