Re: [EXT] Re: [PATCH 0/5] net: atlantic: more fuzzing fixes

From: Grant Grundler
Date: Thu May 05 2022 - 17:04:49 EST


On Thu, May 5, 2022 at 12:11 AM Igor Russkikh <irusskikh@xxxxxxxxxxx> wrote:
>
>
> Hi Grant and Dmitrii,
>
> >> So to close session I guess need to set is_rsc_completed to true when
> >> number of frags is going to exceed value MAX_SKB_FRAGS, then packet will
> >> be built and submitted to stack.
> >> But of course need to check that there will not be any other corner cases
> >> with this new change.
> >
> > Ok. Sounds like I should post a v2 then and just drop 1/5 and 5/5
> > patches. Will post that tomorrow.
>
> I think the part with check `hw_head_ >= ring->size` still can be used safely (patch 5).

Ok - I'll rewrite 5/5 to only include this hunk.

> For patch 1 - I agree it may make things worse, so either drop or think on how to interpret invalid `next` and stop LRO session.

I'll drop the proposed patch for now and discuss with Aashay (ChromeOS
security) more.

cheers,
grant

>
> Thanks,
> Igor