Re: [PATCH v2] scsi: fcoe: reject FIP descriptors with zero fip_dlen in CVL walker

Next message: Andrew Morton: "Re: [PATCH v6 0/6] KSM: performance optimizations for rmap_walk_ksm"
Previous message: Martin K. Petersen: "Re: (subset) [PATCH v2 0/4] add ufs support for Exynosautov920 SoC"
In reply to: Hannes Reinecke: "Re: [PATCH v2] scsi: fcoe: reject FIP descriptors with zero fip_dlen in CVL walker"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Martin K. Petersen

Date: Fri May 22 2026 - 23:24:34 EST

On Mon, 18 May 2026 10:43:07 -0400, Michael Bommarito wrote:

> drivers/scsi/fcoe/fcoe_ctlr.c::fcoe_ctlr_recv_clr_vlink() advanced
> the descriptor cursor by an attacker-supplied fip_dlen without
> ever requiring dlen >= sizeof(struct fip_desc) in the default
> branch. The named descriptor cases (FIP_DT_MAC, FIP_DT_NAME,
> FIP_DT_VN_ID) checked their per-type minimum lengths, but a
> FIP_DT_NON_CRITICAL descriptor (fip_dtype >= 128, which the
> standard requires receivers to silently ignore) skipped that
> check entirely.
>
> [...]

Applied to 7.1/scsi-fixes, thanks!

[1/1] scsi: fcoe: reject FIP descriptors with zero fip_dlen in CVL walker
https://git.kernel.org/mkp/scsi/c/9eed1bd59937

--
Martin K. Petersen