On Wed, Jan 22, 2025 at 06:16:35PM +0000, Simon Horman wrote: > On Wed, Jan 22, 2025 at 03:41:02PM +0100, Peter Seiderer wrote: > > While taking a look at '[PATCH net] pktgen: Avoid out-of-range in > > get_imix_entries' ([1]) and '[PATCH net v2] pktgen: Avoid out-of-bounds access > > in get_imix_entries' ([2], [3]) and doing some tests and code review I > > detected that the /proc/net/pktgen/... parsing logic does not honour the > > user given buffer bounds (resulting in out-of-bounds access). > > > > This can be observed e.g. by the following simple test (sometimes the > > old/'longer' previous value is re-read from the buffer): > > > > $ echo add_device lo@0 > /proc/net/pktgen/kpktgend_0 > > > > $ echo "min_pkt_size 12345" > /proc/net/pktgen/lo\@0 && grep min_pkt_size /proc/net/pktgen/lo\@0 > > Params: count 1000 min_pkt_size: 12345 max_pkt_size: 0 > > Result: OK: min_pkt_size=12345 > > > > $ echo -n "min_pkt_size 123" > /proc/net/pktgen/lo\@0 && grep min_pkt_size /proc/net/pktgen/lo\@0 > > Params: count 1000 min_pkt_size: 12345 max_pkt_size: 0 > > Result: OK: min_pkt_size=12345 > > > > $ echo "min_pkt_size 123" > /proc/net/pktgen/lo\@0 && grep min_pkt_size /proc/net/pktgen/lo\@0 > > Params: count 1000 min_pkt_size: 123 max_pkt_size: 0 > > Result: OK: min_pkt_size=123 > > > > So fix the out-of-bounds access (and two minor findings) and add a simple > > proc_net_pktgen selftest... > > Hi Peter, > > Unfortunately net-next is closed at this time. Sorry, I was a little hasty. It looks like a number of these patches are fixes. If so, please consider separating them out into a separate series, targeted at net (rather than net-next), each with an appropriate Fixes tag.
