lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun,  7 Feb 2016 21:52:24 +0100
From:	Nikolay Aleksandrov <razor@...ckwall.org>
To:	netdev@...r.kernel.org
Cc:	mst@...hat.com, roopa@...ulusnetworks.com, davem@...emloft.net,
	Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
Subject: [PATCH net-next 2/2] virtio_net: validate ethtool port setting and explain the user validation

From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>

We should validate the port setting that we got from the user and check
if it's what we've set it to (PORT_OTHER), also add explanation that
ignoring advertising is good as long as we don't have autonegotiation.

Signed-off-by: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
---
 drivers/net/virtio_net.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index c9fd52a8e6ec..fb0eae42bf39 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1386,11 +1386,13 @@ static bool virtnet_validate_ethtool_cmd(const struct ethtool_cmd *cmd)
 	struct ethtool_cmd diff1 = *cmd;
 	struct ethtool_cmd diff2 = {};
 
-	/* advertising and cmd are usually set, ignore port because we set it */
+	/* cmd is always set so we need to clear it, validate the port type
+	 * and also without autonegotiation we can ignore advertising
+	 */
 	ethtool_cmd_speed_set(&diff1, 0);
+	diff2.port = PORT_OTHER;
 	diff1.advertising = 0;
 	diff1.duplex = 0;
-	diff1.port = 0;
 	diff1.cmd = 0;
 
 	return !memcmp(&diff1, &diff2, sizeof(diff1));
-- 
2.4.3

Powered by blists - more mailing lists