| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2022 19:01:45 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>,
Sasha Levin <sashal@...nel.org>
Subject: [PATCH 5.10 248/452] net: stmmac: fix out-of-bounds access in a selftest
From: Jakub Kicinski <kuba@...nel.org>
[ Upstream commit fe5c5fc145edcf98a759b895f52b646730eeb7be ]
GCC 12 points out that struct tc_action is smaller than
struct tcf_action:
drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c: In function ‘stmmac_test_rxp’:
drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c:1132:21: warning: array subscript ‘struct tcf_gact[0]’ is partly outside array bounds of ‘unsigned char[272]’ [-Warray-bounds]
1132 | gact->tcf_action = TC_ACT_SHOT;
| ^~
Fixes: ccfc639a94f2 ("net: stmmac: selftests: Add a selftest for Flexible RX Parser")
Link: https://lore.kernel.org/r/20220519004305.2109708-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@...nel.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
.../net/ethernet/stmicro/stmmac/stmmac_selftests.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
index e649a3e6a529..dd5c4ef92ef3 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
@@ -1084,8 +1084,9 @@ static int stmmac_test_rxp(struct stmmac_priv *priv)
unsigned char addr[ETH_ALEN] = {0xde, 0xad, 0xbe, 0xef, 0x00, 0x00};
struct tc_cls_u32_offload cls_u32 = { };
struct stmmac_packet_attrs attr = { };
- struct tc_action **actions, *act;
+ struct tc_action **actions;
struct tc_u32_sel *sel;
+ struct tcf_gact *gact;
struct tcf_exts *exts;
int ret, i, nk = 1;
@@ -1110,8 +1111,8 @@ static int stmmac_test_rxp(struct stmmac_priv *priv)
goto cleanup_exts;
}
- act = kcalloc(nk, sizeof(*act), GFP_KERNEL);
- if (!act) {
+ gact = kcalloc(nk, sizeof(*gact), GFP_KERNEL);
+ if (!gact) {
ret = -ENOMEM;
goto cleanup_actions;
}
@@ -1126,9 +1127,7 @@ static int stmmac_test_rxp(struct stmmac_priv *priv)
exts->nr_actions = nk;
exts->actions = actions;
for (i = 0; i < nk; i++) {
- struct tcf_gact *gact = to_gact(&act[i]);
-
- actions[i] = &act[i];
+ actions[i] = (struct tc_action *)&gact[i];
gact->tcf_action = TC_ACT_SHOT;
}
@@ -1152,7 +1151,7 @@ static int stmmac_test_rxp(struct stmmac_priv *priv)
stmmac_tc_setup_cls_u32(priv, priv, &cls_u32);
cleanup_act:
- kfree(act);
+ kfree(gact);
cleanup_actions:
kfree(actions);
cleanup_exts:
--
2.35.1
Powered by blists - more mailing lists