[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 5 May 2022 13:57:24 -0700
From: Grant Grundler <grundler@...omium.org>
To: Igor Russkikh <irusskikh@...vell.com>
Cc: Grant Grundler <grundler@...omium.org>,
Dmitrii Bezrukov <dbezrukov@...vell.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
netdev <netdev@...r.kernel.org>,
"David S . Miller" <davem@...emloft.net>,
LKML <linux-kernel@...r.kernel.org>,
Aashay Shringarpure <aashay@...gle.com>,
Yi Chou <yich@...gle.com>,
Shervin Oloumi <enlightened@...gle.com>
Subject: Re: [EXT] Re: [PATCH 0/5] net: atlantic: more fuzzing fixes
On Thu, May 5, 2022 at 12:11 AM Igor Russkikh <irusskikh@...vell.com> wrote:
>
>
> Hi Grant and Dmitrii,
>
> >> So to close session I guess need to set is_rsc_completed to true when
> >> number of frags is going to exceed value MAX_SKB_FRAGS, then packet will
> >> be built and submitted to stack.
> >> But of course need to check that there will not be any other corner cases
> >> with this new change.
> >
> > Ok. Sounds like I should post a v2 then and just drop 1/5 and 5/5
> > patches. Will post that tomorrow.
>
> I think the part with check `hw_head_ >= ring->size` still can be used safely (patch 5).
Ok - I'll rewrite 5/5 to only include this hunk.
> For patch 1 - I agree it may make things worse, so either drop or think on how to interpret invalid `next` and stop LRO session.
I'll drop the proposed patch for now and discuss with Aashay (ChromeOS
security) more.
cheers,
grant
>
> Thanks,
> Igor
Powered by blists - more mailing lists