From: Simon Horman <horms@kernel.org>
To: Jijie Shao <shaojijie@huawei.com>
Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, andrew+netdev@lunn.ch, shenjian15@huawei.com,
liuyonglong@huawei.com, chenhao418@huawei.com,
lantao5@huawei.com, huangdonghua3@h-partners.com,
yangshuaisong@h-partners.com, jonathan.cameron@huawei.com,
salil.mehta@huawei.com, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH net 3/3] net: hns3: add VLAN id validation before using
Date: Wed, 10 Dec 2025 12:55:09 +0000 [thread overview]
Message-ID: <aTltrTvzGwsLuL6G@horms.kernel.org> (raw)
In-Reply-To: <0db6625e-db77-4042-a0cc-43e1ed003d10@huawei.com>
On Wed, Dec 10, 2025 at 02:39:11PM +0800, Jijie Shao wrote:
>
> on 2025/12/10 0:50, Simon Horman wrote:
> > On Tue, Dec 09, 2025 at 09:38:25PM +0800, Jijie Shao wrote:
> > > From: Jian Shen <shenjian15@huawei.com>
> > >
> > > Currently, the VLAN id may be used without validation when
> > > receive a VLAN configuration mailbox from VF. It may cause
> > > out-of-bounds memory access once the VLAN id is bigger than
> > > 4095.
> > >
> > > Fixes: fe4144d47eef ("net: hns3: sync VLAN filter entries when kill VLAN ID failed")
> > > Signed-off-by: Jian Shen <shenjian15@huawei.com>
> > > Signed-off-by: Jijie Shao <shaojijie@huawei.com>
> > Hi Jijie,
> >
> > Can you clarify that the (only) oob access is to vlan_del_fail_bmap?
> >
> > If so, I agree with this change and that the problem was introduced in
> > the cited commit. But I think it would be worth mentioning vlan_del_fail_bmap
> > in the commit message.
> >
> Yes, the length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_VID).
> Therefore, vlan_id needs to be checked to ensure it is within the range of VLAN_N_VID.
>
> I will add this in V2
Thanks.
Feel free to also add:
Reviewed-by: Simon Horman <horms@kernel.org>
prev parent reply other threads:[~2025-12-10 12:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-09 13:38 [PATCH net 0/3] There are some bugfix for the HNS3 ethernet driver Jijie Shao
2025-12-09 13:38 ` [PATCH net 1/3] net: hns3: using the num_tqps in the vf driver to apply for resources Jijie Shao
2025-12-09 16:59 ` Simon Horman
2025-12-09 13:38 ` [PATCH net 2/3] net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx Jijie Shao
2025-12-09 16:59 ` Simon Horman
2025-12-09 13:38 ` [PATCH net 3/3] net: hns3: add VLAN id validation before using Jijie Shao
2025-12-09 16:50 ` Simon Horman
2025-12-10 6:39 ` Jijie Shao
2025-12-10 12:55 ` Simon Horman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aTltrTvzGwsLuL6G@horms.kernel.org \
--to=horms@kernel.org \
--cc=andrew+netdev@lunn.ch \
--cc=chenhao418@huawei.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=huangdonghua3@h-partners.com \
--cc=jonathan.cameron@huawei.com \
--cc=kuba@kernel.org \
--cc=lantao5@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=liuyonglong@huawei.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=salil.mehta@huawei.com \
--cc=shaojijie@huawei.com \
--cc=shenjian15@huawei.com \
--cc=yangshuaisong@h-partners.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.