* [PATCH] net/mvneta: fix possible out-of-bounds write
@ 2024-10-09 2:23 Chengwen Feng
2024-10-09 3:48 ` Stephen Hemminger
` (3 more replies)
0 siblings, 4 replies; 9+ messages in thread
From: Chengwen Feng @ 2024-10-09 2:23 UTC (permalink / raw)
To: thomas, ferruh.yigit, stephen, Zyta Szpak, Liron Himi,
Dmitri Epshtein, Natalie Samsonov, Andrzej Ostruszka,
Ferruh Yigit
Cc: dev
The mvneta_ifnames_get() function will save 'iface' value to ifnames,
it will out-of-bounds write if passed many iface pairs (e.g.
'iface=xxx,iface=xxx,...').
Fixes: 4ccc8d770d3b ("net/mvneta: add PMD skeleton")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>
---
drivers/net/mvneta/mvneta_ethdev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/mvneta/mvneta_ethdev.c b/drivers/net/mvneta/mvneta_ethdev.c
index 3841c1ebe9..c49f083efa 100644
--- a/drivers/net/mvneta/mvneta_ethdev.c
+++ b/drivers/net/mvneta/mvneta_ethdev.c
@@ -91,6 +91,9 @@ mvneta_ifnames_get(const char *key __rte_unused, const char *value,
{
struct mvneta_ifnames *ifnames = extra_args;
+ if (ifnames->idx >= NETA_NUM_ETH_PPIO)
+ return -EINVAL;
+
ifnames->names[ifnames->idx++] = value;
return 0;
--
2.17.1
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] net/mvneta: fix possible out-of-bounds write
2024-10-09 2:23 [PATCH] net/mvneta: fix possible out-of-bounds write Chengwen Feng
@ 2024-10-09 3:48 ` Stephen Hemminger
2024-10-09 3:48 ` zhoumin
` (2 subsequent siblings)
3 siblings, 0 replies; 9+ messages in thread
From: Stephen Hemminger @ 2024-10-09 3:48 UTC (permalink / raw)
To: Chengwen Feng
Cc: thomas, ferruh.yigit, Zyta Szpak, Liron Himi, Dmitri Epshtein,
Natalie Samsonov, Andrzej Ostruszka, Ferruh Yigit, dev
On Wed, 9 Oct 2024 02:23:42 +0000
Chengwen Feng <fengchengwen@huawei.com> wrote:
> The mvneta_ifnames_get() function will save 'iface' value to ifnames,
> it will out-of-bounds write if passed many iface pairs (e.g.
> 'iface=xxx,iface=xxx,...').
>
> Fixes: 4ccc8d770d3b ("net/mvneta: add PMD skeleton")
> Cc: stable@dpdk.org
>
> Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
> Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>
> ---
> drivers/net/mvneta/mvneta_ethdev.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/net/mvneta/mvneta_ethdev.c b/drivers/net/mvneta/mvneta_ethdev.c
> index 3841c1ebe9..c49f083efa 100644
> --- a/drivers/net/mvneta/mvneta_ethdev.c
> +++ b/drivers/net/mvneta/mvneta_ethdev.c
> @@ -91,6 +91,9 @@ mvneta_ifnames_get(const char *key __rte_unused, const char *value,
> {
> struct mvneta_ifnames *ifnames = extra_args;
>
> + if (ifnames->idx >= NETA_NUM_ETH_PPIO)
> + return -EINVAL;
> +
Looks like a reasonable fix but for if some user tried to set up too many
devices, best to add a log message with severity of ERR to help them know why.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] net/mvneta: fix possible out-of-bounds write
2024-10-09 2:23 [PATCH] net/mvneta: fix possible out-of-bounds write Chengwen Feng
2024-10-09 3:48 ` Stephen Hemminger
@ 2024-10-09 3:48 ` zhoumin
2024-10-09 6:08 ` [PATCH v2] " Chengwen Feng
2024-10-10 0:53 ` [PATCH v3] " Chengwen Feng
3 siblings, 0 replies; 9+ messages in thread
From: zhoumin @ 2024-10-09 3:48 UTC (permalink / raw)
To: dev
Recheck-request: loongarch-compilation
--
Just for a test, please ignore.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v2] net/mvneta: fix possible out-of-bounds write
2024-10-09 2:23 [PATCH] net/mvneta: fix possible out-of-bounds write Chengwen Feng
2024-10-09 3:48 ` Stephen Hemminger
2024-10-09 3:48 ` zhoumin
@ 2024-10-09 6:08 ` Chengwen Feng
2024-10-09 15:09 ` Stephen Hemminger
2024-10-09 18:00 ` Stephen Hemminger
2024-10-10 0:53 ` [PATCH v3] " Chengwen Feng
3 siblings, 2 replies; 9+ messages in thread
From: Chengwen Feng @ 2024-10-09 6:08 UTC (permalink / raw)
To: thomas, ferruh.yigit, stephen; +Cc: dev, zr, lironh
The mvneta_ifnames_get() function will save 'iface' value to ifnames,
it will out-of-bounds write if passed many iface pairs (e.g.
'iface=xxx,iface=xxx,...').
Fixes: 4ccc8d770d3b ("net/mvneta: add PMD skeleton")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>
---
v2: add error log which address Stephen's comment.
---
drivers/net/mvneta/mvneta_ethdev.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/mvneta/mvneta_ethdev.c b/drivers/net/mvneta/mvneta_ethdev.c
index 3841c1ebe9..e641f19266 100644
--- a/drivers/net/mvneta/mvneta_ethdev.c
+++ b/drivers/net/mvneta/mvneta_ethdev.c
@@ -91,6 +91,11 @@ mvneta_ifnames_get(const char *key __rte_unused, const char *value,
{
struct mvneta_ifnames *ifnames = extra_args;
+ if (ifnames->idx >= NETA_NUM_ETH_PPIO) {
+ MVNETA_LOG(ERROR, "Detect too many ifnames!");
+ return -EINVAL;
+ }
+
ifnames->names[ifnames->idx++] = value;
return 0;
--
2.17.1
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2] net/mvneta: fix possible out-of-bounds write
2024-10-09 6:08 ` [PATCH v2] " Chengwen Feng
@ 2024-10-09 15:09 ` Stephen Hemminger
2024-10-09 18:00 ` Stephen Hemminger
1 sibling, 0 replies; 9+ messages in thread
From: Stephen Hemminger @ 2024-10-09 15:09 UTC (permalink / raw)
To: Chengwen Feng; +Cc: thomas, ferruh.yigit, dev, zr, lironh
On Wed, 9 Oct 2024 06:08:45 +0000
Chengwen Feng <fengchengwen@huawei.com> wrote:
> + if (ifnames->idx >= NETA_NUM_ETH_PPIO) {
> + MVNETA_LOG(ERROR, "Detect too many ifnames!");
> + return -EINVAL;
> + }
> +
Looks good, but the wording is a bit awkward. Suggest:
if (ifnames->idx >= NETA_NUM_ETH_PPIO) {
MVNET_LOG(ERR, "Too many ifnames specified (max %u)",
NETA_NUM_ETH_PPIO);
return -EINVAL;
}
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2] net/mvneta: fix possible out-of-bounds write
2024-10-09 6:08 ` [PATCH v2] " Chengwen Feng
2024-10-09 15:09 ` Stephen Hemminger
@ 2024-10-09 18:00 ` Stephen Hemminger
2024-10-10 1:01 ` fengchengwen
1 sibling, 1 reply; 9+ messages in thread
From: Stephen Hemminger @ 2024-10-09 18:00 UTC (permalink / raw)
To: Chengwen Feng; +Cc: thomas, ferruh.yigit, dev, zr, lironh
On Wed, 9 Oct 2024 06:08:45 +0000
Chengwen Feng <fengchengwen@huawei.com> wrote:
> The mvneta_ifnames_get() function will save 'iface' value to ifnames,
> it will out-of-bounds write if passed many iface pairs (e.g.
> 'iface=xxx,iface=xxx,...').
>
> Fixes: 4ccc8d770d3b ("net/mvneta: add PMD skeleton")
> Cc: stable@dpdk.org
>
> Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
> Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>
>
> ---
> v2: add error log which address Stephen's comment.
>
> ---
> drivers/net/mvneta/mvneta_ethdev.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/net/mvneta/mvneta_ethdev.c b/drivers/net/mvneta/mvneta_ethdev.c
> index 3841c1ebe9..e641f19266 100644
> --- a/drivers/net/mvneta/mvneta_ethdev.c
> +++ b/drivers/net/mvneta/mvneta_ethdev.c
> @@ -91,6 +91,11 @@ mvneta_ifnames_get(const char *key __rte_unused, const char *value,
> {
> struct mvneta_ifnames *ifnames = extra_args;
>
> + if (ifnames->idx >= NETA_NUM_ETH_PPIO) {
> + MVNETA_LOG(ERROR, "Detect too many ifnames!");
> + return -EINVAL;
> + }
> +
Compile fails due to typo. Need to use "ERR," not "ERROR,"
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v3] net/mvneta: fix possible out-of-bounds write
2024-10-09 2:23 [PATCH] net/mvneta: fix possible out-of-bounds write Chengwen Feng
` (2 preceding siblings ...)
2024-10-09 6:08 ` [PATCH v2] " Chengwen Feng
@ 2024-10-10 0:53 ` Chengwen Feng
2024-10-10 1:10 ` Stephen Hemminger
3 siblings, 1 reply; 9+ messages in thread
From: Chengwen Feng @ 2024-10-10 0:53 UTC (permalink / raw)
To: thomas, ferruh.yigit, stephen; +Cc: dev, zr, lironh
The mvneta_ifnames_get() function will save 'iface' value to ifnames,
it will out-of-bounds write if passed many iface pairs (e.g.
'iface=xxx,iface=xxx,...').
Fixes: 4ccc8d770d3b ("net/mvneta: add PMD skeleton")
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>
---
v3: fix compile error, and change err log which address Stephen's
comment.
v2: add error log which address Stephen's comment.
---
drivers/net/mvneta/mvneta_ethdev.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/mvneta/mvneta_ethdev.c b/drivers/net/mvneta/mvneta_ethdev.c
index 3841c1ebe9..f99f9e6289 100644
--- a/drivers/net/mvneta/mvneta_ethdev.c
+++ b/drivers/net/mvneta/mvneta_ethdev.c
@@ -91,6 +91,12 @@ mvneta_ifnames_get(const char *key __rte_unused, const char *value,
{
struct mvneta_ifnames *ifnames = extra_args;
+ if (ifnames->idx >= NETA_NUM_ETH_PPIO) {
+ MVNETA_LOG(ERR, "Too many ifnames specified (max %u)",
+ NETA_NUM_ETH_PPIO);
+ return -EINVAL;
+ }
+
ifnames->names[ifnames->idx++] = value;
return 0;
--
2.17.1
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2] net/mvneta: fix possible out-of-bounds write
2024-10-09 18:00 ` Stephen Hemminger
@ 2024-10-10 1:01 ` fengchengwen
0 siblings, 0 replies; 9+ messages in thread
From: fengchengwen @ 2024-10-10 1:01 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: thomas, ferruh.yigit, dev, zr, lironh
On 2024/10/10 2:00, Stephen Hemminger wrote:
> On Wed, 9 Oct 2024 06:08:45 +0000
> Chengwen Feng <fengchengwen@huawei.com> wrote:
>
>> The mvneta_ifnames_get() function will save 'iface' value to ifnames,
>> it will out-of-bounds write if passed many iface pairs (e.g.
>> 'iface=xxx,iface=xxx,...').
>>
>> Fixes: 4ccc8d770d3b ("net/mvneta: add PMD skeleton")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
>> Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>
>>
>> ---
>> v2: add error log which address Stephen's comment.
>>
>> ---
>> drivers/net/mvneta/mvneta_ethdev.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/drivers/net/mvneta/mvneta_ethdev.c b/drivers/net/mvneta/mvneta_ethdev.c
>> index 3841c1ebe9..e641f19266 100644
>> --- a/drivers/net/mvneta/mvneta_ethdev.c
>> +++ b/drivers/net/mvneta/mvneta_ethdev.c
>> @@ -91,6 +91,11 @@ mvneta_ifnames_get(const char *key __rte_unused, const char *value,
>> {
>> struct mvneta_ifnames *ifnames = extra_args;
>>
>> + if (ifnames->idx >= NETA_NUM_ETH_PPIO) {
>> + MVNETA_LOG(ERROR, "Detect too many ifnames!");
>> + return -EINVAL;
>> + }
>> +
>
> Compile fails due to typo. Need to use "ERR," not "ERROR,"
Thanks, already fix in v3
It seemed this driver depend on libmusdk, and unfortunately, I don't have this library locally.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v3] net/mvneta: fix possible out-of-bounds write
2024-10-10 0:53 ` [PATCH v3] " Chengwen Feng
@ 2024-10-10 1:10 ` Stephen Hemminger
0 siblings, 0 replies; 9+ messages in thread
From: Stephen Hemminger @ 2024-10-10 1:10 UTC (permalink / raw)
To: Chengwen Feng; +Cc: thomas, ferruh.yigit, dev, zr, lironh
On Thu, 10 Oct 2024 00:53:26 +0000
Chengwen Feng <fengchengwen@huawei.com> wrote:
> The mvneta_ifnames_get() function will save 'iface' value to ifnames,
> it will out-of-bounds write if passed many iface pairs (e.g.
> 'iface=xxx,iface=xxx,...').
>
> Fixes: 4ccc8d770d3b ("net/mvneta: add PMD skeleton")
> Cc: stable@dpdk.org
>
> Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
> Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-10-10 1:10 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-09 2:23 [PATCH] net/mvneta: fix possible out-of-bounds write Chengwen Feng
2024-10-09 3:48 ` Stephen Hemminger
2024-10-09 3:48 ` zhoumin
2024-10-09 6:08 ` [PATCH v2] " Chengwen Feng
2024-10-09 15:09 ` Stephen Hemminger
2024-10-09 18:00 ` Stephen Hemminger
2024-10-10 1:01 ` fengchengwen
2024-10-10 0:53 ` [PATCH v3] " Chengwen Feng
2024-10-10 1:10 ` Stephen Hemminger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).