lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9c1fecc1-7d17-c039-6bfa-c63be6fcf013@sangfor.com.cn>
Date:   Fri, 9 Jun 2023 23:25:34 +0800
From:   Ding Hui <dinghui@...gfor.com.cn>
To:     Alexander Duyck <alexander.duyck@...il.com>
Cc:     Jakub Kicinski <kuba@...nel.org>, Andrew Lunn <andrew@...n.ch>,
        davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        pengdonglin@...gfor.com.cn, huangcun@...gfor.com.cn
Subject: Re: [PATCH net-next] net: ethtool: Fix out-of-bounds copy to user

On 2023/6/8 22:17, Alexander Duyck wrote:
> 
> Well as I said before. The issue points to a driver problem more than
> anything else.
> 
> Normally the solution is to make it so that the counts don't
> fluctuate. That mostly consists of providing strings equal to the
> maximum count, and then 0 populating the data for any fields that
> don't exist in the case of ethtool -S.
> 
> So for example in the case of igb which you had pointed out you could
> take a look at ixgbe for inspiration on how to fix it since the two
> drivers should be similar and one has the issue and one does not.
> 

Thanks.

FYI, I just did some rough research about which drivers return constant count
and which not.

Variable (61/188):

drivers/net/dsa/bcm_sf2.c:    .get_sset_count         = bcm_sf2_sw_get_sset_count,
drivers/net/ethernet/amazon/ena/ena_ethtool.c:        .get_sset_count         = ena_get_sset_count,
drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c: .get_sset_count = xgbe_get_sset_count,
drivers/net/ethernet/aquantia/atlantic/aq_ethtool.c:  .get_sset_count      = aq_ethtool_get_sset_count,
drivers/net/ethernet/broadcom/bcmsysport.c:   .get_sset_count         = bcm_sysport_get_sset_count,
drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c:  .get_sset_count         = bnx2x_get_sset_count,
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c:    .get_sset_count         = bnxt_get_sset_count,
drivers/net/ethernet/brocade/bna/bnad_ethtool.c:      .get_sset_count = bnad_get_sset_count,
drivers/net/ethernet/cadence/macb_main.c:     .get_sset_count         = gem_get_sset_count,
drivers/net/ethernet/cavium/liquidio/lio_ethtool.c:   .get_sset_count         = lio_get_sset_count,
drivers/net/ethernet/cavium/liquidio/lio_ethtool.c:   .get_sset_count         = lio_vf_get_sset_count,
drivers/net/ethernet/cavium/thunder/nicvf_ethtool.c:  .get_sset_count         = nicvf_get_sset_count,
drivers/net/ethernet/emulex/benet/be_ethtool.c:       .get_sset_count = be_get_sset_count,
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c:   .get_sset_count = dpaa_get_sset_count,
drivers/net/ethernet/freescale/enetc/enetc_ethtool.c: .get_sset_count = enetc_get_sset_count,
drivers/net/ethernet/fungible/funeth/funeth_ethtool.c:        .get_sset_count      = fun_get_sset_count,
drivers/net/ethernet/google/gve/gve_ethtool.c:        .get_sset_count = gve_get_sset_count,
drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c:   .get_sset_count = hns3_get_sset_count,
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c:      .get_sset_count = hclge_get_sset_count,
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c:    .get_sset_count = hclgevf_get_sset_count,
drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c:    .get_sset_count = hns_ae_get_sset_count,
drivers/net/ethernet/hisilicon/hns/hns_ethtool.c:     .get_sset_count = hns_get_sset_count,
drivers/net/ethernet/huawei/hinic/hinic_ethtool.c:    .get_sset_count = hinic_get_sset_count,
drivers/net/ethernet/ibm/ibmvnic.c:   .get_sset_count         = ibmvnic_get_sset_count,
drivers/net/ethernet/intel/i40e/i40e_ethtool.c:       .get_sset_count         = i40e_get_sset_count,
drivers/net/ethernet/intel/iavf/iavf_ethtool.c:       .get_sset_count         = iavf_get_sset_count,
drivers/net/ethernet/intel/ice/ice_ethtool.c: .get_sset_count         = ice_get_sset_count,
drivers/net/ethernet/intel/igb/igb_ethtool.c: .get_sset_count         = igb_get_sset_count,
drivers/net/ethernet/intel/igc/igc_ethtool.c: .get_sset_count         = igc_ethtool_get_sset_count,
drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c:     .get_sset_count         = ixgbe_get_sset_count,
drivers/net/ethernet/intel/ixgbevf/ethtool.c: .get_sset_count         = ixgbevf_get_sset_count,
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c:      .get_sset_count         = mvpp2_ethtool_get_sset_count,
drivers/net/ethernet/marvell/octeon_ep/octep_ethtool.c:       .get_sset_count = octep_get_sset_count,
drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c:    .get_sset_count         = otx2_get_sset_count,
drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c:    .get_sset_count         = otx2vf_get_sset_count,
drivers/net/ethernet/mellanox/mlx4/en_ethtool.c:      .get_sset_count = mlx4_en_get_sset_count,
drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c: .get_sset_count    = mlx5e_get_sset_count,
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c:     .get_sset_count    = mlx5e_rep_get_sset_count,
drivers/net/ethernet/mellanox/mlx5/core/ipoib/ethtool.c:      .get_sset_count     = mlx5i_get_sset_count,
drivers/net/ethernet/microsoft/mana/mana_ethtool.c:   .get_sset_count         = mana_get_sset_count,
drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c: .get_sset_count         = nfp_net_get_sset_count,
drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c: .get_sset_count         = nfp_port_get_sset_count,
drivers/net/ethernet/pensando/ionic/ionic_ethtool.c:  .get_sset_count         = ionic_get_sset_count,
drivers/net/ethernet/qlogic/qede/qede_ethtool.c:      .get_sset_count                 = qede_get_sset_count,
drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c:  .get_sset_count = qlcnic_get_sset_count,
drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c:  .get_sset_count         = qlcnic_get_sset_count,
drivers/net/ethernet/sfc/ef100_ethtool.c:     .get_sset_count         = efx_ethtool_get_sset_count,
drivers/net/ethernet/sfc/ethtool.c:   .get_sset_count         = efx_ethtool_get_sset_count,
drivers/net/ethernet/sfc/falcon/ethtool.c:    .get_sset_count         = ef4_ethtool_get_sset_count,
drivers/net/ethernet/sfc/siena/ethtool.c:     .get_sset_count         = efx_siena_ethtool_get_sset_count,
drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c: .get_sset_count = stmmac_get_sset_count,
drivers/net/ethernet/sun/niu.c:       .get_sset_count         = niu_get_sset_count,
drivers/net/ethernet/sun/sunvnet.c:   .get_sset_count         = vnet_get_sset_count,
drivers/net/ethernet/ti/cpsw.c:       .get_sset_count         = cpsw_get_sset_count,
drivers/net/ethernet/ti/cpsw_new.c:   .get_sset_count         = cpsw_get_sset_count,
drivers/net/hyperv/netvsc_drv.c:      .get_sset_count = netvsc_get_sset_count,
drivers/net/ifb.c:    .get_sset_count         = ifb_get_sset_count,
drivers/net/veth.c:   .get_sset_count         = veth_get_sset_count,
drivers/net/virtio_net.c:     .get_sset_count = virtnet_get_sset_count,
drivers/net/vmxnet3/vmxnet3_ethtool.c:        .get_sset_count    = vmxnet3_get_sset_count,
drivers/s390/net/qeth_ethtool.c:      .get_sset_count = qeth_get_sset_count,


Constant (127/188):

arch/um/drivers/vector_kern.c:        .get_sset_count = vector_get_sset_count,
drivers/infiniband/ulp/ipoib/ipoib_ethtool.c: .get_sset_count         = ipoib_get_sset_count,
drivers/infiniband/ulp/opa_vnic/opa_vnic_ethtool.c:   .get_sset_count = vnic_get_sset_count,
drivers/net/can/flexcan/flexcan-ethtool.c:    .get_sset_count = flexcan_get_sset_count,
drivers/net/can/slcan/slcan-ethtool.c:        .get_sset_count = slcan_get_sset_count,
drivers/net/dsa/b53/b53_common.c:     .get_sset_count         = b53_get_sset_count,
drivers/net/dsa/dsa_loop.c:   .get_sset_count         = dsa_loop_get_sset_count,
drivers/net/dsa/hirschmann/hellcreek.c:       .get_sset_count        = hellcreek_get_sset_count,
drivers/net/dsa/lan9303-core.c:       .get_sset_count         = lan9303_get_sset_count,
drivers/net/dsa/lantiq_gswip.c:       .get_sset_count         = gswip_get_sset_count,
drivers/net/dsa/microchip/ksz_common.c:       .get_sset_count         = ksz_sset_count,
drivers/net/dsa/mt7530.c:     .get_sset_count         = mt7530_get_sset_count,
drivers/net/dsa/mv88e6xxx/chip.c:     .get_sset_count         = mv88e6xxx_get_sset_count,
drivers/net/dsa/ocelot/felix.c:       .get_sset_count                 = felix_get_sset_count,
drivers/net/dsa/qca/qca8k-8xxx.c:     .get_sset_count         = qca8k_get_sset_count,
drivers/net/dsa/realtek/rtl8365mb.c:  .get_sset_count = rtl8365mb_get_sset_count,
drivers/net/dsa/realtek/rtl8366rb.c:  .get_sset_count = rtl8366_get_sset_count,
drivers/net/dsa/rzn1_a5psw.c: .get_sset_count = a5psw_get_sset_count,
drivers/net/dsa/sja1105/sja1105_main.c:       .get_sset_count         = sja1105_get_sset_count,
drivers/net/dsa/vitesse-vsc73xx-core.c:       .get_sset_count = vsc73xx_get_sset_count,
drivers/net/dsa/xrs700x/xrs700x.c:    .get_sset_count         = xrs700x_get_sset_count,
drivers/net/ethernet/3com/3c59x.c:    .get_sset_count         = vortex_get_sset_count,
drivers/net/ethernet/alacritech/slicoss.c:    .get_sset_count         = slic_get_sset_count,
drivers/net/ethernet/altera/altera_tse_ethtool.c:     .get_sset_count = tse_sset_count,
drivers/net/ethernet/amd/pcnet32.c:   .get_sset_count         = pcnet32_get_sset_count,
drivers/net/ethernet/apm/xgene-v2/ethtool.c:  .get_sset_count = xge_get_sset_count,
drivers/net/ethernet/apm/xgene/xgene_enet_ethtool.c:  .get_sset_count = xgene_get_sset_count,
drivers/net/ethernet/asix/ax88796c_ioctl.c:   .get_sset_count         = ax88796c_get_sset_count,
drivers/net/ethernet/atheros/ag71xx.c:        .get_sset_count                 = ag71xx_ethtool_get_sset_count,
drivers/net/ethernet/atheros/alx/ethtool.c:   .get_sset_count = alx_get_sset_count,
drivers/net/ethernet/atheros/atlx/atl1.c:     .get_sset_count         = atl1_get_sset_count,
drivers/net/ethernet/broadcom/b44.c:  .get_sset_count         = b44_get_sset_count,
drivers/net/ethernet/broadcom/bcm63xx_enet.c: .get_sset_count         = bcm_enet_get_sset_count,
drivers/net/ethernet/broadcom/bcm63xx_enet.c: .get_sset_count         = bcm_enetsw_get_sset_count,
drivers/net/ethernet/broadcom/bgmac.c:        .get_sset_count         = bgmac_get_sset_count,
drivers/net/ethernet/broadcom/bnx2.c: .get_sset_count         = bnx2_get_sset_count,
drivers/net/ethernet/broadcom/genet/bcmgenet.c:       .get_sset_count         = bcmgenet_get_sset_count,
drivers/net/ethernet/broadcom/tg3.c:  .get_sset_count         = tg3_get_sset_count,
drivers/net/ethernet/calxeda/xgmac.c: .get_sset_count = xgmac_get_sset_count,
drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c:      .get_sset_count = get_sset_count,
drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c:   .get_sset_count    = get_sset_count,
drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c:  .get_sset_count         = cxgb4vf_get_sset_count,
drivers/net/ethernet/chelsio/cxgb/cxgb2.c:    .get_sset_count    = get_sset_count,
drivers/net/ethernet/cisco/enic/enic_ethtool.c:       .get_sset_count = enic_get_sset_count,
drivers/net/ethernet/cortina/gemini.c:        .get_sset_count = gmac_get_sset_count,
drivers/net/ethernet/dlink/sundance.c:        .get_sset_count = get_sset_count,
drivers/net/ethernet/engleder/tsnep_ethtool.c:        .get_sset_count = tsnep_ethtool_get_sset_count,
drivers/net/ethernet/freescale/dpaa2/dpaa2-ethtool.c: .get_sset_count = dpaa2_eth_get_sset_count,
drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-ethtool.c:  .get_sset_count         = dpaa2_switch_ethtool_get_sset_count,
drivers/net/ethernet/freescale/fec_main.c:    .get_sset_count         = fec_enet_get_sset_count,
drivers/net/ethernet/freescale/gianfar_ethtool.c:     .get_sset_count = gfar_sset_count,
drivers/net/ethernet/freescale/ucc_geth_ethtool.c:    .get_sset_count         = uec_get_sset_count,
drivers/net/ethernet/ibm/ehea/ehea_ethtool.c: .get_sset_count = ehea_get_sset_count,
drivers/net/ethernet/ibm/emac/core.c: .get_sset_count = emac_ethtool_get_sset_count,
drivers/net/ethernet/ibm/ibmveth.c:   .get_sset_count                  = ibmveth_get_sset_count,
drivers/net/ethernet/intel/e1000/e1000_ethtool.c:     .get_sset_count         = e1000_get_sset_count,
drivers/net/ethernet/intel/e1000e/ethtool.c:  .get_sset_count         = e1000e_get_sset_count,
drivers/net/ethernet/intel/e100.c:    .get_sset_count         = e100_get_sset_count,
drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c:     .get_sset_count         = fm10k_get_sset_count,
drivers/net/ethernet/intel/ice/ice_ethtool.c: .get_sset_count         = ice_repr_get_sset_count,
drivers/net/ethernet/intel/igbvf/ethtool.c:   .get_sset_count         = igbvf_get_sset_count,
drivers/net/ethernet/marvell/mv643xx_eth.c:   .get_sset_count         = mv643xx_eth_get_sset_count,
drivers/net/ethernet/marvell/mvneta.c:        .get_sset_count = mvneta_ethtool_get_sset_count,
drivers/net/ethernet/marvell/prestera/prestera_ethtool.c:     .get_sset_count = prestera_ethtool_get_sset_count,
drivers/net/ethernet/marvell/skge.c:  .get_sset_count = skge_get_sset_count,
drivers/net/ethernet/marvell/sky2.c:  .get_sset_count = sky2_get_sset_count,
drivers/net/ethernet/mediatek/mtk_eth_soc.c:  .get_sset_count         = mtk_get_sset_count,
drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_ethtool.c:        .get_sset_count         = mlxbf_gige_get_sset_count,
drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c:       .get_sset_count                 = mlxsw_sp_port_get_sset_count,
drivers/net/ethernet/micrel/ksz884x.c:        .get_sset_count         = netdev_get_sset_count,
drivers/net/ethernet/microchip/lan743x_ethtool.c:     .get_sset_count = lan743x_ethtool_get_sset_count,
drivers/net/ethernet/microchip/lan966x/lan966x_ethtool.c:     .get_sset_count         = lan966x_get_sset_count,
drivers/net/ethernet/microchip/sparx5/sparx5_ethtool.c:       .get_sset_count         = sparx5_get_sset_count,
drivers/net/ethernet/mscc/ocelot_net.c:       .get_sset_count         = ocelot_port_get_sset_count,
drivers/net/ethernet/myricom/myri10ge/myri10ge.c:     .get_sset_count = myri10ge_get_sset_count,
drivers/net/ethernet/neterion/s2io.c: .get_sset_count = s2io_get_sset_count,
drivers/net/ethernet/nvidia/forcedeth.c:      .get_sset_count = nv_get_sset_count,
drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c:      .get_sset_count = pch_gbe_get_sset_count,
drivers/net/ethernet/pasemi/pasemi_mac_ethtool.c:     .get_sset_count         = pasemi_mac_get_sset_count,
drivers/net/ethernet/qlogic/netxen/netxen_nic_ethtool.c:      .get_sset_count = netxen_get_sset_count,
drivers/net/ethernet/qualcomm/emac/emac-ethtool.c:    .get_sset_count  = emac_get_sset_count,
drivers/net/ethernet/qualcomm/qca_debug.c:    .get_sset_count = qcaspi_get_sset_count,
drivers/net/ethernet/qualcomm/rmnet/rmnet_vnd.c:      .get_sset_count = rmnet_get_sset_count,
drivers/net/ethernet/realtek/8139cp.c:        .get_sset_count         = cp_get_sset_count,
drivers/net/ethernet/realtek/8139too.c:       .get_sset_count         = rtl8139_get_sset_count,
drivers/net/ethernet/realtek/r8169_main.c:    .get_sset_count         = rtl8169_get_sset_count,
drivers/net/ethernet/renesas/ravb_main.c:     .get_sset_count         = ravb_get_sset_count,
drivers/net/ethernet/renesas/sh_eth.c:        .get_sset_count     = sh_eth_get_sset_count,
drivers/net/ethernet/rocker/rocker_main.c:    .get_sset_count         = rocker_port_get_sset_count,
drivers/net/ethernet/samsung/sxgbe/sxgbe_ethtool.c:   .get_sset_count = sxgbe_get_sset_count,
drivers/net/ethernet/silan/sc92031.c: .get_sset_count         = sc92031_ethtool_get_sset_count,
drivers/net/ethernet/sun/cassini.c:   .get_sset_count         = cas_get_sset_count,
drivers/net/ethernet/synopsys/dwc-xlgmac-ethtool.c:   .get_sset_count = xlgmac_ethtool_get_sset_count,
drivers/net/ethernet/tehuti/tehuti.c:         .get_sset_count = bdx_get_sset_count,
drivers/net/ethernet/ti/am65-cpsw-ethtool.c:  .get_sset_count         = am65_cpsw_get_sset_count,
drivers/net/ethernet/ti/netcp_ethss.c:        .get_sset_count         = keystone_get_sset_count,
drivers/net/ethernet/toshiba/spider_net_ethtool.c:    .get_sset_count         = spider_net_get_sset_count,
drivers/net/ethernet/toshiba/tc35815.c:       .get_sset_count         = tc35815_get_sset_count,
drivers/net/ethernet/vertexcom/mse102x.c:     .get_sset_count         = mse102x_get_sset_count,
drivers/net/ethernet/via/via-velocity.c:      .get_sset_count         = velocity_get_sset_count,
drivers/net/fjes/fjes_ethtool.c:              .get_sset_count   = fjes_get_sset_count,
drivers/net/phy/adin.c:               .get_sset_count = adin_get_sset_count,
drivers/net/phy/aquantia_main.c:      .get_sset_count = aqr107_get_sset_count,
drivers/net/phy/at803x.c:     .get_sset_count         = at803x_get_sset_count,
drivers/net/phy/bcm7xxx.c:    .get_sset_count = bcm_phy_get_sset_count,                       \
drivers/net/phy/bcm-cygnus.c: .get_sset_count = bcm_phy_get_sset_count,
drivers/net/phy/broadcom.c:   .get_sset_count = bcm_phy_get_sset_count,
drivers/net/phy/icplus.c:     .get_sset_count = ip101g_get_sset_count,
drivers/net/phy/marvell.c:            .get_sset_count = marvell_get_sset_count,
drivers/net/phy/micrel.c:     .get_sset_count = kszphy_get_sset_count,
drivers/net/phy/mscc/mscc_main.c:     .get_sset_count = &vsc85xx_get_sset_count,
drivers/net/phy/nxp-c45-tja11xx.c:            .get_sset_count         = nxp_c45_get_sset_count,
drivers/net/phy/nxp-cbtx.c:           .get_sset_count         = cbtx_get_sset_count,
drivers/net/phy/nxp-tja11xx.c:                .get_sset_count = tja11xx_get_sset_count,
drivers/net/phy/smsc.c:       .get_sset_count = smsc_get_sset_count,
drivers/net/usb/asix_devices.c:       .get_sset_count         = ax88772_ethtool_get_sset_count,
drivers/net/usb/cdc_ncm.c:    .get_sset_count         = cdc_ncm_get_sset_count,
drivers/net/usb/lan78xx.c:    .get_sset_count = lan78xx_get_sset_count,
drivers/net/usb/r8152.c:      .get_sset_count = rtl8152_get_sset_count,
drivers/net/usb/smsc95xx.c:   .get_sset_count = smsc95xx_ethtool_get_sset_count,
drivers/net/wireless/ath/ath6kl/cfg80211.c:   .get_sset_count = ath6kl_get_sset_count,
drivers/net/wireless/marvell/libertas/ethtool.c:      .get_sset_count = lbs_mesh_ethtool_get_sset_count,
drivers/net/xen-netback/interface.c:  .get_sset_count = xenvif_get_sset_count,
drivers/net/xen-netfront.c:   .get_sset_count = xennet_get_sset_count,
drivers/staging/qlge/qlge_ethtool.c:  .get_sset_count = qlge_get_sset_count,
net/batman-adv/soft-interface.c:      .get_sset_count = batadv_get_sset_count,
net/mac80211/ethtool.c:       .get_sset_count = ieee80211_get_sset_count,


-- 
Thanks,
-dinghui

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ