On Wed, Nov 07, 2018 at 02:48:24PM -0800, Jeff Kirsher wrote:
> From: Todd Fujinaka
>
> There's a new flag for setting WoL filters that is only
> enabled on one manufacturer's NICs, and it's not ours. Fail
> with EOPNOTSUPP.
>
> Signed-off-by: Todd Fujinaka
> Tested-by: Andrew Bowers
> Signed-
On Mon, May 07, 2018 at 04:03:25PM +0300, Michael S. Tsirkin wrote:
> On Fri, Apr 27, 2018 at 11:45:02AM -0400, Kevin Easton wrote:
> > The struct vhost_msg within struct vhost_msg_node is copied to userspace,
> > so it should be allocated with kzalloc() to ensure all structure
On Wed, May 02, 2018 at 05:19:27PM +0300, Michael S. Tsirkin wrote:
> On Wed, May 02, 2018 at 10:04:46AM -0400, David Miller wrote:
> > From: "Michael S. Tsirkin"
> > Date: Wed, 2 May 2018 16:36:37 +0300
> >
> > > Ouch. True - and in particular the 32 bit ABI on 64 bit kernels doesn't
> > > work
ri, 27 Apr 2018 19:02:05 +0300
> >>
> >> > There's a 32 bit hole just after type. It's best to
> >> > give it a name, this way compiler is forced to initialize
> >> > it with rest of the structure.
> >> >
> >> > Re
On Fri, Apr 27, 2018 at 09:07:56PM -0400, Kevin Easton wrote:
> On Fri, Apr 27, 2018 at 07:05:45PM +0300, Michael S. Tsirkin wrote:
> > On Fri, Apr 27, 2018 at 11:45:02AM -0400, Kevin Easton wrote:
> > > The struct vhost_msg within struct vhost_msg_node is copied to userspace,
On Fri, Apr 27, 2018 at 07:05:45PM +0300, Michael S. Tsirkin wrote:
> On Fri, Apr 27, 2018 at 11:45:02AM -0400, Kevin Easton wrote:
> > The struct vhost_msg within struct vhost_msg_node is copied to userspace,
> > so it should be allocated with kzalloc() to ensure all structure
On Fri, Apr 27, 2018 at 05:39:06PM +0200, Guillaume Nault wrote:
> On Fri, Apr 27, 2018 at 08:23:16AM -0400, Kevin Easton wrote:
...
> > There's another bug here - pppoe_connect() should also be validating
> > sp->sa_family. My suggested patch was going to be:
> >
The struct vhost_msg within struct vhost_msg_node is copied to userspace,
so it should be allocated with kzalloc() to ensure all structure padding
is zeroed.
Signed-off-by: Kevin Easton
Reported-by: syzbot+87cfa083e727a2247...@syzkaller.appspotmail.com
---
drivers/vhost/vhost.c | 2 +-
1 file
On Mon, Apr 23, 2018 at 04:38:27PM +0200, Guillaume Nault wrote:
> We must validate sockaddr_len, otherwise userspace can pass fewer data
> than we expect and we end up accessing invalid data.
>
> Fixes: 224cf5ad14c0 ("ppp: Move the PPP drivers")
> Reported-by: syzbot+4f03bdf92fdf9ef5d...@syzkalle
On Mon, Apr 09, 2018 at 01:56:36AM -0400, Kevin Easton wrote:
> On Sun, Apr 08, 2018 at 09:04:33PM -0700, Eric Biggers wrote:
> ...
> >
> > Looks like this is going to be fixed by
> > https://patchwork.kernel.org/patch/10327883/ ("af_key: Always verify length
> &
On Mon, Apr 09, 2018 at 12:34:42PM +0200, Steffen Klassert wrote:
> On Sat, Apr 07, 2018 at 11:40:47AM -0400, Kevin Easton wrote:
> > Several places use (x + 7) / 8 to convert from a number of bits to a number
> > of bytes. Replace those with DIV_ROUND_UP(x, 8) instead, for consi
On Sun, Apr 08, 2018 at 09:04:33PM -0700, Eric Biggers wrote:
...
>
> Looks like this is going to be fixed by
> https://patchwork.kernel.org/patch/10327883/ ("af_key: Always verify length of
> provided sadb_key"), but it's not applied yet to the ipsec tree yet. Kevin,
> for
> future reference, f
Several places use (x + 7) / 8 to convert from a number of bits to a number
of bytes. Replace those with DIV_ROUND_UP(x, 8) instead, for consistency
with other parts of the same file.
Signed-off-by: Kevin Easton
---
net/key/af_key.c | 13 +++--
1 file changed, 7 insertions(+), 6
Steffen's
feedback I have re-ordered them so that the fix only is in patch 1, which
I would suggest is also a stable tree candidate, whereas patch 2 is a
cleanup only.
Kevin Easton (2):
af_key: Always verify length of provided sadb_key
af_key: Use DIV_ROUND_UP() instead of open-coded equiv
SADB_X_AALG_NULL. Furthermore, the sadb_key_len value
must be long enough to include both the key data and the struct sadb_key
itself.
Introduce a helper function verify_key_len(), and call it from
parse_exthdrs() where other exthdr types are similarly checked for
correctness.
Signed-off-by: Kevin Easton
On Wed, Mar 28, 2018 at 07:59:25AM +0200, Steffen Klassert wrote:
> On Mon, Mar 26, 2018 at 07:39:16AM -0400, Kevin Easton wrote:
> > Several places use (x + 7) / 8 to convert from a number of bits to a number
> > of bytes. Replace those with DIV_ROUND_UP(x, 8) instead, for consi
Several places use (x + 7) / 8 to convert from a number of bits to a number
of bytes. Replace those with DIV_ROUND_UP(x, 8) instead, for consistency
with other parts of the same file.
Signed-off-by: Kevin Easton
---
net/key/af_key.c | 21 +++--
1 file changed, 11 insertions
SADB_X_AALG_NULL. Furthermore, the sadb_key_len value
must be long enough to include both the key data and the struct sadb_key
itself.
Introduce a helper function verify_key_len(), and call it from
parse_exthdrs() where other exthdr types are similarly checked for
correctness.
Signed-off-by: Kevin Easton
As found by syzbot, af_key does not properly validate the key length in
sadb_key messages from userspace. This can result in copying from beyond
the end of the sadb_key part of the message, or indeed beyond the end of
the entire packet.
Kevin Easton (2):
af_key: Use DIV_ROUND_UP() instead of
On Fri, Jul 14, 2017 at 12:37:05PM +0200, Arnd Bergmann wrote:
> On Fri, Jul 14, 2017 at 12:08 PM, Joe Perches wrote:
> > On Fri, 2017-07-14 at 11:25 +0200, Arnd Bergmann wrote:
> >> We test whether a bit is set in a mask here, which is correct
> >> but gcc warns about it as it thinks it might be
20 matches
Mail list logo
