Page MenuHomeFreeBSD
Differential D39557

netlink: make netlink work correctly on CHERI.
ClosedPublic
Actions

Authored by melifaro on Apr 13 2023, 11:54 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 13, 6:48 PM
Unknown Object (File)
Oct 2 2024, 2:08 PM
Unknown Object (File)
Oct 2 2024, 4:32 AM
Unknown Object (File)
Oct 1 2024, 10:33 AM
Unknown Object (File)
Sep 26 2024, 2:09 PM
Unknown Object (File)
Sep 26 2024, 9:26 AM
Unknown Object (File)
Sep 23 2024, 4:45 AM
Unknown Object (File)
Sep 23 2024, 4:27 AM
View All 38 Files
Subscribers
glebius
imp
jhb
jrtc27

Details

Reviewers
br
Group Reviewers
network
Commits
rG9f324d8ac27d: netlink: make netlink work correctly on CHERI.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 50884
Build 47775: arc lint + arc unit

Event Timeline

melifaro created this revision.Apr 13 2023, 11:54 AM
Herald added subscribers: glebius, imp. · View Herald TranscriptApr 13 2023, 11:54 AM
melifaro requested review of this revision.Apr 13 2023, 11:54 AM
melifaro added reviewers: network, br.Apr 13 2023, 11:54 AM
Harbormaster completed remote builds in B50884: Diff 120256.Apr 13 2023, 11:55 AM
melifaro updated this revision to Diff 120263.Apr 13 2023, 2:57 PM

.

Harbormaster completed remote builds in B50887: Diff 120263.Apr 13 2023, 2:57 PM
jrtc27 added a subscriber: jrtc27.Apr 13 2023, 4:13 PM
jrtc27 added inline comments.
sys/netlink/netlink_message_writer.h
54

Is the only case that relied on the type punning the copy in _nlmsg_refill_buffer? If so, why not leave the union as is (or decrease arg_uint's size if it doesn't actually need to store 64-bit integers, or even split it up into protocol+group so you don't have to combine+split it all the time) and then just give the union itself a name so _nlmsg_refill_buffer can copy the whole thing instead of copying a field and punning? Something like:

union {
    void *ptr;
    struct {
        uint16_t protocol; /* or whatever is the right type */
        uint16_t id;
    } group;
} arg;

Using uintptr_t for the field is better than type punning like you were before, but it's still lazy programming practice that can make it unclear what's going on.

jhb added a subscriber: jhb.Apr 13 2023, 4:15 PM

This needs more detail on the "why" in the log message. I suspect the real issue is that the copy of ns_new.arg_uint = nw->arg_unit was insufficient on CHERI since it wouldn't copy the ptr member properly (and if so, that needs to be explicitly explained), but I can't see why this would affect i386. i386 is little endian so pointers in the low bits should have been copied across ok by the existing arg_uint copy.

I think it would actually be cleaner to keep the union as:

union {
    void *ptr;
    uint64_t uint;
} arg;

Then in _nlmsg_refill_buffer you would copy arg as you do now which would always copy the entire union. Existing assignments could remain, just having to replace arg_ptr with arg.ptr, etc. This keeps the current behavior of making it clearer when you are using a scalar vs a pointer.

melifaro updated this revision to Diff 120324.Apr 14 2023, 3:06 PM

Address comments.

Harbormaster completed remote builds in B50911: Diff 120324.Apr 14 2023, 3:06 PM
melifaro retitled this revision from netlink: make netlink work correctly on i386 & CHERI. to netlink: make netlink work correctly on CHERI..Apr 14 2023, 3:06 PM
jrtc27 added a comment.Apr 14 2023, 3:17 PM

Looks much cleaner now thanks, just one print I spotted to fix

sys/netlink/netlink_message_writer.c
247

proto + id?

melifaro marked an inline comment as done.Apr 14 2023, 3:18 PM
In D39557#900445, @jhb wrote:

This needs more detail on the "why" in the log message. I suspect the real issue is that the copy of ns_new.arg_uint = nw->arg_unit was insufficient on CHERI since it wouldn't copy the ptr member properly (and if so, that needs to be explicitly explained), but I can't see why this would affect i386. i386 is little endian so pointers in the low bits should have been copied across ok by the existing arg_uint copy.

Yep, thanks for mentioning it! I'll update the details upon the commit.

I think it would actually be cleaner to keep the union as:

union {
    void *ptr;
    uint64_t uint;
} arg;

Then in _nlmsg_refill_buffer you would copy arg as you do now which would always copy the entire union. Existing assignments could remain, just having to replace arg_ptr with arg.ptr, etc. This keeps the current behavior of making it clearer when you are using a scalar vs a pointer.

br accepted this revision.Apr 14 2023, 3:40 PM
This revision is now accepted and ready to land.Apr 14 2023, 3:40 PM
melifaro updated this revision to Diff 120328.Apr 14 2023, 3:54 PM

Address comments.

This revision now requires review to proceed.Apr 14 2023, 3:54 PM
Harbormaster completed remote builds in B50912: Diff 120328.Apr 14 2023, 3:55 PM
melifaro marked an inline comment as done.Apr 14 2023, 3:55 PM
melifaro added inline comments.
sys/netlink/netlink_message_writer.c
247

Yep, thanks for pointing that out, I missed that.

jrtc27 added a comment.Apr 14 2023, 3:58 PM

Diff looks good now, just needs a proper commit message

This revision was not accepted when it landed; it landed in state Needs Review.Apr 14 2023, 4:34 PM
Closed by commit rG9f324d8ac27d: netlink: make netlink work correctly on CHERI. (authored by melifaro). · Explain Why
This revision was automatically updated to reflect the committed changes.
melifaro marked an inline comment as done.
melifaro added a commit: rG9f324d8ac27d: netlink: make netlink work correctly on CHERI..

Revision Contents
Changeset List

PathSize
sys/
netlink/
2 lines
2 lines

Diff 120256

View Options

sys/netlink/netlink_message_writer.h

Loading...
View Options

sys/netlink/netlink_message_writer.c

Loading...