lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241101192739.6caece56@kernel.org>
Date: Fri, 1 Nov 2024 19:27:39 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Mina Almasry <almasrymina@...gle.com>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-kselftest@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
 Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, Simon
 Horman <horms@...nel.org>, Jesper Dangaard Brouer <hawk@...nel.org>, Ilias
 Apalodimas <ilias.apalodimas@...aro.org>, Shuah Khan <shuah@...nel.org>
Subject: Re: [PATCH net-next v1 0/7] devmem TCP fixes

On Fri, 1 Nov 2024 06:14:14 -0700 Mina Almasry wrote:
> But what is the 'missing input validation'? Do you mean the input
> validation for the SO_DEVMEM_DONTNEED API? That should be handled in
> the patch  "net: fix SO_DEVMEM_DONTNEED looping too long" in this
> series, unless I missed something.

I guess it's borderline but to me it feels like net material.
It changes the user visible behavior. Someone can write their
code to free 2k tokens on 6.12 and it will break on 6.13.
I don't feel strongly but the way the series ended up getting
split I figured maybe it was also your intuition. If you do
follow the net path -- please move the refactor out to the net-next
series.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ