From: Kees Cook <keescook@chromium.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Stephen Hemminger <stephen@networkplumber.org>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
David Ahern <dsahern@kernel.org>,
davem@davemloft.net, netdev@vger.kernel.org, edumazet@google.com,
pabeni@redhat.com, linux-hardening@vger.kernel.org
Subject: Re: [PATCH net-next v2] netlink: split up copies in the ack construction
Date: Thu, 17 Nov 2022 14:35:32 -0800 [thread overview]
Message-ID: <202211171431.6C8675E2@keescook> (raw)
In-Reply-To: <20221117123615.41d9c71a@kernel.org>
On Thu, Nov 17, 2022 at 12:36:15PM -0800, Jakub Kicinski wrote:
> On Thu, 17 Nov 2022 08:25:56 -0800 Stephen Hemminger wrote:
> > > I was asking based on your own commit 1e6e9d0f4859 ("uapi: revert
> > > flexible-array conversions"). This is uAPI as well.
> >
> > Some of the flex-array conversions fixed build warnings that occur in
> > iproute2 when using Gcc 12 or later.
>
> Alright, this is getting complicated. I'll post a patch to fix
> the issue I've added and gently place my head back into the sand.
Thanks! I think the path forward is clear. I should not have suggested
adding a flex-array member to the "header" struct lo these many moons
ago. You and Gustavo are right: we need a separate struct with the header
at the beginning, just as iproute2 is doing itself.
As for testing, I can do that if you want -- the goal was to make sure
the final result doesn't trip FORTIFY when built with -fstrict-flex-arrays
(not yet in a released compiler version, but present in both GCC and Clang
truck builds) and with __builtin_dynamic_object_size() enabled (which
is not yet in -next, as it is waiting on the last of ksize() clean-ups).
--
Kees Cook
next prev parent reply other threads:[~2022-11-17 22:35 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-27 21:25 [PATCH net-next v2] netlink: split up copies in the ack construction Jakub Kicinski
2022-10-31 9:20 ` patchwork-bot+netdevbpf
2022-11-14 2:39 ` David Ahern
2022-11-14 17:06 ` Jakub Kicinski
2022-11-16 22:53 ` Kees Cook
2022-11-16 22:56 ` Kees Cook
2022-11-17 0:27 ` Kees Cook
2022-11-17 0:55 ` Gustavo A. R. Silva
2022-11-17 1:05 ` Jakub Kicinski
2022-11-17 1:20 ` Gustavo A. R. Silva
2022-11-17 6:13 ` Jakub Kicinski
2022-11-17 16:25 ` Stephen Hemminger
2022-11-17 20:36 ` Jakub Kicinski
2022-11-17 22:35 ` Kees Cook [this message]
2022-11-18 0:28 ` Jakub Kicinski
2022-11-18 3:27 ` Kees Cook
2022-11-18 15:59 ` David Ahern
2022-11-18 2:37 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202211171431.6C8675E2@keescook \
--to=keescook@chromium.org \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=gustavo@embeddedor.com \
--cc=kuba@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.