Hi Paul,
Sorry for late replay, it takes some effort to change company policy of the proprietary. For the questions: 1. What upstream tree did you intend it for and why? - Linux mainline We are developing openBMC with kernel-6.6. For submitting patch to kernel-6.6 stable tree, it should exist in mainline first. Reference: https://github.com/openbmc/linux/commits/dev-6.6/
2. Have you seen such cards in the wild? It wouldn't harm mentioning specific examples in the commit message to probably help people searching for problems specific to them later. You can also consider adding Fixes: and Cc: stable tags if this bugfix solves a real issue and should be backported to stable kernels. - This NIC is developed by META terminus team and the problematic string is: The channel Version Str : 24.12.08-000 I will update it to commit message later.
-----Original Message----- From: Paul Fertser fercerpav@gmail.com Sent: Thursday, May 15, 2025 5:04 PM To: Jerry C Chen/WYHQ/Wiwynn Jerry_C_Chen@wiwynn.com Cc: patrick@stwcx.xyz; Samuel Mendoza-Jonas sam@mendozajonas.com; David S. Miller davem@davemloft.net; Eric Dumazet edumazet@google.com; Jakub Kicinski kuba@kernel.org; Paolo Abeni pabeni@redhat.com; Simon Horman horms@kernel.org; netdev@vger.kernel.org; linux-kernel@vger.kernel.org Subject: Re: [PATCH v1] net/ncsi: fix buffer overflow in getting version id
[External Sender]
Hello Jerry,
This looks like an updated version of your previous patch[0] but you have forgotten to increase the number in the Subject. You have also forgotten to reply and take into account /some/ of the points I raised in the review.
On Thu, May 15, 2025 at 04:34:47PM +0800, Jerry C Chen wrote:
In NC-SI spec v1.2 section 8.4.44.2, the firmware name doesn't need to be null terminated while its size occupies the full size of the field. Fix the buffer overflow issue by adding one additional byte for null terminator.
...
Please give an answer to every comment I made for your previous patch version and either make a corresponding change or explain why exactly you disagree.
Also please stop sending any and all "proprietary or confidential information".
[0] https://urldefense.com/v3/__https://patchwork.kernel.org/project/netdevbpf/p atch/20250227055044.3878374-1-Jerry_C_Chen@wiwynn.com/__;!!ObgLwW8 oGsQ!nQ0Zkq6AxOKAJHbUUrTRnNI8fJNt7itufBwUXkkZU1-yfFo3h6Vm55K_mqr 5Ur5kw9wE9cMVgIdoGCL3u2DhhqA$