| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200910.150947.1427737324391041749.davem@davemloft.net>
Date: Thu, 10 Sep 2020 15:09:47 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: petrm@...dia.com
Cc: netdev@...r.kernel.org, kuba@...nel.org, parav@...dia.com,
saeedm@...dia.com, idosch@...dia.com, jiri@...dia.com
Subject: Re: [PATCH net] net: DCB: Validate DCB_ATTR_DCB_BUFFER argument
From: Petr Machata <petrm@...dia.com>
Date: Thu, 10 Sep 2020 14:09:05 +0200
> The parameter passed via DCB_ATTR_DCB_BUFFER is a struct dcbnl_buffer. The
> field prio2buffer is an array of IEEE_8021Q_MAX_PRIORITIES bytes, where
> each value is a number of a buffer to direct that priority's traffic to.
> That value is however never validated to lie within the bounds set by
> DCBX_MAX_BUFFERS. The only driver that currently implements the callback is
> mlx5 (maintainers CCd), and that does not do any validation either, in
> particual allowing incorrect configuration if the prio2buffer value does
> not fit into 4 bits.
>
> Instead of offloading the need to validate the buffer index to drivers, do
> it right there in core, and bounce the request if the value is too large.
>
> CC: Parav Pandit <parav@...dia.com>
> CC: Saeed Mahameed <saeedm@...dia.com>
> Fixes: e549f6f9c098 ("net/dcb: Add dcbnl buffer attribute")
> Signed-off-by: Petr Machata <petrm@...dia.com>
> Reviewed-by: Ido Schimmel <idosch@...dia.com>
> Reviewed-by: Jiri Pirko <jiri@...dia.com>
Applied and queued up for -stable, thank you.
Powered by blists - more mailing lists