Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp3231806rwd; Sat, 3 Jun 2023 01:03:33 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6c4VV7Hu5K8gZB2JlXe8NKWEvq2MpzYVEaHXUTFDVslzGUi56dJoCghyYwYWDnc8kxXPvy X-Received: by 2002:a05:6a20:a109:b0:10b:9527:7127 with SMTP id q9-20020a056a20a10900b0010b95277127mr76401pzk.20.1685779412847; Sat, 03 Jun 2023 01:03:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685779412; cv=none; d=google.com; s=arc-20160816; b=pQqED8UNYo8XL18i7adui8wg4t+zVwN3ywH8oaYYPCFohc4EFa8FT3OBHFDLKq9RoR BzdL6gejbvd3HW+Uox5zQ37s0jTjCGIPTFvLLBws4JwIrwe3eT7NPZHYC5QT1KhtXsMN CcbTppBSWKkQM1skwfFqoLd6CJX8g0Tq4wptRDMyzlt9zMAO4BxNMN6iYi98hzvsKqYs K6CUD9mY070gNLy/DEIttTMPf29DCDl7vk8vxChBIhZdOMZZwFuu75hNMSK1XqKHO9TN IMkZU2eRihDDGTmBhBmlWGWX+PRqbxljIYgi7l15CKyEUqiYTFf4ZVgrbBgkYmdeRhyf eQKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=E4FQWsDCLlJk6tCM+MyCda2GT+ZEA10p1n3c1XhTi2o=; b=mCzoDvOrBOSwM91spso3x+qFEvYsAlQeQqoGTeTl/KAZY+P914Q7UgvCgiB7ubmAX+ NbfiR2Vfz/sCj9MIqAVEiy/ijXXaFpAfa7QjBMWcD6tg8TBNzy7cS2/ZJGtUwKhV+WAf KfzrN3EvFPSZd3l4PdpbAO8iJo3uA7/xZOM0EfYrlX5ZkBoq/zATPEuAEXOJqWqyGR0q Am2DAqyS2A4wd+J3XLpUCflf0a9NnBZghVgYkAHIAfbBryKbFERMDjyjsbvYGzvvO7HY wBVipsRTBV35ct/LBJ0Yqod2bueVNz+oH8tZ1YwcfxsPkTLKFa0wiqjRaeLjRUa9AmLv ddjw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sangfor.com.cn Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jw19-20020a170903279300b001b061de0954si2137080plb.467.2023.06.03.01.03.20; Sat, 03 Jun 2023 01:03:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sangfor.com.cn Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231657AbjFCHLq (ORCPT + 99 others); Sat, 3 Jun 2023 03:11:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47420 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229513AbjFCHLp (ORCPT ); Sat, 3 Jun 2023 03:11:45 -0400 Received: from mail-m11875.qiye.163.com (mail-m11875.qiye.163.com [115.236.118.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30B0EC0; Sat, 3 Jun 2023 00:11:41 -0700 (PDT) Received: from [0.0.0.0] (unknown [172.96.223.238]) by mail-m11875.qiye.163.com (Hmail) with ESMTPA id AD5ED2802D9; Sat, 3 Jun 2023 15:11:32 +0800 (CST) Message-ID: <5f0f2bab-ae36-8b13-2c6d-c69c6ff4a43f@sangfor.com.cn> Date: Sat, 3 Jun 2023 15:11:29 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.1 Subject: Re: [PATCH net-next] net: ethtool: Fix out-of-bounds copy to user Content-Language: en-US To: Jakub Kicinski Cc: Alexander Duyck , Andrew Lunn , davem@davemloft.net, edumazet@google.com, pabeni@redhat.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, pengdonglin@sangfor.com.cn, huangcun@sangfor.com.cn References: <20230601112839.13799-1-dinghui@sangfor.com.cn> <135a45b2c388fbaf9db4620cb01b95230709b9ac.camel@gmail.com> <6110cf9f-c10e-4b9b-934d-8d202b7f5794@lunn.ch> <6e28cea9-d615-449d-9c68-aa155efc8444@lunn.ch> <44905acd-3ac4-cfe5-5e91-d182c1959407@sangfor.com.cn> <20230602225519.66c2c987@kernel.org> From: Ding Hui In-Reply-To: <20230602225519.66c2c987@kernel.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-HM-Spam-Status: e1kfGhgUHx5ZQUpXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly tZV1koWUFITzdXWS1ZQUlXWQ8JGhUIEh9ZQVkaHRpCVh5NQkwdS0hLSR1CGFUTARMWGhIXJBQOD1 lXWRgSC1lBWUpMSVVCTVVJSUhVSUhDWVdZFhoPEhUdFFlBWU9LSFVKSktISkxVSktLVUtZBg++ X-HM-Tid: 0a888018ecd22eb1kusnad5ed2802d9 X-HM-MType: 1 X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6PU06Nio5KD1MMjMzNRA*Vk8* UQgwCxNVSlVKTUNOTExNSUJDS0hIVTMWGhIXVR8SFRwTDhI7CBoVHB0UCVUYFBZVGBVFWVdZEgtZ QVlKTElVQk1VSUlIVUlIQ1lXWQgBWUFPSklONwY+ X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2023/6/3 13:55, Jakub Kicinski wrote: > On Sat, 3 Jun 2023 09:51:34 +0800 Ding Hui wrote: >>> If that is the case maybe it would just make more sense to just return >>> an error if we are at risk of overrunning the userspace allocated >>> buffer. >> >> In that case, I can modify to return an error, however, I think the >> ENOSPC or EFBIG mentioned in a previous email may not be suitable, >> maybe like others length/size checking return EINVAL. >> >> Another thing I wondered is that should I update the current length >> back to user if user buffer is not enough, assuming we update the new >> length with error returned, the userspace can use it to reallocate >> buffer if he wants to, which can avoid re-call previous ioctl to get >> the new length. > > This entire thread presupposes that user provides the length of > the buffer. I don't see that in the code. Take ethtool_get_stats() > as an example, you assume that stats.n_stats is set correctly, > but it's not enforced today. Some app somewhere may pass in zeroed > out stats and work just fine. > Yes. I checked the others ioctl (e.g. ethtool_get_eeprom(), ethtool_get_features()), and searched the git log of ethtool utility, so I think that is an implicit rule and the check is missed in kernel where the patch involves. Without this rule, we cannot guarantee the safety of copy to user. Should we keep to be compatible with that incorrect userspace usage? -- Thanks, - Ding Hui