| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <48330670-63d0-dec6-f102-1936d5f05355@solarflare.com>
Date: Mon, 3 Aug 2020 21:46:57 +0100
From: Edward Cree <ecree@...arflare.com>
To: Jia-Ju Bai <baijiaju@...nghua.edu.cn>,
<linux-net-drivers@...arflare.com>, <mhabets@...arflare.com>,
<davem@...emloft.net>, <kuba@...nel.org>
CC: <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] net: sfc: fix possible buffer overflow caused by bad DMA
value in efx_siena_sriov_vfdi()
On 02/08/2020 16:39, Jia-Ju Bai wrote:
> To fix this problem, "req->op" is assigned to a local variable, and then
> the driver accesses this variable instead of "req->op".
>
> Signed-off-by: Jia-Ju Bai <baijiaju@...nghua.edu.cn>
Not sure how necessary this is (or even if anyone's still usingSiena
SR-IOV, since it needed a specially-patched libvirt to work), but I
don't see any reason to refuse.
> diff --git a/drivers/net/ethernet/sfc/siena_sriov.c b/drivers/net/ethernet/sfc/siena_sriov.c
> index 83dcfcae3d4b..21a8482cbb3b 100644
> --- a/drivers/net/ethernet/sfc/siena_sriov.c
> +++ b/drivers/net/ethernet/sfc/siena_sriov.c
> @@ -875,6 +875,7 @@ static void efx_siena_sriov_vfdi(struct work_struct *work)
> struct vfdi_req *req = vf->buf.addr;
> struct efx_memcpy_req copy[2];
> int rc;
> + u32 op = req->op;
Could you maybe fix up the xmas here, rather than making it worse?
Also, you didn't specify in your Subject line which tree this is for.
-ed
Powered by blists - more mailing lists