From: Leon Romanovsky <leon@kernel.org>
To: Dan Carpenter <error27@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
Gregory CLEMENT <gregory.clement@bootlin.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH net] net: mvneta: Prevent out of bounds read in mvneta_config_rss()
Date: Mon, 5 Dec 2022 19:44:12 +0200 [thread overview]
Message-ID: <Y44t7OczM/wrbowu@unreal> (raw)
In-Reply-To: <Y42z8kv8ehkk6YKf@kadam>
On Mon, Dec 05, 2022 at 12:03:46PM +0300, Dan Carpenter wrote:
> On Sun, Dec 04, 2022 at 02:47:13PM +0200, Leon Romanovsky wrote:
> > On Fri, Dec 02, 2022 at 12:58:26PM +0300, Dan Carpenter wrote:
> > > The pp->indir[0] value comes from the user. It is passed to:
> > >
> > > if (cpu_online(pp->rxq_def))
> > >
> > > inside the mvneta_percpu_elect() function. It needs bounds checkeding
> > > to ensure that it is not beyond the end of the cpu bitmap.
> > >
> > > Fixes: cad5d847a093 ("net: mvneta: Fix the CPU choice in mvneta_percpu_elect")
> > > Signed-off-by: Dan Carpenter <error27@gmail.com>
> > > ---
> > > drivers/net/ethernet/marvell/mvneta.c | 3 +++
> > > 1 file changed, 3 insertions(+)
> >
> > I would expect that ethtool_copy_validate_indir() will prevent this.
> >
>
> Huh... Sort of, but in the strictest sense, no. mvneta_ethtool_get_rxnfc()
> sets the cap at 8 by default or an unvalidated module parameter.
And is this solely mvnet issue? Do other drivers safe for this input?
Thanks
>
> regards,
> dan carpenter
>
next prev parent reply other threads:[~2022-12-05 17:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-02 9:58 [PATCH net] net: mvneta: Prevent out of bounds read in mvneta_config_rss() Dan Carpenter
2022-12-04 12:47 ` Leon Romanovsky
2022-12-05 9:03 ` Dan Carpenter
2022-12-05 17:44 ` Leon Romanovsky [this message]
2022-12-05 18:42 ` Dan Carpenter
2022-12-05 11:50 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y44t7OczM/wrbowu@unreal \
--to=leon@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=error27@gmail.com \
--cc=gregory.clement@bootlin.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.