linux/drivers/net/ethernet
Stefano Brivio 0f3086868e cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox()
Passing commands for logging to t4_record_mbox() with size
MBOX_LEN, when the actual command size is actually smaller,
causes out-of-bounds stack accesses in t4_record_mbox() while
copying command words here:

	for (i = 0; i < size / 8; i++)
		entry->cmd[i] = be64_to_cpu(cmd[i]);

Up to 48 bytes from the stack are then leaked to debugfs.

This happens whenever we send (and log) commands described by
structs fw_sched_cmd (32 bytes leaked), fw_vi_rxmode_cmd (48),
fw_hello_cmd (48), fw_bye_cmd (48), fw_initialize_cmd (48),
fw_reset_cmd (48), fw_pfvf_cmd (32), fw_eq_eth_cmd (16),
fw_eq_ctrl_cmd (32), fw_eq_ofld_cmd (32), fw_acl_mac_cmd(16),
fw_rss_glb_config_cmd(32), fw_rss_vi_config_cmd(32),
fw_devlog_cmd(32), fw_vi_enable_cmd(48), fw_port_cmd(32),
fw_sched_cmd(32), fw_devlog_cmd(32).

The cxgb4vf driver got this right instead.

When we call t4_record_mbox() to log a command reply, a MBOX_LEN
size can be used though, as get_mbox_rpl() will fill cmd_rpl up
completely.

Fixes: 7f080c3f2f ("cxgb4: Add support to enable logging of firmware mailbox commands")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-08-28 15:24:23 -07:00
..
3com networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
8390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-05-26 20:46:35 -04:00
adaptec
adi
aeroflex networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
agere networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
alacritech
allwinner networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
alteon
altera
amazon net: ena: update ena driver to version 1.2.0 2017-06-23 14:15:11 -04:00
amd amd-xgbe: fix spelling mistake: "avialable" -> "available" 2017-06-29 15:35:50 -04:00
apm xgene: Always get clk source, but ignore if it's missing for SGMII ports 2017-08-04 11:30:37 -07:00
apple networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
aquantia Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-15 11:59:32 -04:00
arc
atheros net: atl1c: fix spelling mistake: "droppted" -> "dropped" 2017-06-29 12:24:26 -04:00
aurora net: ethernet: nb8800: Handle all 4 RGMII modes identically 2017-07-25 21:27:01 -07:00
broadcom net: systemport: Free DMA coherent descriptors on errors 2017-08-24 18:23:21 -07:00
brocade
cadence net: macb: Adding Support for Jumbo Frames up to 10240 Bytes in SAMA5D3 2017-07-08 10:39:46 +01:00
calxeda
cavium net: thunderx: Fix BGX transmit stall due to underflow 2017-07-29 14:17:07 -07:00
chelsio cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() 2017-08-28 15:24:23 -07:00
cirrus networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
cisco cisco: enic: Fic an error handling path in 'vnic_dev_init_devcmd2()' 2017-07-11 10:54:15 -07:00
davicom networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
dec networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
dlink
emulex Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-05-26 20:46:35 -04:00
ezchip
faraday net: ftgmac100: Fix oops in probe on failure to find associated PHY 2017-08-22 14:17:47 -07:00
freescale fsl/man: Inherit parent device and of_node 2017-08-22 16:32:08 -07:00
fujitsu
hisilicon net: hns: add acpi function of xge led control 2017-07-14 08:18:07 -07:00
hp networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
i825xx networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
ibm ibmvnic: Initialize SCRQ's during login renegotiation 2017-08-02 10:47:45 -07:00
intel ixgbe: Initialize 64-bit stats seqcounts 2017-08-01 20:06:07 -07:00
marvell net: mvpp2: fix the mac address used when using PPv2.2 2017-08-28 11:24:52 -07:00
mediatek net: ethernet: mediatek: Explicitly include linux/interrupt.h 2017-07-24 13:45:29 -07:00
mellanox mlxsw: spectrum_switchdev: Fix mrouter flag update 2017-08-22 14:22:54 -07:00
micrel networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
microchip
moxa
myricom
natsemi
neterion net: s2io: remove useless variable in fill_rx_buffers 2017-06-15 14:15:13 -04:00
netronome nfp: remove incorrect mask check for vlan matching 2017-08-28 15:20:24 -07:00
nuvoton net/{mii, smsc}: Make mii_ethtool_get_link_ksettings and smc_netdev_get_ecmd return void 2017-06-05 11:00:42 -04:00
nvidia
nxp net: manual clean code which call skb_put_[data:zero] 2017-06-20 13:30:15 -04:00
oki-semi net/{mii, smsc}: Make mii_ethtool_get_link_ksettings and smc_netdev_get_ecmd return void 2017-06-05 11:00:42 -04:00
packetengines net: manual clean code which call skb_put_[data:zero] 2017-06-20 13:30:15 -04:00
pasemi
qlogic qlge: avoid memcpy buffer overflow 2017-08-24 14:00:57 -07:00
qualcomm net: qcom/emac: fix double free of SGMII IRQ during shutdown 2017-07-14 08:55:32 -07:00
rdc
realtek r8169: Be drop monitor friendly 2017-08-25 19:13:27 -07:00
renesas net: phy: Make phy_ethtool_ksettings_get return void 2017-06-13 12:59:06 -04:00
rocker Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-30 12:43:08 -04:00
samsung net: sxgbe: check memory allocation failure 2017-08-25 20:07:07 -07:00
seeq
sfc sfc: don't try and read ef10 data on non-ef10 NIC 2017-08-15 17:19:34 -07:00
sgi ioc3-eth: store pointer to net_device for priviate area 2017-07-15 14:28:56 -07:00
silan networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
sis net/{mii, smsc}: Make mii_ethtool_get_link_ksettings and smc_netdev_get_ecmd return void 2017-06-05 11:00:42 -04:00
smsc smsc911x: Add check for ioremap_nocache() return code 2017-07-12 14:35:43 -07:00
stmicro net: stmmac: sun8i: Remove the compatibles 2017-08-28 15:22:42 -07:00
sun sunhme: fix up GREG_STAT and GREG_IMASK register offsets 2017-07-31 16:23:05 -07:00
synopsys
tehuti net: tehuti: don't process data if it has not been copied from userspace 2017-07-19 22:48:02 -07:00
ti net: ethernet: ti: cpts: fix fifo read in cpts_find_ts 2017-08-01 15:22:55 -07:00
tile
toshiba net: tc35815: fix spelling mistake: "Intterrupt" -> "Interrupt" 2017-07-29 15:22:08 -07:00
tundra net/{mii, smsc}: Make mii_ethtool_get_link_ksettings and smc_netdev_get_ecmd return void 2017-06-05 11:00:42 -04:00
via net/{mii, smsc}: Make mii_ethtool_get_link_ksettings and smc_netdev_get_ecmd return void 2017-06-05 11:00:42 -04:00
wiznet
xilinx
xircom
xscale
dnet.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
dnet.h
ec_bhf.c networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
ethoc.c net: ethoc: enable NAPI before poll may be scheduled 2017-06-06 16:22:51 -04:00
fealnx.c networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
jme.c net/{mii, smsc}: Make mii_ethtool_get_link_ksettings and smc_netdev_get_ecmd return void 2017-06-05 11:00:42 -04:00
jme.h
Kconfig
korina.c net/{mii, smsc}: Make mii_ethtool_get_link_ksettings and smc_netdev_get_ecmd return void 2017-06-05 11:00:42 -04:00
lantiq_etop.c
Makefile
netx-eth.c