Thread (18 messages) 18 messages, 6 authors, 2022-11-18

Re: [PATCH net-next v2] netlink: split up copies in the ack construction

From: Kees Cook <hidden>
Date: 2022-11-16 22:56:39
Also in: linux-hardening 

[sorry for the dup; resending with Gustavo actually CCed]

On Mon, Nov 14, 2022 at 09:06:14AM -0800, Jakub Kicinski wrote:
On Sun, 13 Nov 2022 19:39:27 -0700 David Ahern wrote:
quoted
On Thu, Oct 27, 2022 at 02:25:53PM -0700, Jakub Kicinski wrote:
quoted
diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h
index e2ae82e3f9f7..5da0da59bf01 100644
--- a/include/uapi/linux/netlink.h
+++ b/include/uapi/linux/netlink.h
@@ -48,6 +48,7 @@ struct sockaddr_nl {
  * @nlmsg_flags: Additional flags
  * @nlmsg_seq:   Sequence number
  * @nlmsg_pid:   Sending process port ID
+ * @nlmsg_data:  Message payload
  */
 struct nlmsghdr {
 	__u32		nlmsg_len;
@@ -55,6 +56,7 @@ struct nlmsghdr {
 	__u16		nlmsg_flags;
 	__u32		nlmsg_seq;
 	__u32		nlmsg_pid;
+	__u8		nlmsg_data[];  
This breaks compile of iproute2 with clang. It does not like the
variable length array in the middle of a struct. While I could re-do the
structs in iproute2, I doubt it is alone in being affected by this
change.
Eww.

Kees, would you mind lending your expertise?

Not sure why something like (simplified):

struct top {
	struct nlmsghdr hdr;
	int tail;
}; 

generates a warning:

In file included from stat-mr.c:7:
In file included from ./res.h:9:
In file included from ./rdma.h:21:
In file included from ../include/utils.h:17:
../include/libnetlink.h:41:18: warning: field 'nlh' with variable sized type 'struct nlmsghdr' not at the end of a struct or class is a GNU extension [-Wgnu-variable-sized-type-not-at-end]
        struct nlmsghdr nlh;
                        ^

which is not confined to -Wpedantic. 
Seems like a useless warning :S
Yeah, this surprises me. But I can certainly reproduce it:
https://godbolt.org/z/fczq8sqbv

Gustavo, do you know what's happening here? GCC (and Clang) get mad
about doing this in the same struct:

struct nlmsghdr {
    __u32           nlmsg_len;
    __u16           nlmsg_flags;
    __u32           nlmsg_seq;
    __u32           nlmsg_pid;
    __u8            nlmsg_data[]; 
    int wat; 
};

<source>:10:21: error: flexible array member not at end of struct
   10 |     __u8            nlmsg_data[];
      |                     ^~~~~~~~~~

But the overlapping with other composite structs has been used in other
areas, I thought? (When I looked at this last, I thought the types just
had to overlap, but that doesn't seem to help here.)

-Kees

-- 
Kees Cook
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help