lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 16 Jan 2018 15:41:59 +0200
From:   Gal Pressman <galp@...lanox.com>
To:     netdev@...r.kernel.org,
        Stephen Hemminger <stephen@...workplumber.org>,
        David Ahern <dsa@...ulusnetworks.com>
Cc:     Leon Romanovsky <leonro@...lanox.com>,
        Eran Ben Elisha <eranbe@...lanox.com>,
        Sucheta Chakraborty <sucheta.chakraborty@...gic.com>,
        Gal Pressman <galp@...lanox.com>
Subject: [PATCH iproute2 2/3] ipaddress: Make sure VF min/max rate API is supported before using it

When using the new minimum rate API and providing only one parameter
(minimum rate/maximum rate), we query the VF min and max rate regardless
of kernel support.
This resulted in segmentation fault in ipaddr_loop_each_vf, which tries
to access NULL pointer.

This patch identifies such cases by testing the VF table for NULL
pointer in IFLA_VF_RATE, and aborts the operation.
Aborting on the first VF is valid since if the kernel does not support
the new API for the first VF, it will not support it for the other VFs
as well.

Fixes: f89a2a05ffa9 ("Add support to configure SR-IOV VF minimum and maximum Tx rate through ip tool")
Cc: Sucheta Chakraborty <sucheta.chakraborty@...gic.com>
Signed-off-by: Gal Pressman <galp@...lanox.com>
Reviewed-by: Eran Ben Elisha <eranbe@...lanox.com>
Reviewed-by: Leon Romanovsky <leonro@...lanox.com>
---
 ip/ipaddress.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ip/ipaddress.c b/ip/ipaddress.c
index f150d91..953d673 100644
--- a/ip/ipaddress.c
+++ b/ip/ipaddress.c
@@ -2251,6 +2251,12 @@ ipaddr_loop_each_vf(struct rtattr *tb[], int vfnum, int *min, int *max)
 
 	for (i = RTA_DATA(vflist); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
 		parse_rtattr_nested(vf, IFLA_VF_MAX, i);
+
+		if (!vf[IFLA_VF_RATE]) {
+			fprintf(stderr, "VF min/max rate API not supported\n");
+			exit(1);
+		}
+
 		vf_rate = RTA_DATA(vf[IFLA_VF_RATE]);
 		if (vf_rate->vf == vfnum) {
 			*min = vf_rate->min_tx_rate;
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ