diff options
| author | David S. Miller <davem@davemloft.net> | 2017-06-05 06:01:48 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-06-05 06:01:48 +0300 |
| commit | a619cc8bedd0df6dfbc389f4c904070be87a0e5c (patch) | |
| tree | 513b8ea0c8bb573013ed3ea31d0734674eee4158 /drivers/net/ethernet/qlogic/qed/qed_l2.h | |
| parent | a11227dcc345c1792945cae8a3b22882a723620f (diff) | |
| parent | e2fcad58fd230f635a74e4e983c6f4ea893642d2 (diff) | |
| download | linux-a619cc8bedd0df6dfbc389f4c904070be87a0e5c.tar.xz | |
Merge branch 'skb-sgvec-overflow'
Jason A. Donenfeld says:
====================
net: Avoiding stack overflow in skb_to_sgvec
The recent bug with macsec and historical one with virtio have
indicated that letting skb_to_sgvec trounce all over an sglist
without checking the length is probably a bad idea. And it's not
necessary either: an sglist already explicitly marks its last
item, and the initialization functions are diligent in doing so.
Thus there's a clear way of avoiding future overflows.
So, this patchset, from a high level, makes skb_to_sgvec return
a potential error code, and then adjusts all callers to check
for the error code. There are two situations in which skb_to_sgvec
might return such an error:
1) When the passed in sglist is too small; and
2) When the passed in skbuff is too deeply nested.
So, the first patch in this series handles the issues with
skb_to_sgvec directly, and the remaining ones then handle the call
sites.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/ethernet/qlogic/qed/qed_l2.h')
0 files changed, 0 insertions, 0 deletions