| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4bf4ec53-c972-4009-b827-5083e080f32f@bootlin.com> Date: Wed, 7 Jan 2026 10:28:30 +0100 From: Maxime Chevallier <maxime.chevallier@...tlin.com> To: "Russell King (Oracle)" <rmk+kernel@...linux.org.uk>, Andrew Lunn <andrew@...n.ch>, Heiner Kallweit <hkallweit1@...il.com> Cc: Alexandre Torgue <alexandre.torgue@...s.st.com>, Andrew Lunn <andrew+netdev@...n.ch>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, linux-arm-kernel@...ts.infradead.org, linux-stm32@...md-mailman.stormreply.com, Maxime Coquelin <mcoquelin.stm32@...il.com>, netdev@...r.kernel.org, Paolo Abeni <pabeni@...hat.com> Subject: Re: [PATCH net-next 4/9] net: stmmac: descs: fix buffer 1 off-by-one error Hi Russell, On 06/01/2026 21:31, Russell King (Oracle) wrote: > norm_set_tx_desc_len_on_ring() incorrectly tests the buffer length, > leading to a length of 2048 being squeezed into a bitfield covering > bits 10:0 - which results in the buffer 1 size being zero. > > If this field is zero, buffer 1 is ignored, and thus is equivalent > to transmitting a zero length buffer. > > Signed-off-by: Russell King (Oracle) <rmk+kernel@...linux.org.uk> Should it be a fix ? I've tried to trigger the bug without success, this seems to be fairly specific so I'm OK with it going to net-next. Reviewed-by: Maxime Chevallier <maxime.chevallier@...tlin.com> Maxime
Powered by blists - more mailing lists