leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7ba2d9d8de
linux/drivers/net/ethernet
History
Aya Levin 7ba2d9d8de net/mlx5: Fix slab-out-of-bounds while reading resource dump menu 
Resource dump menu may span over more than a single page, support it.
Otherwise, menu read may result in a memory access violation: reading
outside of the allocated page.
Note that page format of the first menu page contains menu headers while
the proceeding menu pages contain only records.

The KASAN logs are as follows:
BUG: KASAN: slab-out-of-bounds in strcmp+0x9b/0xb0
Read of size 1 at addr ffff88812b2e1fd0 by task systemd-udevd/496

CPU: 5 PID: 496 Comm: systemd-udevd Tainted: G    B  5.16.0_for_upstream_debug_2022_01_10_23_12 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x57/0x7d
 print_address_description.constprop.0+0x1f/0x140
 ? strcmp+0x9b/0xb0
 ? strcmp+0x9b/0xb0
 kasan_report.cold+0x83/0xdf
 ? strcmp+0x9b/0xb0
 strcmp+0x9b/0xb0
 mlx5_rsc_dump_init+0x4ab/0x780 [mlx5_core]
 ? mlx5_rsc_dump_destroy+0x80/0x80 [mlx5_core]
 ? lockdep_hardirqs_on_prepare+0x286/0x400
 ? raw_spin_unlock_irqrestore+0x47/0x50
 ? aomic_notifier_chain_register+0x32/0x40
 mlx5_load+0x104/0x2e0 [mlx5_core]
 mlx5_init_one+0x41b/0x610 [mlx5_core]
 ....
The buggy address belongs to the object at ffff88812b2e0000
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 4048 bytes to the right of
 4096-byte region [ffff88812b2e0000, ffff88812b2e1000)
The buggy address belongs to the page:
page:000000009d69807a refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88812b2e6000 pfn:0x12b2e0
head:000000009d69807a order:3 compound_mapcount:0 compound_pincount:0
flags: 0x8000000000010200(slab|head|zone=2)
raw: 8000000000010200 0000000000000000 dead000000000001 ffff888100043040
raw: ffff88812b2e6000 0000000080040000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff88812b2e1e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88812b2e1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88812b2e1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff88812b2e2000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88812b2e2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

Fixes: 12206b1723 ("net/mlx5: Add support for resource dump")
Signed-off-by: Aya Levin <ayal@nvidia.com>
Reviewed-by: Moshe Shemesh <moshe@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
2022-05-04 00:00:02 -07:00
..
3com
8390 ethernet: 8390: Remove unnecessary print function dev_err() 2022-03-11 22:59:03 -08:00
actions
adaptec
aeroflex
agere
alacritech
allwinner
alteon
altera
amazon
amd
apm drivers: net: xgene: Fix regression in CRC stripping 2022-03-23 10:30:05 -07:00
apple
aquantia net: atlantic: invert deep par in pm functions, preventing null derefs 2022-04-18 13:34:36 +01:00
arc net: arc_emac: Fix use after free in arc_mdio_probe() 2022-03-10 14:49:21 -08:00
asix net: ethernet: Use netif_rx(). 2022-03-04 12:02:19 +00:00
atheros atl1c: remove redundant assignment to variable size 2022-03-18 14:16:47 -07:00
broadcom bnxt_en: Fix unnecessary dropping of RX packets 2022-05-03 17:41:32 -07:00
brocade
cadence net: macb: Restart tx only if queue pointer is lagging 2022-04-11 18:18:07 -07:00
calxeda
cavium pci_irq_vector() can't be used in atomic context any longer. This conflicts 2022-05-01 17:02:23 +01:00
chelsio net: cxgb3: Fix an error code when probing the driver 2022-03-07 22:18:52 -08:00
cirrus
cisco
cortina
davicom net: ethernet: Use netif_rx(). 2022-03-04 12:02:19 +00:00
dec
dlink
emulex
engleder
ezchip net: ethernet: ezchip: fix platform_get_irq.cocci warning 2022-03-11 11:07:23 +00:00
faraday net: ftgmac100: access hardware register after clock ready 2022-04-13 12:43:55 +01:00
freescale net: enetc: allow tc-etf offload even with NETIF_F_CSUM_MASK 2022-04-28 09:45:48 -07:00
fujitsu
fungible net/fungible: Fix reference to __udivdi3 on 32b builds 2022-04-01 21:32:30 -07:00
google gve: Fix spelling mistake "droping" -> "dropping" 2022-03-16 19:29:00 -07:00
hisilicon net: hns: Add missing fwnode_handle_put in hns_mac_init 2022-04-25 11:06:53 +01:00
huawei hinic: fix bug of wq out of bound access 2022-04-29 18:37:45 -07:00
i825xx Networking changes for 5.18. 2022-03-24 13:13:26 -07:00
ibm Revert "ibmvnic: Add ethtool private flag for driver-defined queue limits" 2022-04-28 09:46:18 -07:00
intel ixgbe: ensure IPsec VF<->PF compatibility 2022-04-28 09:40:02 -07:00
litex
marvell net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() 2022-04-05 18:12:55 -07:00
mediatek net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() 2022-04-29 17:57:12 -07:00
mellanox net/mlx5: Fix slab-out-of-bounds while reading resource dump menu 2022-05-04 00:00:02 -07:00
micrel net: micrel: Fix KS8851 Kconfig 2022-04-05 17:32:05 -07:00
microchip net: lan966x: fix a couple off by one bugs 2022-04-25 11:25:37 +01:00
microsoft
moxa
mscc net: mscc: ocelot: don't add VID 0 to ocelot->vlans when leaving VLAN-aware bridge 2022-04-25 11:47:55 +01:00
myricom myri10ge: fix an incorrect free for skb in myri10ge_sw_tso 2022-04-06 15:29:18 +01:00
natsemi
neterion
netronome devlink: hold the instance lock during eswitch_mode callbacks 2022-03-21 14:11:38 +00:00
ni
nvidia
nxp net: ethernet: lpc_eth: Handle error for clk_enable 2022-03-09 12:15:20 +00:00
oki-semi
packetengines drivers: net: packetengines: fix typos in comments 2022-03-14 10:04:28 -07:00
pasemi
pensando ionic: no transition while stopping 2022-02-28 11:42:45 +00:00
qlogic qede: confirm skb is allocated before using 2022-04-06 15:16:23 +01:00
qualcomm net: add per-cpu storage and net->core_stats 2022-03-11 23:17:24 -08:00
rdc
realtek r8169: improve driver unload and system shutdown behavior on DASH-enabled systems 2022-03-17 16:47:32 -07:00
renesas
rocker
samsung Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-03 11:55:12 -08:00
seeq
sfc net: sfc: fix using uninitialized xdp tx_queue 2022-04-06 13:50:17 +01:00
sgi
silan
sis
smsc smsc911x: allow using IRQ0 2022-05-03 16:57:33 -07:00
socionext net: netsec: enable pp skb recycling 2022-02-28 11:39:23 +00:00
stmicro net: stmmac: disable Split Header (SPH) for Intel platforms 2022-05-01 13:20:03 +01:00
sun ethernet: sun: Fix spelling mistake "mis-matched" -> "mismatched" 2022-03-17 16:36:05 -07:00
synopsys
tehuti
ti net: cpsw: add missing of_node_put() in cpsw_probe_dt() 2022-04-30 13:37:20 +01:00
toshiba
tundra
vertexcom net: ethernet: Use netif_rx(). 2022-03-04 12:02:19 +00:00
via
wiznet net: ethernet: Use netif_rx(). 2022-03-04 12:02:19 +00:00
xilinx net: emaclite: Add error handling for of_address_to_resource() 2022-05-03 11:07:32 +02:00
xircom
xscale
dnet.c
dnet.h
ec_bhf.c
ethoc.c
fealnx.c
jme.c net: ethernet: use time_is_before_eq_jiffies() instead of open coding it 2022-02-28 13:21:31 +00:00
jme.h
Kconfig net: restore alpha order to Ethernet devices in config 2022-04-15 11:56:16 +01:00
korina.c
lantiq_etop.c
lantiq_xrx200.c net: lantiq_xrx200: fix use after free bug 2022-03-07 11:29:35 +00:00
Makefile net/fungible: Kconfig, Makefiles, and MAINTAINERS 2022-02-27 10:51:23 +00:00