From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from fout-b7-smtp.messagingengine.com (fout-b7-smtp.messagingengine.com [202.12.124.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E91A31B6CE3 for ; Sun, 29 Jun 2025 10:04:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.150 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751191481; cv=none; b=hBpwQ/E3pMxHlmbONyGzg2jNA+wfvPE+kkkN3LVIgrDqAr6moerE6I0ORP/kDoWgZsQ/eVu81PBWyuthIGvPNRwiPz5OXIT+nTq7Pt2m5HUS6e9C7wtgIkhJvBzDzGJL/G6vKtn4a2X5TUUtk6XQY5b6T5gvWFbKmSIuluBRpgY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751191481; c=relaxed/simple; bh=MHUw+Ea6EVN75dCPT0C0rNMMDUosxpqkUHin2ZSK5Io=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=POglapA0XXmjX8SRyutQz/WVNi6WqGm99/jJ2pSx+R0a0B2wtTThxLrevBS0tZWVFSwMcubElizo07VR051wtk6HMuRq0efy0pRNts4wbhIpVc5/2C3PQ2pcNMqkaKRXKFnfwxO0FeOThjro6q17y3joii+/WQjUBTmtGp5dYAk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=idosch.org; spf=none smtp.mailfrom=idosch.org; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=UBRLnn4f; arc=none smtp.client-ip=202.12.124.150 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=idosch.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=idosch.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="UBRLnn4f" Received: from phl-compute-01.internal (phl-compute-01.phl.internal [10.202.2.41]) by mailfout.stl.internal (Postfix) with ESMTP id AFC261D00193; Sun, 29 Jun 2025 06:04:38 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-01.internal (MEProxy); Sun, 29 Jun 2025 06:04:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1751191478; x=1751277878; bh=ZzomQUF6p5nxj1MqjuH+Qbz4WFD2Eei7Mng 8tsp4RSA=; b=UBRLnn4fKanzl7ivCaB//U5+iQqC/ogwx9sIbOQSPFwgPlMi0Eq aYVwYpjY+ZMEZDYAZA5FfUmsE+wjm234kQGHKWDoeWcwqMc/quEEbUtLu6OacQsr NhPWlSMIqJxKf6aXzOq5IZtTMTkva4k8LWwYU1uKy1BJLAq9uqT0nd1heaAH1XvM Gbhj6u/zQpw3iFxMOOf1ag8RMXhFbWsHntlxcneS3jcbroDktGj676RcFlMpuZ5P fBdJ/kSeGJ05l6ii4EbFpzyyhji3ZsVCyr5IEPGJuXFAN2rBZ8qNzR4QoLdZdROM Mz9Uw8+vNGDOMyctl09eEbL0IuPP2NVxGCg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgdekheefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceurghi lhhouhhtmecufedttdenucenucfjughrpeffhffvvefukfhfgggtuggjsehttdertddttd dvnecuhfhrohhmpefkughoucfutghhihhmmhgvlhcuoehiughoshgthhesihguohhstghh rdhorhhgqeenucggtffrrghtthgvrhhnpedvudefveekheeugeeftddvveefgfduieefud eifefgleekheegleegjeejgeeghfenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr mhepmhgrihhlfhhrohhmpehiughoshgthhesihguohhstghhrdhorhhgpdhnsggprhgtph htthhopedutddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepkhhusggrsehkvghr nhgvlhdrohhrghdprhgtphhtthhopegurghvvghmsegurghvvghmlhhofhhtrdhnvghtpd hrtghpthhtohepnhgvthguvghvsehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthht ohepvgguuhhmrgiivghtsehgohhoghhlvgdrtghomhdprhgtphhtthhopehprggsvghnih esrhgvughhrghtrdgtohhmpdhrtghpthhtoheprghnughrvgifodhnvghtuggvvheslhhu nhhnrdgthhdprhgtphhtthhopehhohhrmhhssehkvghrnhgvlhdrohhrghdprhgtphhtth hopehshiiisghothdogeeftdhflehfjeeiieeffeeigedurgeivddvudejsehshiiikhgr lhhlvghrrdgrphhpshhpohhtmhgrihhlrdgtohhmpdhrtghpthhtoheprghnughrvgifse hluhhnnhdrtghh X-ME-Proxy: Feedback-ID: i494840e7:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 29 Jun 2025 06:04:37 -0400 (EDT) Date: Sun, 29 Jun 2025 13:04:35 +0300 From: Ido Schimmel To: Jakub Kicinski Cc: davem@davemloft.net, netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com, andrew+netdev@lunn.ch, horms@kernel.org, syzbot+430f9f76633641a62217@syzkaller.appspotmail.com, andrew@lunn.ch, maxime.chevallier@bootlin.com Subject: Re: [PATCH net-next] net: ethtool: avoid OOB accesses in PAUSE_SET Message-ID: References: <20250626233926.199801-1-kuba@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250626233926.199801-1-kuba@kernel.org> On Thu, Jun 26, 2025 at 04:39:26PM -0700, Jakub Kicinski wrote: > We now reuse .parse_request() from GET on SET, so we need to make sure > that the policies for both cover the attributes used for .parse_request(). > genetlink will only allocate space in info->attrs for ARRAY_SIZE(policy). > > Reported-by: syzbot+430f9f76633641a62217@syzkaller.appspotmail.com > Fixes: 963781bdfe20 ("net: ethtool: call .parse_request for SET handlers") > Signed-off-by: Jakub Kicinski Reviewed-by: Ido Schimmel Tested-by: Ido Schimmel Thanks, we hit that as well. BTW, shouldn't you also release the reference from the net device if ethnl_default_parse() fails in ethnl_default_set_doit()?