LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH v2] core: dev: don't call BUG() on bad input
@ 2011-02-14 14:42 Vasiliy Kulikov
  2011-02-14 15:16 ` Alexey Dobriyan
  0 siblings, 1 reply; 7+ messages in thread
From: Vasiliy Kulikov @ 2011-02-14 14:42 UTC (permalink / raw)
  To: linux-kernel
  Cc: David S. Miller, Eric Dumazet, Tom Herbert, Changli Gao,
	Jesse Gross, netdev

alloc_netdev() may be called with too long name (more that IFNAMSIZ bytes).
Currently this leads to BUG().  Other insane inputs (bad txqs, rxqs) and
even OOM don't lead to BUG().  Made alloc_netdev() return NULL, like on
other errors.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
---
 Compile tested.
 v2 - fixed checkpatch warning - space before "\n".

 net/core/dev.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index 6392ea0..12ef4b0 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -5761,7 +5761,10 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
 	size_t alloc_size;
 	struct net_device *p;
 
-	BUG_ON(strlen(name) >= sizeof(dev->name));
+	if (strnlen(name, sizeof(dev->name)) >= sizeof(dev->name)) {
+		pr_err("alloc_netdev: Too long device name\n");
+		return NULL;
+	}
 
 	if (txqs < 1) {
 		pr_err("alloc_netdev: Unable to allocate device "
-- 
1.7.0.4


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] core: dev: don't call BUG() on bad input
  2011-02-14 14:42 [PATCH v2] core: dev: don't call BUG() on bad input Vasiliy Kulikov
@ 2011-02-14 15:16 ` Alexey Dobriyan
  2011-02-14 15:23   ` Vasiliy Kulikov
  2011-02-14 15:41   ` Patrick McHardy
  0 siblings, 2 replies; 7+ messages in thread
From: Alexey Dobriyan @ 2011-02-14 15:16 UTC (permalink / raw)
  To: Vasiliy Kulikov
  Cc: linux-kernel, David S. Miller, Eric Dumazet, Tom Herbert,
	Changli Gao, Jesse Gross, netdev

On Mon, Feb 14, 2011 at 4:42 PM, Vasiliy Kulikov <segoon@openwall.com> wrote:
> alloc_netdev() may be called with too long name (more that IFNAMSIZ bytes).
> Currently this leads to BUG().  Other insane inputs (bad txqs, rxqs) and
> even OOM don't lead to BUG().  Made alloc_netdev() return NULL, like on
> other errors.

> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -5761,7 +5761,10 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
>        size_t alloc_size;
>        struct net_device *p;
>
> -       BUG_ON(strlen(name) >= sizeof(dev->name));
> +       if (strnlen(name, sizeof(dev->name)) >= sizeof(dev->name)) {
> +               pr_err("alloc_netdev: Too long device name\n");
> +               return NULL;
> +       }

Netdevice name isn't some random junk you get from userspace, so BUG is fine.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] core: dev: don't call BUG() on bad input
  2011-02-14 15:16 ` Alexey Dobriyan
@ 2011-02-14 15:23   ` Vasiliy Kulikov
  2011-02-14 19:25     ` David Miller
  2011-02-14 15:41   ` Patrick McHardy
  1 sibling, 1 reply; 7+ messages in thread
From: Vasiliy Kulikov @ 2011-02-14 15:23 UTC (permalink / raw)
  To: Alexey Dobriyan
  Cc: linux-kernel, David S. Miller, Eric Dumazet, Tom Herbert,
	Changli Gao, Jesse Gross, netdev

Alexey,

On Mon, Feb 14, 2011 at 17:16 +0200, Alexey Dobriyan wrote:
> On Mon, Feb 14, 2011 at 4:42 PM, Vasiliy Kulikov <segoon@openwall.com> wrote:
> > alloc_netdev() may be called with too long name (more that IFNAMSIZ bytes).
> > Currently this leads to BUG().  Other insane inputs (bad txqs, rxqs) and
> > even OOM don't lead to BUG().  Made alloc_netdev() return NULL, like on
> > other errors.
> 
> > --- a/net/core/dev.c
> > +++ b/net/core/dev.c
> > @@ -5761,7 +5761,10 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
> >        size_t alloc_size;
> >        struct net_device *p;
> >
> > -       BUG_ON(strlen(name) >= sizeof(dev->name));
> > +       if (strnlen(name, sizeof(dev->name)) >= sizeof(dev->name)) {
> > +               pr_err("alloc_netdev: Too long device name\n");
> > +               return NULL;
> > +       }
> 
> Netdevice name isn't some random junk you get from userspace, so BUG is fine.

It IS for bluetooth, see net/bluetooth/bnep/core.c: bnep_add_connection() and
net/bluetooth/bnep/sock.c: bnep_sock_ioctl(). 

And txqs, txqs?  Then why do not BUG() on bad txqs too?  Why so
insonsistent?  BUG() should be called in some critical situation, net
device creation is probably not such a thing.


Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] core: dev: don't call BUG() on bad input
  2011-02-14 15:16 ` Alexey Dobriyan
  2011-02-14 15:23   ` Vasiliy Kulikov
@ 2011-02-14 15:41   ` Patrick McHardy
  1 sibling, 0 replies; 7+ messages in thread
From: Patrick McHardy @ 2011-02-14 15:41 UTC (permalink / raw)
  To: Alexey Dobriyan
  Cc: Vasiliy Kulikov, linux-kernel, David S. Miller, Eric Dumazet,
	Tom Herbert, Changli Gao, Jesse Gross, netdev

Am 14.02.2011 16:16, schrieb Alexey Dobriyan:
> On Mon, Feb 14, 2011 at 4:42 PM, Vasiliy Kulikov <segoon@openwall.com> wrote:
>> alloc_netdev() may be called with too long name (more that IFNAMSIZ bytes).
>> Currently this leads to BUG().  Other insane inputs (bad txqs, rxqs) and
>> even OOM don't lead to BUG().  Made alloc_netdev() return NULL, like on
>> other errors.
> 
>> --- a/net/core/dev.c
>> +++ b/net/core/dev.c
>> @@ -5761,7 +5761,10 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
>>        size_t alloc_size;
>>        struct net_device *p;
>>
>> -       BUG_ON(strlen(name) >= sizeof(dev->name));
>> +       if (strnlen(name, sizeof(dev->name)) >= sizeof(dev->name)) {
>> +               pr_err("alloc_netdev: Too long device name\n");
>> +               return NULL;
>> +       }
> 
> Netdevice name isn't some random junk you get from userspace, so BUG is fine.

I agree, misuse of kernel APIs is not something we need to catch
verbosely.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] core: dev: don't call BUG() on bad input
  2011-02-14 15:23   ` Vasiliy Kulikov
@ 2011-02-14 19:25     ` David Miller
  2011-02-14 19:33       ` Tom Herbert
  0 siblings, 1 reply; 7+ messages in thread
From: David Miller @ 2011-02-14 19:25 UTC (permalink / raw)
  To: segoon
  Cc: adobriyan, linux-kernel, eric.dumazet, therbert, xiaosuo, jesse, netdev

From: Vasiliy Kulikov <segoon@openwall.com>
Date: Mon, 14 Feb 2011 18:23:10 +0300

> On Mon, Feb 14, 2011 at 17:16 +0200, Alexey Dobriyan wrote:
>> Netdevice name isn't some random junk you get from userspace, so BUG is fine.
> 
> It IS for bluetooth, see net/bluetooth/bnep/core.c: bnep_add_connection() and
> net/bluetooth/bnep/sock.c: bnep_sock_ioctl(). 

If bluetooth wants to allow something so foolish, then it's bluetooth's
responsibility to sanity check the arguments before blinding passing
them into kernel APIs which expect sane inputs.

I'm not applying this.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] core: dev: don't call BUG() on bad input
  2011-02-14 19:25     ` David Miller
@ 2011-02-14 19:33       ` Tom Herbert
  2011-02-14 19:36         ` David Miller
  0 siblings, 1 reply; 7+ messages in thread
From: Tom Herbert @ 2011-02-14 19:33 UTC (permalink / raw)
  To: David Miller
  Cc: segoon, adobriyan, linux-kernel, eric.dumazet, xiaosuo, jesse, netdev

On Mon, Feb 14, 2011 at 11:25 AM, David Miller <davem@davemloft.net> wrote:
> From: Vasiliy Kulikov <segoon@openwall.com>
> Date: Mon, 14 Feb 2011 18:23:10 +0300
>
>> On Mon, Feb 14, 2011 at 17:16 +0200, Alexey Dobriyan wrote:
>>> Netdevice name isn't some random junk you get from userspace, so BUG is fine.
>>
>> It IS for bluetooth, see net/bluetooth/bnep/core.c: bnep_add_connection() and
>> net/bluetooth/bnep/sock.c: bnep_sock_ioctl().
>
> If bluetooth wants to allow something so foolish, then it's bluetooth's
> responsibility to sanity check the arguments before blinding passing
> them into kernel APIs which expect sane inputs.
>
> I'm not applying this.
>

Changing to BUG_ON(txqs < 1) and BUG_ON(rxqs < 1) does make sense I think.

Tom

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2] core: dev: don't call BUG() on bad input
  2011-02-14 19:33       ` Tom Herbert
@ 2011-02-14 19:36         ` David Miller
  0 siblings, 0 replies; 7+ messages in thread
From: David Miller @ 2011-02-14 19:36 UTC (permalink / raw)
  To: therbert
  Cc: segoon, adobriyan, linux-kernel, eric.dumazet, xiaosuo, jesse, netdev

From: Tom Herbert <therbert@google.com>
Date: Mon, 14 Feb 2011 11:33:29 -0800

> On Mon, Feb 14, 2011 at 11:25 AM, David Miller <davem@davemloft.net> wrote:
>> From: Vasiliy Kulikov <segoon@openwall.com>
>> Date: Mon, 14 Feb 2011 18:23:10 +0300
>>
>>> On Mon, Feb 14, 2011 at 17:16 +0200, Alexey Dobriyan wrote:
>>>> Netdevice name isn't some random junk you get from userspace, so BUG is fine.
>>>
>>> It IS for bluetooth, see net/bluetooth/bnep/core.c: bnep_add_connection() and
>>> net/bluetooth/bnep/sock.c: bnep_sock_ioctl().
>>
>> If bluetooth wants to allow something so foolish, then it's bluetooth's
>> responsibility to sanity check the arguments before blinding passing
>> them into kernel APIs which expect sane inputs.
>>
>> I'm not applying this.
>>
> 
> Changing to BUG_ON(txqs < 1) and BUG_ON(rxqs < 1) does make sense I think.

Sure.

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2011-02-14 19:36 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-02-14 14:42 [PATCH v2] core: dev: don't call BUG() on bad input Vasiliy Kulikov
2011-02-14 15:16 ` Alexey Dobriyan
2011-02-14 15:23   ` Vasiliy Kulikov
2011-02-14 19:25     ` David Miller
2011-02-14 19:33       ` Tom Herbert
2011-02-14 19:36         ` David Miller
2011-02-14 15:41   ` Patrick McHardy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).