Re: CVE-2014-9900 fix is not upstream
From: Johannes Berg
Date: Thu Aug 25 2016 - 08:40:22 EST
> If we want to go down this route, probably the only option is to add
> __attribute__((pack)) those structs to just have no padding at all,
> thus breaking uapi.
>
We could also spell out the padding bytes as reserved, i.e. instead of
struct ethtool_wolinfo {
ÂÂÂÂÂÂÂÂ__u32ÂÂÂcmd;
ÂÂÂÂÂÂÂÂ__u32ÂÂÂsupported;
ÂÂÂÂÂÂÂÂ__u32ÂÂÂwolopts;
ÂÂÂÂÂÂÂÂ__u8ÂÂÂÂsopass[SOPASS_MAX];ÂÂÂÂÂ// 6, actually
};
we could do
struct ethtool_wolinfo {
ÂÂÂÂÂÂÂÂ__u32ÂÂÂcmd;
ÂÂÂÂÂÂÂÂ__u32ÂÂÂsupported;
ÂÂÂÂÂÂÂÂ__u32ÂÂÂwolopts;
ÂÂÂÂÂÂÂÂ__u8ÂÂÂÂsopass[SOPASS_MAX];ÂÂÂÂÂ// 6, actually
__u8 reserved[2];
};
and then the compiler has to properly treat it, since it's no longer
unnamed padding.
Maybe somebody can come up with a smart BUILD_BUG_ON() to ensure such
structs have no padding.
That would allow us to keep the C99 initializers (which is nice) and
not have to worry about this.
johannes