From: Jakub Kicinski <kuba@kernel.org>
To: Andrew Lunn <andrew@lunn.ch>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH v1 1/1] mac_pton: Don't access memory over expected length
Date: Mon, 10 Oct 2022 17:38:09 -0700 [thread overview]
Message-ID: <20221010173809.5f863ea6@kernel.org> (raw)
In-Reply-To: <Y0R+ZU6kdbeUER1c@lunn.ch>
On Mon, 10 Oct 2022 22:19:49 +0200 Andrew Lunn wrote:
> On Wed, Oct 05, 2022 at 07:43:01PM +0300, Andy Shevchenko wrote:
> > The strlen() may go too far when estimating the length of
> > the given string. In some cases it may go over the boundary
> > and crash the system which is the case according to the commit
> > 13a55372b64e ("ARM: orion5x: Revert commit 4904dbda41c8.").
> >
> > Rectify this by switching to strnlen() for the expected
> > maximum length of the string.
>
> This seems like something which should have a fixes: tag, and be
> against net, not net-next.
Quoting DaveM's revert mentioned in the commit message:
First of all, the orion5x buffer is not NULL terminated. mac_pton()
has no business operating on non-NULL terminated buffers because
only the caller can know that this is valid and in what manner it
is ok to parse this NULL'less buffer.
Second of all, orion5x operates on an __iomem pointer, which cannot
be dereferenced using normal C pointer operations. Accesses to
such areas much be performed with the proper iomem accessors.
So AFAICT only null-terminated strings are expected here, this patch
does not fix any known issue. No need to put it in net (if it's needed
at all).
next prev parent reply other threads:[~2022-10-11 0:38 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-05 16:43 [PATCH v1 1/1] mac_pton: Don't access memory over expected length Andy Shevchenko
2022-10-06 3:37 ` Jakub Kicinski
2022-10-10 20:19 ` Andrew Lunn
2022-10-10 20:29 ` Andy Shevchenko
2022-10-10 20:45 ` Andrew Lunn
2022-11-08 13:55 ` Andy Shevchenko
2022-10-11 0:38 ` Jakub Kicinski [this message]
2022-11-08 13:51 ` Andy Shevchenko
2022-11-08 13:55 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221010173809.5f863ea6@kernel.org \
--to=kuba@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=andrew@lunn.ch \
--cc=andriy.shevchenko@linux.intel.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).