| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e76f230c-a513-4185-ae3f-72c033aeeb1e@lunn.ch>
Date: Fri, 9 May 2025 14:31:00 +0200
From: Andrew Lunn <andrew@...n.ch>
To: Jakob Unterwurzacher <jakobunt@...il.com>
Cc: Woojung Huh <woojung.huh@...rochip.com>, UNGLinuxDriver@...rochip.com,
Vladimir Oltean <olteanv@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Simon Horman <horms@...nel.org>, quentin.schulz@...rry.de,
Jakob Unterwurzacher <jakob.unterwurzacher@...rry.de>,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
George McCollister <george.mccollister@...il.com>
Subject: Re: [PATCH] net: dsa: microchip: linearize skb for tail-tagging
switches
On Fri, May 09, 2025 at 09:18:19AM +0200, Jakob Unterwurzacher wrote:
> The pointer arithmentic for accessing the tail tag does not
> seem to handle nonlinear skbs.
>
> For nonlinear skbs, it reads uninitialized memory inside the
> skb headroom, essentially randomizing the tag, breaking user
> traffic.
Both tag_rtl8_4.c & tag_trailer.c also linearize, so i would say this
is correct.
What is interesting is that both xrs700x_rcv() and
sja1110_rcv_inband_control_extension() also don't call
skb_linearize().
Vladimir? George?
> Tested on v6.12.19 and today's master (d76bb1ebb5587f66b).
Please read:
https://www.kernel.org/doc/html/latest/process/maintainer-netdev.html
This patch should be for net, and you need a Fixes: tag.
Andrew
---
pw-bot: cr
Powered by blists - more mailing lists