From: Jakub Kicinski <kuba@kernel.org>
To: Matt Johnston <matt@codeconstruct.com.au>
Cc: Jeremy Kerr <jk@codeconstruct.com.au>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
netdev@vger.kernel.org,
syzbot+e76d52dadc089b9d197f@syzkaller.appspotmail.com,
syzbot+1065a199625a388fce60@syzkaller.appspotmail.com
Subject: Re: [PATCH net] net: mctp: Don't access ifa_index when missing
Date: Tue, 6 May 2025 18:06:30 -0700 [thread overview]
Message-ID: <20250506180630.148c6ada@kernel.org> (raw)
In-Reply-To: <20250505-mctp-addr-dump-v1-1-a997013f99b8@codeconstruct.com.au>
On Mon, 05 May 2025 17:05:12 +0800 Matt Johnston wrote:
> + /* Userspace programs providing AF_MCTP must be expecting ifa_index filter
> + * behaviour, as will those setting strict_check.
> + */
> + if (hdr->ifa_family == AF_MCTP || cb->strict_check)
> + ifindex = hdr->ifa_index;
The use of cb->strict_check is a bit strange here. I could be wrong but
I though cb->strict_check should only impact validation. Not be used
for changing behavior.
If you have a reason to believe all user space passes a valid header -
how about we just return an error if message is too short?
IPv4 and IPv6 seem to return an error if message is short and
cb->strict_check, so they are more strict. MCTP doesn't have a ton of
legacy user space, we don't have to be lenient at all. My intuition
would be to always act like IP acts under cb->strict_check
next prev parent reply other threads:[~2025-05-07 1:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-05 9:05 [PATCH net] net: mctp: Don't access ifa_index when missing Matt Johnston
2025-05-06 16:07 ` Simon Horman
2025-05-07 0:58 ` Jakub Kicinski
2025-05-08 17:10 ` Simon Horman
2025-05-07 1:06 ` Jakub Kicinski [this message]
2025-05-07 1:24 ` Matt Johnston
2025-05-07 1:41 ` Jakub Kicinski
2025-05-07 2:13 ` Matt Johnston
2025-05-07 2:20 ` Jakub Kicinski
2025-05-07 3:48 ` Matt Johnston
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250506180630.148c6ada@kernel.org \
--to=kuba@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=jk@codeconstruct.com.au \
--cc=matt@codeconstruct.com.au \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzbot+1065a199625a388fce60@syzkaller.appspotmail.com \
--cc=syzbot+e76d52dadc089b9d197f@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).