From: Stephan Wurm <stephan.wurm@a-eberle.de>
To: Eric Dumazet <edumazet@google.com>
Cc: "David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, eric.dumazet@gmail.com,
syzbot+671e2853f9851d039551@syzkaller.appspotmail.com,
WingMan Kwok <w-kwok2@ti.com>,
Murali Karicheri <m-karicheri2@ti.com>,
MD Danish Anwar <danishanwar@ti.com>,
Jiri Pirko <jiri@nvidia.com>,
George McCollister <george.mccollister@gmail.com>
Subject: Re: [PATCH net] net: hsr: avoid potential out-of-bound access in fill_frame_info()
Date: Fri, 17 Jan 2025 12:30:24 +0100 [thread overview]
Message-ID: <Z4o_UC0HweBHJ_cw@PC-LX-SteWu> (raw)
In-Reply-To: <20241126144344.4177332-1-edumazet@google.com>
Hello Eric,
Am 26. Nov 14:43 hat Eric Dumazet geschrieben:
> syzbot is able to feed a packet with 14 bytes, pretending
> it is a vlan one.
>
> Since fill_frame_info() is relying on skb->mac_len already,
> extend the check to cover this case.
thanks for addressing this szybot finding.
Unfortunately, this seems to cause issues with VLAN tagged frames being
dropped from a PRP interface.
My setup consists of a custom embedded system equipped with v6.6 kernel,
recently updated from v6.6.62 to v6.6.69. In order to gain support for
VLAN tagged messages on top of PRP, I have applied first patch of the
series (see msgid 20241106091710.3308519-2-danishanwar@ti.com) that is
currently integrated with v6.13.
Now I want to send GOOSE messages (L2 broadcast messages with VLAN
header, including id=0 and QoS information) via the PRP interface.
With v6.6.62 this works as expected, with v6.6.69 the functionality
stopped again, with all VLAN-tagged frames being dropped from the PRP
interface.
By reverting this fix locally, I was able to restore the desired
functionality. But I do not iyet understand, why this fix breaks
sending of VLAN tagged frames in general.
Do you already know about this side effect?
Can you guide me to narrow down this issue?
Best regards
Stephan
next prev parent reply other threads:[~2025-01-17 11:32 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-26 14:43 [PATCH net] net: hsr: avoid potential out-of-bound access in fill_frame_info() Eric Dumazet
2024-11-30 22:20 ` patchwork-bot+netdevbpf
2025-01-17 11:30 ` Stephan Wurm [this message]
2025-01-17 13:22 ` Eric Dumazet
2025-01-17 14:15 ` Stephan Wurm
2025-01-17 18:14 ` Eric Dumazet
2025-01-17 18:18 ` Eric Dumazet
2025-01-20 7:31 ` Stephan Wurm
2025-01-20 12:24 ` Eric Dumazet
2025-01-21 15:14 ` Stephan Wurm
2025-01-21 15:35 ` Eric Dumazet
2025-01-22 10:26 ` Stephan Wurm
2025-01-22 10:29 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z4o_UC0HweBHJ_cw@PC-LX-SteWu \
--to=stephan.wurm@a-eberle.de \
--cc=danishanwar@ti.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=george.mccollister@gmail.com \
--cc=jiri@nvidia.com \
--cc=kuba@kernel.org \
--cc=m-karicheri2@ti.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzbot+671e2853f9851d039551@syzkaller.appspotmail.com \
--cc=w-kwok2@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox