lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAJcM6BGWGLrS=7b5Hq6RVZTD9ZHn7HyFssU6FDW4=-U8HD0+bw@mail.gmail.com>
Date: Thu, 8 Jan 2026 07:35:59 -0800
From: Ankit Garg <nktgrg@...gle.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Joshua Washington <joshwash@...gle.com>, netdev@...r.kernel.org, 
	Harshitha Ramamurthy <hramamurthy@...gle.com>, Andrew Lunn <andrew+netdev@...n.ch>, 
	"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Paolo Abeni <pabeni@...hat.com>, Willem de Bruijn <willemb@...gle.com>, 
	Praveen Kaligineedi <pkaligineedi@...gle.com>, Catherine Sullivan <csully@...gle.com>, 
	Luigi Rizzo <lrizzo@...gle.com>, Jon Olson <jonolson@...gle.com>, Sagi Shahar <sagis@...gle.com>, 
	Bailey Forrest <bcf@...gle.com>, linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH net 0/2] gve: fix crashes on invalid TX queue indices

On Tue, Jan 6, 2026 at 6:22 PM Jakub Kicinski <kuba@...nel.org> wrote:
>
> On Mon,  5 Jan 2026 15:25:02 -0800 Joshua Washington wrote:
> > This series fixes a kernel panic in the GVE driver caused by
> > out-of-bounds array access when the network stack provides an invalid
> > TX queue index.
>
> Do you know how? I seem to recall we had such issues due to bugs
> in the qdisc layer, most of which were fixed.
>
> Fixing this at the source, if possible, would be far preferable
> to sprinkling this condition to all the drivers.
That matches our observation—we have encountered this panic on older
kernels (specifically Rocky Linux 8) but have not been able to
reproduce it on recent upstream kernels.

Could you point us to the specific qdisc fixes you recall? We'd like
to verify if the issue we are seeing on the older kernel is indeed one
of those known/fixed bugs.

If it turns out this is fully resolved in the core network stack
upstream, we can drop this patch for the mainline driver. However, if
there is ambiguity, do you think there is value in keeping this check
to prevent the driver from crashing on invalid input?

Thanks,
Ankit Garg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ