lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 5 Mar 2017 09:55:42 +0000
From:   "Mintz, Yuval" <Yuval.Mintz@...ium.com>
To:     Michal Schmidt <mschmidt@...hat.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:     "Elior, Ariel" <Ariel.Elior@...ium.com>
Subject: RE: [PATCH net 3/7] bnx2x: fix possible overrun of VFPF multicast
 addresses array

> @@ -883,6 +883,15 @@ int bnx2x_vfpf_set_mcast(struct net_device *dev)
>  	/* Get Rx mode requested */
>  	DP(NETIF_MSG_IFUP, "dev->flags = %x\n", dev->flags);
> 
> +	/* We support PFVF_MAX_MULTICAST_PER_VF mcast addresses tops
> */
> +	if (netdev_mc_count(dev) > PFVF_MAX_MULTICAST_PER_VF) {
> +		DP(NETIF_MSG_IFUP,
> +		   "VF supports not more than %d multicast MAC
> addresses\n",
> +		   PFVF_MAX_MULTICAST_PER_VF);
> +		rc = -EINVAL;
> +		goto out;
> +	}
> +
>  	netdev_for_each_mc_addr(ha, dev) {
>  		DP(NETIF_MSG_IFUP, "Adding mcast MAC: %pM\n",
>  		   bnx2x_mc_addr(ha));

You can push it even higher; It's a simply sanity and can be done
prior to bnx2x_vfpf_prep(), in which case you'd be able to simply return
instead of touching the goto label and passing through
the prep()/finalize() sequence.

BTW, just to mention that this is artificial limitation due to the HW channel.
If we'd be really motivated we can have VFs that can configure as many
approx. multicasts addresses as they want [similar to PFs], although that
would require a new PF driver as well [that supports a revised implementation].

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ