openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/net/ethernet/chelsio/cxgb4
History
Stefano Brivio 0f3086868e cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() 
Passing commands for logging to t4_record_mbox() with size
MBOX_LEN, when the actual command size is actually smaller,
causes out-of-bounds stack accesses in t4_record_mbox() while
copying command words here:

	for (i = 0; i < size / 8; i++)
		entry->cmd[i] = be64_to_cpu(cmd[i]);

Up to 48 bytes from the stack are then leaked to debugfs.

This happens whenever we send (and log) commands described by
structs fw_sched_cmd (32 bytes leaked), fw_vi_rxmode_cmd (48),
fw_hello_cmd (48), fw_bye_cmd (48), fw_initialize_cmd (48),
fw_reset_cmd (48), fw_pfvf_cmd (32), fw_eq_eth_cmd (16),
fw_eq_ctrl_cmd (32), fw_eq_ofld_cmd (32), fw_acl_mac_cmd(16),
fw_rss_glb_config_cmd(32), fw_rss_vi_config_cmd(32),
fw_devlog_cmd(32), fw_vi_enable_cmd(48), fw_port_cmd(32),
fw_sched_cmd(32), fw_devlog_cmd(32).

The cxgb4vf driver got this right instead.

When we call t4_record_mbox() to log a command reply, a MBOX_LEN
size can be used though, as get_mbox_rpl() will fill cmd_rpl up
completely.

Fixes: 7f080c3f2f ("cxgb4: Add support to enable logging of firmware mailbox commands")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2017-08-28 15:24:23 -07:00
..
Makefile cxgb4: time stamping interface for PTP 2017-07-05 09:21:54 +01:00
clip_tbl.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
clip_tbl.h cxgb4: Fix incorrect 'c' suffix to %pI4, use %pISc instead 2015-02-20 17:25:52 -05:00
cxgb4.h net/cxgb4: Use new PCI_DEV_FLAGS_NO_RELAXED_ORDERING flag 2017-08-14 22:14:51 -07:00
cxgb4_dcb.c cxgb4: DCB message handler needs to use correct portid to netdev mapping 2016-04-26 13:23:57 -04:00
cxgb4_dcb.h cxgb4 : Improve IEEE DCBx support, other minor open-lldp fixes 2015-02-02 18:54:35 -08:00
cxgb4_debugfs.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-07-05 12:31:59 -07:00
cxgb4_debugfs.h VFS: Fix up some ->d_inode accesses in the chelsio driver 2015-04-15 15:06:54 -04:00
cxgb4_ethtool.c cxgb4: Support for get_ts_info ethtool method 2017-07-05 09:21:54 +01:00
cxgb4_fcoe.c cxgb4: fix boolreturn.cocci warnings 2015-03-29 12:15:56 -07:00
cxgb4_fcoe.h cxgb4: add cxgb4_fcoe.h and macro definitions for FCoE 2015-03-24 15:24:38 -04:00
cxgb4_filter.c net: introduce __skb_put_[zero, data, u8] 2017-06-20 13:30:14 -04:00
cxgb4_filter.h cxgb4: add common api support for configuring filters 2016-09-22 01:40:01 -04:00
cxgb4_main.c net/cxgb4: Use new PCI_DEV_FLAGS_NO_RELAXED_ORDERING flag 2017-08-14 22:14:51 -07:00
cxgb4_ptp.c cxgb4: ptp_clock_register() returns error pointers 2017-07-14 08:18:51 -07:00
cxgb4_ptp.h cxgb4: time stamping interface for PTP 2017-07-05 09:21:54 +01:00
cxgb4_tc_u32.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
cxgb4_tc_u32.h cxgb4: Increase max number of tc u32 links 2017-02-16 14:32:52 -05:00
cxgb4_tc_u32_parse.h cxgb4: add support for offloading u32 filters 2016-09-22 01:40:01 -04:00
cxgb4_uld.c cxgb4: fix BUG() on interrupt deallocating path of ULD 2017-07-11 13:40:22 -07:00
cxgb4_uld.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-07-05 12:31:59 -07:00
l2t.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
l2t.h cxgb4: move VLAN_NONE macro definition 2016-03-22 00:25:05 -07:00
sched.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
sched.h cxgb4: add support for tx max rate limiting 2016-08-22 18:29:13 -07:00
sge.c net/cxgb4: Use new PCI_DEV_FLAGS_NO_RELAXED_ORDERING flag 2017-08-14 22:14:51 -07:00
t4_chip_type.h cxgb4: T6 adapter lld support for iw_cxgb4 driver 2015-10-21 23:16:38 -04:00
t4_hw.c cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() 2017-08-28 15:24:23 -07:00
t4_hw.h cxgb4: add new routine to get adapter info 2016-04-26 13:23:56 -04:00
t4_msg.h cxgb4: time stamping interface for PTP 2017-07-05 09:21:54 +01:00
t4_pci_id_tbl.h cxgb4: add new T5 pci device id's 2017-07-13 09:25:09 -07:00
t4_regs.h cxgb4: time stamping interface for PTP 2017-07-05 09:21:54 +01:00
t4_values.h cxgb4: Update IngPad and IngPack values 2017-03-22 10:53:49 -07:00
t4fw_api.h cxgb4: time stamping interface for PTP 2017-07-05 09:21:54 +01:00
t4fw_version.h cxgb4: update latest firmware version supported 2017-06-01 12:10:04 -04:00