Re: [PATCH net-next] net: ethtool: Fix out-of-bounds copy to user

From: Andrew Lunn
Date: Fri Jun 02 2023 - 11:38:32 EST

Next message: Laurent Pinchart: "Re: [PATCH v2 3/3] drm/panel-simple: allow LVDS format override"
Previous message: Mickaël Salaün: "Re: [PATCH v4] Add .editorconfig file for basic formatting"
In reply to: Ding Hui: "Re: [PATCH net-next] net: ethtool: Fix out-of-bounds copy to user"
Next in thread: Alexander Duyck: "Re: [PATCH net-next] net: ethtool: Fix out-of-bounds copy to user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Also, RTNL should be held during the time both calls are made into the
> > driver. So nothing from userspace should be able to get in the middle
> > of these calls to change the number of queues.
> >
>
> The RTNL lock is already be held during every each ioctl in dev_ethtool().
>
> rtnl_lock();
> rc = __dev_ethtool(net, ifr, useraddr, ethcmd, state);
> rtnl_unlock();

Yes, exactly. So the kernel should be safe from buffer overruns.

Userspace will not get more than it asked for. It might get less, and
it could be different to the previous calls. But i'm not aware of
anything which says anything about the consistency between different
invocations of ethtool -S.

Andrew

Next message: Laurent Pinchart: "Re: [PATCH v2 3/3] drm/panel-simple: allow LVDS format override"
Previous message: Mickaël Salaün: "Re: [PATCH v4] Add .editorconfig file for basic formatting"
In reply to: Ding Hui: "Re: [PATCH net-next] net: ethtool: Fix out-of-bounds copy to user"
Next in thread: Alexander Duyck: "Re: [PATCH net-next] net: ethtool: Fix out-of-bounds copy to user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]