lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAHS8izM-UsaMCmY0Rqudg8-b8ObFFP9Tq0zD8-L7YB7CG2CURA@mail.gmail.com>
Date: Tue, 24 Jun 2025 08:23:01 -0700
From: Mina Almasry <almasrymina@...gle.com>
To: Yue Haibing <yuehaibing@...wei.com>
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, 
	pabeni@...hat.com, horms@...nel.org, netdev@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] net: Reoder rxq_idx check in __net_mp_open_rxq()

On Tue, Jun 24, 2025 at 6:44 AM Yue Haibing <yuehaibing@...wei.com> wrote:
>
> array_index_nospec() clamp the rxq_idx within the range of
> [0, dev->real_num_rx_queues), move the check before it.
>
> Signed-off-by: Yue Haibing <yuehaibing@...wei.com>

Fix looks valid to me. The current code looks wrong because the
dev->real_num_rx_queues check is done twice, so we'll never hit the
NL_SET_ERR_MSG.

One side effect of this is that userspace code that does an out of
range rxq bind will see EINVAL before this patch and it will see an
ERANGE with a netlink error message after this patch. I think this
change is fine even though it's a minor uapi change.

Reviewed-by: Mina Almasry <almasrymina@...gle.com>

-- 
Thanks,
Mina

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ