| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 07 Jul 2020 15:42:50 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: alobakin@...vell.com
Cc: kuba@...nel.org, irusskikh@...vell.com,
michal.kalderon@...vell.com, aelior@...vell.com,
denis.bolotin@...vell.com, GR-everest-linux-l2@...vell.com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 net] net: qed: fix buffer overflow on ethtool -d
From: Alexander Lobakin <alobakin@...vell.com>
Date: Mon, 6 Jul 2020 12:25:53 +0300
> When generating debug dump, driver firstly collects all data in binary
> form, and then performs per-feature formatting to human-readable if it
> is supported.
>
> For ethtool -d, this is roughly incorrect for two reasons. First of all,
> drivers should always provide only original raw dumps to Ethtool without
> any changes.
> The second, and more critical, is that Ethtool's output buffer size is
> strictly determined by ethtool_ops::get_regs_len(), and all data *must*
> fit in it. The current version of driver always returns the size of raw
> data, but the size of the formatted buffer exceeds it in most cases.
> This leads to out-of-bound writes and memory corruption.
>
> Address both issues by adding an option to return original, non-formatted
> debug data, and using it for Ethtool case.
>
> v2:
> - Expand commit message to make it more clear;
> - No functional changes.
>
> Fixes: c965db444629 ("qed: Add support for debug data collection")
> Signed-off-by: Alexander Lobakin <alobakin@...vell.com>
> Signed-off-by: Igor Russkikh <irusskikh@...vell.com>
Applied, thank you.
Powered by blists - more mailing lists