lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 May 2017 16:30:34 +0100
From:   Ben Hutchings <ben.hutchings@...ethink.co.uk>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Raghu Vatsavayi <rvatsavayi@...iumnetworks.com>,
        Florian Fainelli <f.fainelli@...il.com>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>,
        Julia Lawall <julia.lawall@...6.fr>
Subject: Re: [PATCH 4.4 10/43] net: cavium: liquidio: Avoid dma_unmap_single
 on uninitialized ndata

On Mon, 2017-05-01 at 14:27 -0700, Greg Kroah-Hartman wrote:
> 4.4-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Florian Fainelli <f.fainelli@...il.com>
> 
> commit 8e6ce7ebeb34f0992f56de078c3744fb383657fa upstream.
> 
> The label lio_xmit_failed is used 3 times through liquidio_xmit() but it
> always makes a call to dma_unmap_single() using potentially
> uninitialized variables from "ndata" variable. Out of the 3 gotos, 2 run
> after ndata has been initialized, and had a prior dma_map_single() call.
> 
> Fix this by adding a new error label: lio_xmit_dma_failed which does
> this dma_unmap_single() and then processed with the lio_xmit_failed
> fallthrough.
> 
> Fixes: f21fb3ed364bb ("Add support of Cavium Liquidio ethernet adapters")
> Reported-by: coverity (CID 1309740)
> Signed-off-by: Florian Fainelli <f.fainelli@...il.com>
> Signed-off-by: David S. Miller <davem@...emloft.net>
> Cc: Julia Lawall <julia.lawall@...6.fr>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

This is not a complete fix:

> ---
>  drivers/net/ethernet/cavium/liquidio/lio_main.c |    9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> --- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
> +++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
> @@ -2823,7 +2823,7 @@ static int liquidio_xmit(struct sk_buff
>  		if (!g) {
>  			netif_info(lio, tx_err, lio->netdev,
>  				   "Transmit scatter gather: glist null!\n");
> -			goto lio_xmit_failed;
> +			goto lio_xmit_dma_failed;
>  		}
>  
>  		cmdsetup.s.gather = 1;
[...]

This goto should not have been changed, as no DMA mapping has been
attempted at this point in the function.

This seems to have been fixed upstream by commit 6a885b60dad2 "liquidio:
Introduce new octeon2/3 header".  I leave it to you to work out how it
should be fixed in 4.4-stable.

Ben.

-- 
Ben Hutchings
Software Developer, Codethink Ltd.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ