On Wed, Jan 22, 2025 at 03:41:02PM +0100, Peter Seiderer wrote: > While taking a look at '[PATCH net] pktgen: Avoid out-of-range in > get_imix_entries' ([1]) and '[PATCH net v2] pktgen: Avoid out-of-bounds access > in get_imix_entries' ([2], [3]) and doing some tests and code review I > detected that the /proc/net/pktgen/... parsing logic does not honour the > user given buffer bounds (resulting in out-of-bounds access). > > This can be observed e.g. by the following simple test (sometimes the > old/'longer' previous value is re-read from the buffer): > > $ echo add_device lo@0 > /proc/net/pktgen/kpktgend_0 > > $ echo "min_pkt_size 12345" > /proc/net/pktgen/lo\@0 && grep min_pkt_size /proc/net/pktgen/lo\@0 > Params: count 1000 min_pkt_size: 12345 max_pkt_size: 0 > Result: OK: min_pkt_size=12345 > > $ echo -n "min_pkt_size 123" > /proc/net/pktgen/lo\@0 && grep min_pkt_size /proc/net/pktgen/lo\@0 > Params: count 1000 min_pkt_size: 12345 max_pkt_size: 0 > Result: OK: min_pkt_size=12345 > > $ echo "min_pkt_size 123" > /proc/net/pktgen/lo\@0 && grep min_pkt_size /proc/net/pktgen/lo\@0 > Params: count 1000 min_pkt_size: 123 max_pkt_size: 0 > Result: OK: min_pkt_size=123 > > So fix the out-of-bounds access (and two minor findings) and add a simple > proc_net_pktgen selftest... Hi Peter, Unfortunately net-next is closed at this time. ## Form letter - net-next-closed The merge window for v6.14 has begun. Therefore net-next is closed for new drivers, features, code refactoring and optimizations. We are currently accepting bug fixes only. Please repost when net-next reopens after Feb 3rd. RFC patches sent for review only are obviously welcome at any time. See: https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle -- pw-bot: deferred
