Re: [EXT] Re: [PATCH 0/5] net: atlantic: more fuzzing fixes

From: Grant Grundler
Date: Thu May 05 2022 - 17:04:49 EST

Next message: Chris Packham: "[PATCH v2] dt-bindings: net: orion-mdio: Convert to JSON schema"
Previous message: Dmitry Baryshkov: "Re: [PATCH] drm: Document that power requirements for DP AUX transfers"
In reply to: Igor Russkikh: "Re: [EXT] Re: [PATCH 0/5] net: atlantic: more fuzzing fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 5, 2022 at 12:11 AM Igor Russkikh <irusskikh@xxxxxxxxxxx> wrote:
>
>
> Hi Grant and Dmitrii,
>
> >> So to close session I guess need to set is_rsc_completed to true when
> >> number of frags is going to exceed value MAX_SKB_FRAGS, then packet will
> >> be built and submitted to stack.
> >> But of course need to check that there will not be any other corner cases
> >> with this new change.
> >
> > Ok. Sounds like I should post a v2 then and just drop 1/5 and 5/5
> > patches. Will post that tomorrow.
>
> I think the part with check `hw_head_ >= ring->size` still can be used safely (patch 5).

Ok - I'll rewrite 5/5 to only include this hunk.

> For patch 1 - I agree it may make things worse, so either drop or think on how to interpret invalid `next` and stop LRO session.

I'll drop the proposed patch for now and discuss with Aashay (ChromeOS
security) more.

cheers,
grant

>
> Thanks,
> Igor

Next message: Chris Packham: "[PATCH v2] dt-bindings: net: orion-mdio: Convert to JSON schema"
Previous message: Dmitry Baryshkov: "Re: [PATCH] drm: Document that power requirements for DP AUX transfers"
In reply to: Igor Russkikh: "Re: [EXT] Re: [PATCH 0/5] net: atlantic: more fuzzing fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]