From: Sasha Levin <sashal@kernel.org>
To: gregkh@linuxfoundation.org
Cc: magnus.karlsson@intel.com, daniel@iogearbox.net,
minhquangbui99@gmail.com, stable@vger.kernel.org
Subject: Re: FAILED: patch "[PATCH] xsk: Add missing check on user supplied headroom size" failed to apply to 4.19-stable tree
Date: Tue, 21 Apr 2020 20:17:21 -0400 [thread overview]
Message-ID: <20200422001721.GO1809@sasha-vm> (raw)
In-Reply-To: <158748891372198@kroah.com>
On Tue, Apr 21, 2020 at 07:08:33PM +0200, gregkh@linuxfoundation.org wrote:
>
>The patch below does not apply to the 4.19-stable tree.
>If someone wants it applied there, or to any other stable or longterm
>tree, then please email the backport, including the original git commit
>id to <stable@vger.kernel.org>.
>
>thanks,
>
>greg k-h
>
>------------------ original commit in Linus's tree ------------------
>
>From 99e3a236dd43d06c65af0a2ef9cb44306aef6e02 Mon Sep 17 00:00:00 2001
>From: Magnus Karlsson <magnus.karlsson@intel.com>
>Date: Tue, 14 Apr 2020 09:35:15 +0200
>Subject: [PATCH] xsk: Add missing check on user supplied headroom size
>
>Add a check that the headroom cannot be larger than the available
>space in the chunk. In the current code, a malicious user can set the
>headroom to a value larger than the chunk size minus the fixed XDP
>headroom. That way packets with a length larger than the supported
>size in the umem could get accepted and result in an out-of-bounds
>write.
>
>Fixes: c0c77d8fb787 ("xsk: add user memory registration support sockopt")
>Reported-by: Bui Quang Minh <minhquangbui99@gmail.com>
>Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
>Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
>Link: https://bugzilla.kernel.org/show_bug.cgi?id=207225
>Link: https://lore.kernel.org/bpf/1586849715-23490-1-git-send-email-magnus.karlsson@intel.com
Conflict with 624676e78899 ("xdp: xdp_umem: replace kmap on vmap for
umem map") around 'i' going away. Fixed and queued for 4.19.
--
Thanks,
Sasha
prev parent reply other threads:[~2020-04-22 0:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-21 17:08 FAILED: patch "[PATCH] xsk: Add missing check on user supplied headroom size" failed to apply to 4.19-stable tree gregkh
2020-04-22 0:17 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200422001721.GO1809@sasha-vm \
--to=sashal@kernel.org \
--cc=daniel@iogearbox.net \
--cc=gregkh@linuxfoundation.org \
--cc=magnus.karlsson@intel.com \
--cc=minhquangbui99@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).