The Linux Kernel Mailing List
 help / color / mirror / Atom feed
From: patchwork-bot+netdevbpf@kernel.org
To: Daehyeon Ko <4ncienth@gmail.com>
Cc: netdev@vger.kernel.org, sd@queasysnail.net,
	andrew+netdev@lunn.ch, davem@davemloft.net, edumazet@google.com,
	kuba@kernel.org, pabeni@redhat.com, linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
Subject: Re: [PATCH net] macsec: don't read an unset MAC header in macsec_encrypt()
Date: Thu, 09 Jul 2026 11:10:08 +0000	[thread overview]
Message-ID: <178359540864.3416587.11485245520244646782.git-patchwork-notify@kernel.org> (raw)
In-Reply-To: <20260703083634.2035145-1-4ncienth@gmail.com>

Hello:

This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@redhat.com>:

On Fri,  3 Jul 2026 17:36:33 +0900 you wrote:
> macsec_encrypt() reads the Ethernet header via eth_hdr(skb)
> (skb->head + skb->mac_header) to memmove() the 12 source/destination MAC
> bytes forward and make room for the SecTAG.
> 
> On the AF_PACKET SOCK_RAW + PACKET_QDISC_BYPASS transmit path the skb
> reaches the macsec ndo_start_xmit() with the MAC header unset, so
> eth_hdr(skb) resolves to skb->head + (u16)~0 and the read is out of
> bounds: a 12-byte heap over-read that is also emitted on the wire as the
> frame's outer source/destination MAC. KASAN reports a slab-out-of-bounds
> read in macsec_start_xmit() on 6.0; on current mainline a CONFIG_DEBUG_NET
> build flags it as an unset mac header in skb_mac_header().
> 
> [...]

Here is the summary with links:
  - [net] macsec: don't read an unset MAC header in macsec_encrypt()
    https://git.kernel.org/netdev/net/c/f5089008f90c

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



      parent reply	other threads:[~2026-07-09 11:10 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-03  8:36 [PATCH net] macsec: don't read an unset MAC header in macsec_encrypt() Daehyeon Ko
2026-07-06 13:31 ` Sabrina Dubroca
2026-07-09 11:10 ` patchwork-bot+netdevbpf [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178359540864.3416587.11485245520244646782.git-patchwork-notify@kernel.org \
    --to=patchwork-bot+netdevbpf@kernel.org \
    --cc=4ncienth@gmail.com \
    --cc=andrew+netdev@lunn.ch \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=sd@queasysnail.net \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox