[Bug 263824] genet(4): Driver interface may overwrite memory in a consecutive memory copy operations when parsing TX packet

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 23 May 2022 11:59:48 UTC

--- Comment #7 from commit-hook@FreeBSD.org ---
A commit in branch stable/13 references this bug:


commit 7e6e22aab6b993e42328bafe0f64ee14a2b7c43c
Author:     Mike Karels <karels@FreeBSD.org>
AuthorDate: 2022-05-09 12:19:52 +0000
Commit:     Mike Karels <karels@FreeBSD.org>
CommitDate: 2022-05-23 11:53:01 +0000

    genet: fix output packet corruption in uncommon case

    The code for the "shift" block in the COPY macro set the pointer for
    the next copy block to the wrong value.  In this case, the link-layer
    header would be overwritten by the network-layer header.  This case is
    difficult or impossible to exercise in the current driver without
    changing the value of the hw.genet.tx_hdr_min sysctl.  Correct the
    pointer.  While here, remove a line in the macro that was marked
    "unneeded", which was actually wrong.

    PR:             263824
    Submitted by:   jiahali@blackberry.com

    (cherry picked from commit 1de9aa4d4f7938f36e6485dad817908a6e45bb32)

 sys/arm64/broadcom/genet/if_genet.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

You are receiving this mail because:
You are on the CC list for the bug.