lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <e76f230c-a513-4185-ae3f-72c033aeeb1e@lunn.ch> Date: Fri, 9 May 2025 14:31:00 +0200 From: Andrew Lunn <andrew@...n.ch> To: Jakob Unterwurzacher <jakobunt@...il.com> Cc: Woojung Huh <woojung.huh@...rochip.com>, UNGLinuxDriver@...rochip.com, Vladimir Oltean <olteanv@...il.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, quentin.schulz@...rry.de, Jakob Unterwurzacher <jakob.unterwurzacher@...rry.de>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, George McCollister <george.mccollister@...il.com> Subject: Re: [PATCH] net: dsa: microchip: linearize skb for tail-tagging switches On Fri, May 09, 2025 at 09:18:19AM +0200, Jakob Unterwurzacher wrote: > The pointer arithmentic for accessing the tail tag does not > seem to handle nonlinear skbs. > > For nonlinear skbs, it reads uninitialized memory inside the > skb headroom, essentially randomizing the tag, breaking user > traffic. Both tag_rtl8_4.c & tag_trailer.c also linearize, so i would say this is correct. What is interesting is that both xrs700x_rcv() and sja1110_rcv_inband_control_extension() also don't call skb_linearize(). Vladimir? George? > Tested on v6.12.19 and today's master (d76bb1ebb5587f66b). Please read: https://www.kernel.org/doc/html/latest/process/maintainer-netdev.html This patch should be for net, and you need a Fixes: tag. Andrew --- pw-bot: cr
Powered by blists - more mailing lists