From: Jakub Kicinski <kuba@kernel.org>
To: Gal Pressman <gal@nvidia.com>
Cc: Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
netdev@vger.kernel.org, Andrew Lunn <andrew@lunn.ch>,
Simon Horman <horms@kernel.org>,
Dragos Tatulea <dtatulea@nvidia.com>
Subject: Re: [PATCH net-next] ethtool: Clarify len/n_stats fields in/out semantics
Date: Wed, 7 Jan 2026 18:39:09 -0800 [thread overview]
Message-ID: <20260107183909.2611315d@kernel.org> (raw)
In-Reply-To: <8d5e3870-1918-4071-8442-1f7328b71a75@nvidia.com>
On Wed, 7 Jan 2026 10:51:46 +0200 Gal Pressman wrote:
> On 07/01/2026 3:48, Jakub Kicinski wrote:
> > On Mon, 5 Jan 2026 18:39:23 +0200 Gal Pressman wrote:
> >> - * @n_stats: On return, the number of statistics
> >> + * @n_stats: On entry, the number of stats requested.
> >> + On return, the number of stats returned.
> >> * @data: Array of statistics
> >
> > Missing a '*'
>
> Ah, missed it, thanks!
>
> > But stepping back we should rephrase the comment to cover both
> > directions instead of mechanically adding the corresponding "On entry"
>
> What do you mean?
> How would you phrase it?
Maybe just "number of stats"?
If you want you can (in the body of the doc) go into the detail that
setting the value on input is optional. And on output it will either
be the number of stats reported or 0 if there's a mismatch?
> > FTR my recollection was that we never validated these field on entry and
> > if that's the case 7b07be1ff1cb6 is quite questionable, uAPI-breakage
> > wise.
>
> Can you describe the breakage please?
>
> The kernel didn't look at this field on entry, but AFAICT, it was passed
> from userspace since the beginning of time.
>
> As a precaution, the cited patch only looks at the input values if
> they're different than zero, so theoretical apps that didn't fill them
> shouldn't be affected.
>
> Maybe if the app deliberately put a wrong length value on the input buffer?
Not deliberately, but there used to be nothing illegal about
malloc()'ing the area and only initializing cmd. n_stats was
clearly defined as output only, and zeroing out the buffer
was kinda pointless given that kernel was expected to override
the stats area immediately with data.
Don't think we need to revert the change now, let's see if anyone
complains (perhaps ethtool CLI is the main way people interact with
the stats?) But there have been LWN articles about this sort of "start
using an un-validate field" in the past. It's well understood to be
a no-no.
next prev parent reply other threads:[~2026-01-08 2:39 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-05 16:39 [PATCH net-next] ethtool: Clarify len/n_stats fields in/out semantics Gal Pressman
2026-01-07 1:48 ` Jakub Kicinski
2026-01-07 8:51 ` Gal Pressman
2026-01-08 2:39 ` Jakub Kicinski [this message]
2026-01-08 8:14 ` Gal Pressman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260107183909.2611315d@kernel.org \
--to=kuba@kernel.org \
--cc=andrew+netdev@lunn.ch \
--cc=andrew@lunn.ch \
--cc=davem@davemloft.net \
--cc=dtatulea@nvidia.com \
--cc=edumazet@google.com \
--cc=gal@nvidia.com \
--cc=horms@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox