> -----Original Message----- > From: Intel-wired-lan [mailto:intel-wired-lan-boun...@osuosl.org] On > Behalf Of Konstantin Khorenko > Sent: Friday, November 23, 2018 8:10 AM > To: Kirsher, Jeffrey T <jeffrey.t.kirs...@intel.com> > Cc: netdev@vger.kernel.org; intel-wired-...@lists.osuosl.org; linux- > ker...@vger.kernel.org; Konstantin Khorenko <khore...@virtuozzo.com>; > David S . Miller <da...@davemloft.net> > Subject: [Intel-wired-lan] [PATCH 1/1] drivers/net/i40e: define proper > net_device::neigh_priv_len > > Out of bound read reported by KASan. > > i40iw_net_event() reads unconditionally 16 bytes from > neigh->primary_key while the memory allocated for > "neighbour" struct is evaluated in neigh_alloc() as > > tbl->entry_size + dev->neigh_priv_len > > where "dev" is a net_device. > > But the driver does not setup dev->neigh_priv_len and we read beyond the > neigh entry allocated memory, so the patch in the next mail fixes this. > > Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com> > --- > drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +++ > 1 file changed, 3 insertions(+)
Tested-by: Andrew Bowers <andrewx.bow...@intel.com>
