| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Mar 2023 16:33:46 +0100
From: Alexander Lobakin <aleksander.lobakin@...el.com>
To: Kal Conley <kal.conley@...tris.com>
CC: Björn Töpel <bjorn@...nel.org>,
Magnus Karlsson <magnus.karlsson@...el.com>,
Maciej Fijalkowski <maciej.fijalkowski@...el.com>,
Jonathan Lemon <jonathan.lemon@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
"Alexei Starovoitov" <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
"Jesper Dangaard Brouer" <hawk@...nel.org>,
John Fastabend <john.fastabend@...il.com>,
<netdev@...r.kernel.org>, <bpf@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] xsk: Add missing overflow check in xdp_umem_reg
From: Kal Conley <kal.conley@...tris.com>
Date: Wed, 8 Mar 2023 11:51:30 +0100
> [PATCH] xsk: Add missing overflow check in xdp_umem_reg
You need to mark it properly. It must've been
[PATCH bpf v2] xsk: Add missing overflow check in xdp_umem_reg
instead.
> The number of chunks can overflow u32. Make sure to return -EINVAL on
> overflow.
I'd mention here that cast removal, so that reviewers wouldn't ask why
you did this.
>
> Fixes: bbff2f321a86 ("xsk: new descriptor addressing scheme")
> Signed-off-by: Kal Conley <kal.conley@...tris.com>
> ---
> net/xdp/xdp_umem.c | 13 +++++++------
> 1 file changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/net/xdp/xdp_umem.c b/net/xdp/xdp_umem.c
> index 4681e8e8ad94..02207e852d79 100644
> --- a/net/xdp/xdp_umem.c
> +++ b/net/xdp/xdp_umem.c
> @@ -150,10 +150,11 @@ static int xdp_umem_account_pages(struct xdp_umem *umem)
>
> static int xdp_umem_reg(struct xdp_umem *umem, struct xdp_umem_reg *mr)
> {
> - u32 npgs_rem, chunk_size = mr->chunk_size, headroom = mr->headroom;
> bool unaligned_chunks = mr->flags & XDP_UMEM_UNALIGNED_CHUNK_FLAG;
> - u64 npgs, addr = mr->addr, size = mr->len;
> - unsigned int chunks, chunks_rem;
> + u32 chunk_size = mr->chunk_size, headroom = mr->headroom;
> + u64 addr = mr->addr, size = mr->len;
> + u32 chunks_rem, npgs_rem;
> + u64 chunks, npgs;
> int err;
>
> if (chunk_size < XDP_UMEM_MIN_CHUNK_SIZE || chunk_size > PAGE_SIZE) {
> @@ -188,8 +189,8 @@ static int xdp_umem_reg(struct xdp_umem *umem, struct xdp_umem_reg *mr)
> if (npgs > U32_MAX)
> return -EINVAL;
>
> - chunks = (unsigned int)div_u64_rem(size, chunk_size, &chunks_rem);
> - if (chunks == 0)
> + chunks = div_u64_rem(size, chunk_size, &chunks_rem);
> + if (!chunks || chunks > U32_MAX)
> return -EINVAL;
>
> if (!unaligned_chunks && chunks_rem)
> @@ -202,7 +203,7 @@ static int xdp_umem_reg(struct xdp_umem *umem, struct xdp_umem_reg *mr)
> umem->headroom = headroom;
> umem->chunk_size = chunk_size;
> umem->chunks = chunks;
> - umem->npgs = (u32)npgs;
> + umem->npgs = npgs;
> umem->pgs = NULL;
> umem->user = NULL;
> umem->flags = mr->flags;
The code is fine to me.
Please resubmit with the fixed subject and expanded commit message.
I'd also prefer that you sent v3 as a separate mail, *not* as a reply to
this thread.
Thanks,
Olek
Powered by blists - more mailing lists