Re: [PATCH v4] net/mlx5: Fix OOB access and stack information leak in PTP event handling

Next message: Zack Rusin: "Re: [PATCH 15901/15901] drm/vmwgfx: fix NULL pointer dereference in vmw_validation_bo_fence()"
Previous message: Dan Williams: "Re: [PATCH RFC 4/4] docs: auto-generate maintainer entry profile links"
In reply to: Leon Romanovsky: "Re: [PATCH v4] net/mlx5: Fix OOB access and stack information leak in PTP event handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Prathamesh Deshpande

Date: Tue Apr 14 2026 - 21:06:09 EST

On Mon, Apr 13, 2026 at 05:46:10PM +0300, Leon Romanovsky wrote:
> On Sun, Apr 12, 2026 at 01:04:10AM +0100, Prathamesh Deshpande wrote:
> > In mlx5_pps_event(), several critical issues were identified:
> >
> > 1. The 'pin' index from the hardware event was used without bounds
> > checking to index 'pin_config' and 'pps_info->start'. Check against
> > MAX_PIN_NUM to prevent out-of-bounds access.
>
> You were told more than once that this is impossible.
>
> <...>
>
> > + if (WARN_ON_ONCE(pin >= MAX_PIN_NUM))
> > + return NOTIFY_OK;
>
> Let's not add useless checks in fast path.

Hi Leon,

Thanks for the feedback. I've addressed this in v5 by dropping the
redundant pin bounds and pin_config checks to keep the fast path clean,
focusing strictly on the stack leak and NULL clock guard fixes.

Thanks,
Prathamesh