From: Jakub Kicinski <kuba@kernel.org>
To: maher azz <maherazz04@gmail.com>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Jamal Hadi Salim <jhs@mojatatu.com>,
Cong Wang <xiyou.wangcong@gmail.com>,
jiri@resnulli.us, davem@davemloft.net,
Eric Dumazet <edumazet@google.com>,
pabeni@redhat.com, Simon Horman <horms@kernel.org>,
Ferenc Fejes <fejes@inf.elte.hu>,
Vladimir Oltean <vladimir.oltean@nxp.com>
Subject: Re: [PATCH v2 net] net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing
Date: Fri, 1 Aug 2025 15:06:51 -0700 [thread overview]
Message-ID: <20250801150651.54969a4e@kernel.org> (raw)
In-Reply-To: <CAFQ-Uc-5ucm+Dyt2s4vV5AyJKjamF=7E_wCWFROYubR5E1PMUg@mail.gmail.com>
On Tue, 29 Jul 2025 16:39:26 +0100 maher azz wrote:
> From: Maher Azzouzi <maherazz04@gmail.com>
>
> TCA_MQPRIO_TC_ENTRY_INDEX is validated using
> NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value
> TC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack write in
> the fp[] array, which only has room for 16 elements (0–15).
>
> Fix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1.
>
> Fixes: f62af20bed2d ("net/sched: mqprio: allow per-TC user input of FP
> adminStatus")
Don't wrap the Fixes tags;
>
no empty lines between tags;
> Signed-off-by: Maher Azzouzi <maherazz04@gmail.com>
your email client is corrupting the emails, tabs get replaced with
spaces. Please add the review tag you received from Eric on v1 and
try sending v3 with git send-email?
--
pw-bot: cr
next prev parent reply other threads:[~2025-08-01 22:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-29 15:39 [PATCH v2 net] net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing maher azz
2025-08-01 22:06 ` Jakub Kicinski [this message]
[not found] ` <CAFQ-Uc-15B7eiE9uFWFzPDhj1sfbuzwmWMEA61UXbumybJ=yzw@mail.gmail.com>
2025-08-04 10:49 ` Simon Horman
2025-08-04 10:50 ` Vladimir Oltean
2025-08-04 11:04 ` Simon Horman
[not found] <CAFQ-Uc_5nAo6ymVkCda5+_y+bT=GngFibankmfdL8_Mu-4cqfQ@mail.gmail.com>
2025-07-29 16:02 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250801150651.54969a4e@kernel.org \
--to=kuba@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fejes@inf.elte.hu \
--cc=horms@kernel.org \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=linux-kernel@vger.kernel.org \
--cc=maherazz04@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=vladimir.oltean@nxp.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.