| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFCwf12Ea-QVhPX1U=Hri7bbzdx5hkecgSCMgZCF--FODNgeRg@mail.gmail.com>
Date: Mon, 14 Sep 2020 08:15:53 +0300
From: Oded Gabbay <oded.gabbay@...il.com>
To: Andrew Lunn <andrew@...n.ch>
Cc: "Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>,
netdev@...r.kernel.org, SW_Drivers <SW_Drivers@...ana.ai>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Florian Fainelli <f.fainelli@...il.com>,
Omer Shpigelman <oshpigelman@...ana.ai>
Subject: Re: [PATCH v2 12/14] habanalabs/gaudi: Add ethtool support using coresight
On Mon, Sep 14, 2020 at 4:37 AM Andrew Lunn <andrew@...n.ch> wrote:
>
> > +static int gaudi_nic_get_module_eeprom(struct net_device *netdev,
> > + struct ethtool_eeprom *ee, u8 *data)
> > +{
> > + struct gaudi_nic_device **ptr = netdev_priv(netdev);
> > + struct gaudi_nic_device *gaudi_nic = *ptr;
> > + struct hl_device *hdev = gaudi_nic->hdev;
> > +
> > + if (!ee->len)
> > + return -EINVAL;
> > +
> > + memset(data, 0, ee->len);
> > + memcpy(data, hdev->asic_prop.cpucp_nic_info.qsfp_eeprom, ee->len);
> > +
>
> You memset and then memcpy the same number of bytes?
Thanks for catching this, we will fix it.
>
> You also need to validate ee->offset, and ee->len. Otherwise this is a
> vector for user space to read kernel memory after
> hdev->asic_prop.cpucp_nic_info.qsfp_eeprom. See drivers/net/phy/sfp.c:
> sfp_module_eeprom() as a good example of this validation.
>
> Andrew
Thanks for the pointer, we will take a look and fix it.
Oded
Powered by blists - more mailing lists