From: Simon Horman <horms@kernel.org>
To: Peter Seiderer <ps.report@gmx.net>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Shuah Khan <shuah@kernel.org>,
Frederic Weisbecker <frederic@kernel.org>,
Artem Chernyshev <artem.chernyshev@red-soft.ru>,
Nam Cao <namcao@linutronix.de>
Subject: Re: [PATCH net-next v2 0/8] Some pktgen fixes/improvments
Date: Wed, 22 Jan 2025 18:16:35 +0000 [thread overview]
Message-ID: <20250122181635.GG395043@kernel.org> (raw)
In-Reply-To: <20250122144110.619989-1-ps.report@gmx.net>
On Wed, Jan 22, 2025 at 03:41:02PM +0100, Peter Seiderer wrote:
> While taking a look at '[PATCH net] pktgen: Avoid out-of-range in
> get_imix_entries' ([1]) and '[PATCH net v2] pktgen: Avoid out-of-bounds access
> in get_imix_entries' ([2], [3]) and doing some tests and code review I
> detected that the /proc/net/pktgen/... parsing logic does not honour the
> user given buffer bounds (resulting in out-of-bounds access).
>
> This can be observed e.g. by the following simple test (sometimes the
> old/'longer' previous value is re-read from the buffer):
>
> $ echo add_device lo@0 > /proc/net/pktgen/kpktgend_0
>
> $ echo "min_pkt_size 12345" > /proc/net/pktgen/lo\@0 && grep min_pkt_size /proc/net/pktgen/lo\@0
> Params: count 1000 min_pkt_size: 12345 max_pkt_size: 0
> Result: OK: min_pkt_size=12345
>
> $ echo -n "min_pkt_size 123" > /proc/net/pktgen/lo\@0 && grep min_pkt_size /proc/net/pktgen/lo\@0
> Params: count 1000 min_pkt_size: 12345 max_pkt_size: 0
> Result: OK: min_pkt_size=12345
>
> $ echo "min_pkt_size 123" > /proc/net/pktgen/lo\@0 && grep min_pkt_size /proc/net/pktgen/lo\@0
> Params: count 1000 min_pkt_size: 123 max_pkt_size: 0
> Result: OK: min_pkt_size=123
>
> So fix the out-of-bounds access (and two minor findings) and add a simple
> proc_net_pktgen selftest...
Hi Peter,
Unfortunately net-next is closed at this time.
## Form letter - net-next-closed
The merge window for v6.14 has begun. Therefore net-next is closed
for new drivers, features, code refactoring and optimizations.
We are currently accepting bug fixes only.
Please repost when net-next reopens after Feb 3rd.
RFC patches sent for review only are obviously welcome at any time.
See: https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle
--
pw-bot: deferred
next prev parent reply other threads:[~2025-01-22 18:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-22 14:41 [PATCH net-next v2 0/8] Some pktgen fixes/improvments Peter Seiderer
2025-01-22 14:41 ` [PATCH net-next v2 1/8] net: pktgen: replace ENOTSUPP with EOPNOTSUPP Peter Seiderer
2025-01-22 14:41 ` [PATCH net-next v2 2/8] net: pktgen: enable 'param=value' parsing Peter Seiderer
2025-01-22 14:41 ` [PATCH net-next v2 3/8] net: pktgen: fix hex32_arg parsing for short reads Peter Seiderer
2025-01-22 14:41 ` [PATCH net-next v2 4/8] net: pktgen: fix 'rate 0' error handling (return -EINVAL) Peter Seiderer
2025-01-22 14:41 ` [PATCH net-next v2 5/8] net: pktgen: fix 'ratep " Peter Seiderer
2025-01-22 14:41 ` [PATCH net-next v2 6/8] net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Peter Seiderer
2025-01-22 14:41 ` [PATCH net-next v2 7/8] net: pktgen: fix access outside of user given buffer in pktgen_if_write() Peter Seiderer
2025-01-22 14:41 ` [PATCH net-next v2 8/8] selftest: net: add proc_net_pktgen Peter Seiderer
2025-01-22 18:16 ` Simon Horman [this message]
2025-01-22 18:18 ` [PATCH net-next v2 0/8] Some pktgen fixes/improvments Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250122181635.GG395043@kernel.org \
--to=horms@kernel.org \
--cc=artem.chernyshev@red-soft.ru \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=frederic@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=namcao@linutronix.de \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=ps.report@gmx.net \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.