Re: CVE-2014-9900 fix is not upstream

From: Johannes Berg
Date: Thu Aug 25 2016 - 08:40:22 EST

Next message: Johannes Berg: "Re: CVE-2014-9900 fix is not upstream"
Previous message: Florian Lobmaier: "RE: [PATCH V4 1/1] iio: as6200: add AS6200 temperature sensor driver from ams AG"
In reply to: Hannes Frederic Sowa: "Re: CVE-2014-9900 fix is not upstream"
Next in thread: Johannes Berg: "Re: CVE-2014-9900 fix is not upstream"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> If we want to go down this route, probably the only option is to add
> __attribute__((pack)) those structs to just have no padding at all,
> thus breaking uapi.
>

We could also spell out the padding bytes as reserved, i.e. instead of

struct ethtool_wolinfo {
ÂÂÂÂÂÂÂÂ__u32ÂÂÂcmd;
ÂÂÂÂÂÂÂÂ__u32ÂÂÂsupported;
ÂÂÂÂÂÂÂÂ__u32ÂÂÂwolopts;
ÂÂÂÂÂÂÂÂ__u8ÂÂÂÂsopass[SOPASS_MAX];ÂÂÂÂÂ// 6, actually
};

we could do

struct ethtool_wolinfo {
ÂÂÂÂÂÂÂÂ__u32ÂÂÂcmd;
ÂÂÂÂÂÂÂÂ__u32ÂÂÂsupported;
ÂÂÂÂÂÂÂÂ__u32ÂÂÂwolopts;
ÂÂÂÂÂÂÂÂ__u8ÂÂÂÂsopass[SOPASS_MAX];ÂÂÂÂÂ// 6, actually
__u8 reserved[2];
};

and then the compiler has to properly treat it, since it's no longer
unnamed padding.

Maybe somebody can come up with a smart BUILD_BUG_ON() to ensure such
structs have no padding.

That would allow us to keep the C99 initializers (which is nice) and
not have to worry about this.

johannes

Next message: Johannes Berg: "Re: CVE-2014-9900 fix is not upstream"
Previous message: Florian Lobmaier: "RE: [PATCH V4 1/1] iio: as6200: add AS6200 temperature sensor driver from ams AG"
In reply to: Hannes Frederic Sowa: "Re: CVE-2014-9900 fix is not upstream"
Next in thread: Johannes Berg: "Re: CVE-2014-9900 fix is not upstream"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]