Received: by 2002:a05:6358:701b:b0:131:369:b2a3 with SMTP id 27csp3767919rwo; Mon, 24 Jul 2023 16:51:47 -0700 (PDT) X-Google-Smtp-Source: APBJJlHte2HWZ/+63a422kotmbceXXWqrq8dhY2pAPjgnHDAcwxIo2F6af+G9TDO/liRjAKjVZhG X-Received: by 2002:aa7:db98:0:b0:514:9ab4:3524 with SMTP id u24-20020aa7db98000000b005149ab43524mr8508964edt.7.1690242707347; Mon, 24 Jul 2023 16:51:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690242707; cv=none; d=google.com; s=arc-20160816; b=Wv+tuPjiAi2OtxDjbd4D3eL9oAeAsQ7ZtQy1R+tCUhi8seqA91nr6tNW+psybyZZIy whO8jZhSmwayFFwMfC3rBJ3PuVC+JtmKVWApF7Ih8N9Qr3Z7FrQdvfgOvxvxLJ6qWq2A 24x/efs3CFgZQ++RwzOLY3j2xIkFvAZoA4sXY3LsITrDFz3Bd8km9gPbMD7PS0+YvLZI DWGdlBPryEJNGAzozCqYzYA5CV28GqYX6qm05lvqbyBoLQ6hGy5VlyNWAPc7gi6F/So2 Wr9cjsTT4UAP1jlJWC9DU7HZU+7xtpT7Cfq1MsRJjAnVubAK/cAMTx6w7GGqyWSMI4dm 74WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=RybO2zy801LD1QTKl/Ymta+dMfZNwKbuE7IFtdqD9a0=; fh=CxOlsY3Eyj5SguO0XfF2Xbtf8+ndiOLaNnDnPqO5YA0=; b=N4ZLWsGYX6yNpvZlk8a75uf9B47LiGC0mXmyF+/DK+nRYw87pIcI6f/xRoPJpjFvbA 4E6SPy5OjYNO5si1Jk/uzYUqFS3DeujeDiGsrjebt1Vx65Wz88QQRMdCgYXpR2buiQqR 3L0yPbXnQVJyml63eaMMjnU5EcLKRhm98g4fykctjxSx8uCLFnRntRvR7RowcYpGOCcN l+UVvRd0GGtZHjRxRt8y+XC1Np5mpSmzfKVYmDen+RwQAo5IwF6uBkSzlD2d2cno/nLF vH73zWDuDjK5p4G2kugjbxElZkdm0U0fvdeib+nrqsRDy2pfeyWi4OzpiOEaHDu+6Zfp FtfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=b3Hg0Pnx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u16-20020a056402065000b005223abb31ccsi1303486edx.354.2023.07.24.16.51.21; Mon, 24 Jul 2023 16:51:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=b3Hg0Pnx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230087AbjGXXCS (ORCPT + 99 others); Mon, 24 Jul 2023 19:02:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229479AbjGXXCR (ORCPT ); Mon, 24 Jul 2023 19:02:17 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D4C42E5C for ; Mon, 24 Jul 2023 16:02:16 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 62E6C6145F for ; Mon, 24 Jul 2023 23:02:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59E32C433C8; Mon, 24 Jul 2023 23:02:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690239735; bh=hI0FdL79ONz1aw2g1iC99scsQbNuHJWqIktK0q9d2t0=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=b3Hg0PnxsGfHyDxuZnH9oVhSo/fPlHoGpUlKPIo/KKCaqq9MmtD+6Wwx1991G8LX8 fuPPoGWgcdApm3IY2/O19ElLmY3AudPAU0ErbNqhTY2mm5bPklUkMzbywOSKKDkvxr LUqDUQwAG5UEgQJZ3QCBaBai3U9nEaQZ1YO37cIBsbYmjX2tQDB0UyReM5GDBqAq5r oxol7DOgGyoRZVg2we88v/XRosM4QfAnMXE1rgeyqPXmPBrSia3VpfXSXS3AX43F7E idGRIi3yBoXdwqvAmRrpJsI+Z3Qv641aAP3UKXQ/6DvEm1mbsfVHq/r4re7u3QHojp 5R0xPh7TVAyPA== Date: Mon, 24 Jul 2023 16:02:14 -0700 From: Jakub Kicinski To: Lin Ma Cc: jhs@mojatatu.com, xiyou.wangcong@gmail.com, jiri@resnulli.us, davem@davemloft.net, edumazet@google.com, pabeni@redhat.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 Message-ID: <20230724160214.424573ac@kernel.org> In-Reply-To: <20230724014625.4087030-1-linma@zju.edu.cn> References: <20230724014625.4087030-1-linma@zju.edu.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 24 Jul 2023 09:46:25 +0800 Lin Ma wrote: > The nla_for_each_nested parsing in function mqprio_parse_nlattr() does > not check the length of the nested attribute. This can lead to an > out-of-attribute read and allow a malformed nlattr (e.g., length 0) to > be viewed as 8 byte integer and passed to priv->max_rate/min_rate. > > This patch adds the check based on nla_len() when check the nla_type(), > which ensures that the length of these two attribute must equals > sizeof(u64). How do you run get_maintainer? You didn't CC the author of the code.