[Intel-wired-lan] [PATCH net v1] i40e: fix passing tainted expression to kzalloc()

Loktionov, Aleksandr aleksandr.loktionov at intel.com
Wed Mar 29 05:10:08 UTC 2023


Goo day Paul

-----Original Message-----
From: Paul Menzel <pmenzel at molgen.mpg.de> 
Sent: Tuesday, March 28, 2023 1:26 PM
To: Loktionov, Aleksandr <aleksandr.loktionov at intel.com>
Cc: intel-wired-lan at lists.osuosl.org; Nguyen, Anthony L <anthony.l.nguyen at intel.com>
Subject: Re: [Intel-wired-lan] [PATCH net v1] i40e: fix passing tainted expression to kzalloc()

Dear Aleksandr,


Thank you for your patch.

Am 28.03.23 um 07:41 schrieb Loktionov, Aleksandr:
> From: Aleksandr Loktionov <aleksandr.loktionov at intel.com>
> 
> Add buff_size limit of 1280 bytes for user input value.

Why did you choose 1280 bytes and not some other number?


Limit of 1280 bytes is not my decision, please see the comment in the sources.
As it says 1280 is just big enough.

For the commit message summary/title you could use:

i40e: Limit expression passed to kzalloc() to 1280 bytes

I see your point, but can this patch be accepted as it?
Thank you

Alex

> Fixes: f1143c4b0f60 ("i40e: Expose AQ debugfs hooks")
> Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov at intel.com>
> ---
>   drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
> index c9dcd6d..b10d00d 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
> @@ -1356,7 +1356,7 @@ static ssize_t i40e_dbg_command_write(struct file *filp,
>   			goto command_write_done;
>   		}
>   		/* Just stub a buffer big enough in case user messed up */
> -		if (buffer_len == 0)
> +		if (buffer_len == 0 || buffer_len > 1280)
>   			buffer_len = 1280;
>   
>   		buff = kzalloc(buffer_len, GFP_KERNEL);


Kind regards,

Paul


More information about the Intel-wired-lan mailing list