lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20220530095353.1237458-1-alexandr.lobakin@intel.com>
Date:   Mon, 30 May 2022 11:53:53 +0200
From:   Alexander Lobakin <alexandr.lobakin@...el.com>
To:     Saeed Mahameed <saeed@...nel.org>
Cc:     Alexander Lobakin <alexandr.lobakin@...el.com>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Mark Bloch <mbloch@...dia.com>,
        Maor Gottlieb <maorg@...dia.com>, netdev@...r.kernel.org,
        linux-rdma@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] net/mlx5: fix invalid structure access

From: Saeed Mahameed <saeed@...nel.org>
Date: Fri, 27 May 2022 15:29:05 -0700

> On 27 May 13:01, Alexander Lobakin wrote:
> >After pulling latest bpf-next, I started catching the following:

[...]

> We have a similar patch that is being reviewed internally.
> I don't like comparing strings to match devices. Also this could cause mlx5
> unwanted aux devices to be matched, e.g mlx5e, mlx5_ib, mlx5v, etc .., since
> they all share the same prefix ? yes, no ? 
> 
> We also have another patch/approach that is comparing drivers:
> 
> 	if (dev->driver != curr->device->driver)
> 		return NULL;
> 
> But also this is under discussion.

Ok, I spotted that implementation in your repo at korg, hope it will
hit mainline trees soon.

> 
> I think the whole design of this function is wrong, it's being used to match
> devices of type mlx5_core_dev which are pci devices, but it is using aux class
> to lookup! It works since we always have some aux devices hanging on top of
> mlx5_core pci devs and since all of them share the same wrapper structure
> "mlx5_adev" we find the corresponding mdev "mlx5_core_dev" sort of correctly.

[...]

> >-- 
> >2.36.1

Thanks,
Al

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ