| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230822073825.GR2711035@kernel.org>
Date: Tue, 22 Aug 2023 09:38:25 +0200
From: Simon Horman <horms@...nel.org>
To: edward.cree@....com
Cc: linux-net-drivers@....com, davem@...emloft.net, kuba@...nel.org,
edumazet@...gle.com, pabeni@...hat.com,
Edward Cree <ecree.xilinx@...il.com>, netdev@...r.kernel.org,
habetsm.xilinx@...il.com, Andy Moreton <andy.moreton@....com>
Subject: Re: [PATCH net] sfc: allocate a big enough SKB for loopback selftest
packet
On Mon, Aug 21, 2023 at 07:01:53PM +0100, edward.cree@....com wrote:
> From: Edward Cree <ecree.xilinx@...il.com>
>
> Cited commits passed a size to alloc_skb that was only big enough for
> the actual packet contents, but the following skb_put + memcpy writes
> the whole struct efx_loopback_payload including leading and trailing
> padding bytes (which are then stripped off with skb_pull/skb_trim).
> This could cause an skb_over_panic, although in practice we get saved
> by kmalloc_size_roundup.
> Pass the entire size we use, instead of the size of the final packet.
>
> Reported-by: Andy Moreton <andy.moreton@....com>
> Fixes: cf60ed469629 ("sfc: use padding to fix alignment in loopback test")
> Fixes: 30c24dd87f3f ("sfc: siena: use padding to fix alignment in loopback test")
> Fixes: 1186c6b31ee1 ("sfc: falcon: use padding to fix alignment in loopback test")
> Signed-off-by: Edward Cree <ecree.xilinx@...il.com>
Reviewed-by: Simon Horman <horms@...nel.org>
Powered by blists - more mailing lists