From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.ionic.de (ionic.de [145.239.234.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF3622D0623; Fri, 22 Aug 2025 19:15:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=145.239.234.145 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755890118; cv=none; b=MUnDbijvSyzlKFk2h+ESZucV7VjSMA+zvmhLmlc1kGFa3M+8EQnIQLvZxTDsLZzdczoy5yUgGc+FP2aVy6difw5MRBegbx15MfSyzofFaRqtaSp/qPMFgTZtLrFQu5lCWIbWXEGJOIi9hrDmuRzQnmMw9gM8tU8N7x80U7Cj24M= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755890118; c=relaxed/simple; bh=gP6uLdvGP8Ni8scPNvGQpb+xra8ykBOieZAE/w5gxFk=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=RSJAhPUd2+fhiJ8R9vtQ5QEJj6QimhQ3Is2JvbVgygmInCJw6NhEpMUvHNyQDp6dwXpIB8zCJuzFQfqZo9roZ9LRMGsXGWvZ+kxbfjy/e8yfzkNOOFUOgcB8BWwOtvj7UXj7B5Kp3Rx9LFMYM3w09AZEUdAorzSaz0owf8bi3MQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ionic.de; spf=pass smtp.mailfrom=ionic.de; dkim=pass (1024-bit key) header.d=ionic.de header.i=@ionic.de header.b=Mfjbda6R; arc=none smtp.client-ip=145.239.234.145 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ionic.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ionic.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=ionic.de header.i=@ionic.de header.b="Mfjbda6R" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ionic.de; s=default; t=1755889729; bh=gP6uLdvGP8Ni8scPNvGQpb+xra8ykBOieZAE/w5gxFk=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=Mfjbda6RarImPMDW0YbVIBaHWoH0FtEWFCXWYtHAJm94L6Y7UnWBAtYL2VMwKi/o+ wJZuYbJKe9qJhr1x3RZW1h30+SVq0nt/3J/cwcUGZ1347poKX3gvszstQSUtOuqZ4T YexHwB+amjgTmz0aFVaU/lmbQtC58zEqvjOufBk4= Received: from [172.24.215.49] (unknown [185.102.219.57]) by mail.ionic.de (Postfix) with ESMTPSA id 1AC1C1480F66; Fri, 22 Aug 2025 21:08:49 +0200 (CEST) Message-ID: Date: Fri, 22 Aug 2025 21:08:47 +0200 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v5 01/11] net: qrtr: ns: validate msglen before ctrl_pkt use To: Jakub Kicinski Cc: linux-arm-msm@vger.kernel.org, Manivannan Sadhasivam , Denis Kenzior , Eric Dumazet , Kuniyuki Iwashima , Paolo Abeni , Willem de Bruijn , "David S . Miller" , Simon Horman , linux-kernel@vger.kernel.org, netdev@vger.kernel.org References: <161d8d203f17fde87ac7dd2c9c24be6d1f35a3c1.1754962436.git.ionic@ionic.de> <20250815110900.2da8f3c5@kernel.org> Content-Language: en-US From: Mihai Moldovan Autocrypt: addr=ionic@ionic.de; keydata= xsFNBEjok5sBEADlDP0MwtucH6BJN2pUuvLLuRgVo2rBG2TsE/Ijht8/C4QZ6v91pXEs02m0 y/q3L/FzDSdcKddY6mWqplOiCAbT6F83e08ioF5+AqBs9PsI5XwohW9DPjtRApYlUiQgofe9 0t9F/77hPTafypycks9buJHvWKRy7NZ+ZtYv3bQMPFXVmDG7FXJqI65uZh2jH9jeJ+YyGnBX j82XHHtiRoR7+2XVnDZiFNYPhFVBEML7X0IGICMbtWUd/jECMJ6g8V7KMyi321GP3ijC9ygh 3SeT+Z+mJNkMmq2ii6Q2OkE12gelw1p0wzf7XF4Pl014pDp/j+A99/VLGyJK52VoNc8OMO5o gZE0DldJzzEmf+xX7fopNVE3NYtldJWG6QV+tZr3DN5KcHIOQ7JRAFlYuROywQAFrQb7TG0M S/iVEngg2DssRQ0sq9HkHahxCFyelBYKGAaljBJ4A4T8DcP2DoPVG5cm9qe4jKlJMmM1JtZz jNlEH4qp6ZzdpYT/FSWQWg57S6ISDryf6Cn+YAg14VWm0saE8NkJXTaOZjA+7qI/uOLLTUaa aGjSEsXFE7po6KDjx+BkyOrp3i/LBWcyClfY/OUvpyKT5+mDE5H0x074MTBcH9p7Zdy8DatA Jryb0vt2YeEe3vE4e1+M0kn8QfDlB9/VAAOmUKUvGTdvVlRNdwARAQABzR9NaWhhaSBNb2xk b3ZhbiA8aW9uaWNAaW9uaWMuZGU+wsGfBBMBCABJAhsjAh4BAheAAhkBCwsKDQkMCAsHAQMC BxUKCQgLAwIFFgIDAQAWIQRuEdCPdTOBx0TxyDwf1i7ZbiU6hwUCZwAtBAUJH/jM6QAKCRAf 1i7ZbiU6h8JHD/9odGNQMC0c/ZyvY80RFQTdi63cIc0aLG7kbYvUmCVQbNN/r6pGDVKXiBqa DjrB3knyYpcAVq2SIRZLjkCgCGQimfb3IZVfyl730fc8Z1xdQ87/FbHrdqIjNFyvYgkM24AU VoAyw0EBm99TiO/MFaHmD4T75l437EWA8KbDha9p+N2GHcxYJeJbQJ6rajpQZ0HFF20b5jF8 8de2g8kbQR1GPJgGGmJ8m07kfEl2kcgEwI/HZ3tVUBTwJ+dJf6IWy4pC8DZiZWaQao31nVzC RbpqOtevh/P6MeNeDKHBjlV0rEStCCz0xtA4U8/vDOVnk42IqsxkRmiPNh4U62jkh10D2CMd kCiBoOgU5KGC2Tbnc8XWr2E5AJywpsmFlTZ77Gv1HoKp1tOQ2RMNVWNqGV89BaUm15BSRPHG qzp7Tm4eMLnMvJyon36B01N/JRuNpDpHeGnDHyeqhnQqE8jrqQnwi2TDa2dKuHLlD9Of8LyV ewCwiVUhdWIINdTjkyN/0brzr//mhg6H/iEpnkm5i++gsRvQZgZip5ft51jzMjRg1nZujfYZ Ow2ss2kSQ3gA3rfRhxx3OAqa5b45CH56rvmY97wHBrWbJxevqNj6quLBNtl64aceJWyTgWue vShUhOP6wz5qq/+SxkKRiGndjE1HVmx4iOO413Crz0QfawCIjs7BTQRI6JObARAA8Prkme+B PwRqallmmNUuWC8Yt+J6XjYAH+Uf0k/H6MLA7Z+ZL8AHQ+0N306r/YFVnw2SjhaDODwhRoMv dOKtoIcJZ9L0LQAtizhZMbHCb+CMtcezGZXamXXpk10TzrbI9gnROz1xBnTkzpuOkgo43HRx 7GuYy+imM4Lxh/hfgRM6MFjQlcIsUd0UGRCxuq8QmxRqQpRougCwPeXjfOeMRkaQUI7A8kLJ 7bTmSzjB9fSBv63b7bajhFHid1COYGe3EZOYRi1RTzblTnq2Fdv+BN/ve/9BdZgApfRSX8Qk uLsuZF9OWHxIs3wwpvqFoyBXR29CqgrcQFFA/Lm3i/de3kFuXJUVFTYM4tLwV85J9yGtK6nU sA/v6LXcaTGrQ9P3rJ3iVPYKuyF2w8IMqvFTnHu6+nCvBJxLymOsYJFN4W/5TYdWk1hdIYmm NlM/PH+RWL8z+1WWZgZOBPFJ0FQQbDvTMP6m0/GZT1ZFUVoBG/FAiIQ9UDl8gRsGfe0wS6gz k2evXeAZQyZCii3Dni7Di2KjaPpnl/1F7Zelueb7VbgdoPRmND9rFixI6bFC4yjlSnL5iwIi ULDkLDJN5lcRHI5FO/6bzwVSgHmI+eMlNA/hysdTtp9AjE7VkVxeC9TJ+kEZDv5VUTSxUpNs Wj922PkX+78EYPPGTOG4xx7PMqcAEQEAAcLBfAQYAQgAJgIbDBYhBG4R0I91M4HHRPHIPB/W LtluJTqHBQJnAC0SBQkf+Mz3AAoJEB/WLtluJTqHtDUP/0O2gsMtgo07wIOrClj6UQJIs8PL 2sLHwvcmhQyFxPpa8wUAckJ2n3OpbjP22HP8tObT+Nhs7czTwelEFNdVcINBjnEPvJ5JNDuY h0qmP9wE6rQc2MKdS0ZjggeS4zEkiQI/WVOWhRTVNYUASQHMqrOB2ZZ6QWqND5uqfRTNfHAd 5bDGl4FNpH9lklmXTm/CbR0V0cYgkYCOUTLmNkur4AZIz5WPMgYXakz9K94SFzEDjZqr+nko S1hPiakYd3lUNXy9LAQ/YD7balC80jhB+/CFcb0DgNwADVjLz6lAwYl0/r5WGCBIVy0kwq4b dtO59zKJ4wAIKysW2Z42UJ5TvwinuOAHKHrZ3E17MQNNojcgi0tw88mSSkfDrZVqFKzjruhm HAe7PMdAJ1C4i21U6N5CSG+UwORWnPXKiKYbi3u9LXHqMwwzPxiAGbnmu4F4Fe7pHidRPTX8 xa2k8AipcPkLlwnm1ZKP/gZL0+NLUR9ky2W2B8YpfGwqBVuQ/C30PkXaEydd2IaVd+Lv6lLj 4zysWLWKUKPFdlI744AxkyDlFlbFbmICgQJ0AuBmgJRLtjLAfIlOKgfZguWA+uCo4F/mPZ7x 5CGLSvKqaA3YaiH85ziT5CjbFlMjbZrTHvI4/gprmgHEdec5BgQAaZ+z8sIbplcJwNp+GDq2 S0VlnF9z In-Reply-To: <20250815110900.2da8f3c5@kernel.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit * On 8/15/25 20:09, Jakub Kicinski wrote: > If this is a fix it has to go to net, then once it reaches Linus's tree > the dependent patches should be reposted for net-next. Thanks. Will split out the two commits and resend the resend of the series later on after the fixes have been merged. Might take me a few weeks, I'm currently very limited on time and internet access. >> diff --git a/net/qrtr/ns.c b/net/qrtr/ns.c >> index 3de9350cbf30..2bcfe539dc3e 100644 >> --- a/net/qrtr/ns.c >> +++ b/net/qrtr/ns.c >> @@ -619,6 +619,9 @@ static void qrtr_ns_worker(struct work_struct *work) >> break; >> } >> >> + if ((size_t)msglen < sizeof(*pkt)) >> + break; > > why not continue? I don't really know and am not familiar with the QRTR protocol, but here's my best guess: Since we're using non-blocking I/O, it doesn't seem to make sense to continue, because the next receive call would just break out anyway once it returns no data at all. Notice that we're also breaking out for -EAGAIN. Also, if we somehow got a short read, and we're currently dropping the buffer we just read, any additional data after a subsequent receive would be garbage to us anyway. We'd probably have to keep the old buffer content around and concatenate it with data returned from a new receive call. Mihai