lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 14 Jul 2022 19:02:49 -0700
From:   Florian Fainelli <f.fainelli@...il.com>
To:     "Chang, Junxiao" <junxiao.chang@...el.com>,
        "peppe.cavallaro@...com" <peppe.cavallaro@...com>,
        "alexandre.torgue@...s.st.com" <alexandre.torgue@...s.st.com>,
        "joabreu@...opsys.com" <joabreu@...opsys.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Cedric Wassenaar <cedric@...espeed.nl>
Subject: Re: [PATCH 1/2] net: stmmac: fix dma queue left shift overflow issue

(please do not top post)

On 7/14/2022 6:59 PM, Chang, Junxiao wrote:
> There are two problems in Cedric's buglink(https://bugzilla.kernel.org/show_bug.cgi?id=216195):
> 1. There is UBSAN shift out ouf bounds warning.
> 2. Ethernet PHY GPY115B error and no IP addr.
> 
> I suppose my patch could fix 1st issue, not sure it could fix issue 2 or not.

Agreed, I think those are two unrelated problems your patch does 
definitively fix the undefined behavior. Thanks!

> I will update patch and append
> BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195
> Reported-by: Cedric Wassenaar <cedric@...espeed.nl>
> 
> Thanks,
> Junxiao
> 
> -----Original Message-----
> From: Florian Fainelli <f.fainelli@...il.com>
> Sent: Friday, July 15, 2022 9:44 AM
> To: Chang, Junxiao <junxiao.chang@...el.com>; peppe.cavallaro@...com; alexandre.torgue@...s.st.com; joabreu@...opsys.com; netdev@...r.kernel.org; Cedric Wassenaar <cedric@...espeed.nl>
> Subject: Re: [PATCH 1/2] net: stmmac: fix dma queue left shift overflow issue
> 
> 
> 
> On 7/13/2022 1:47 AM, Junxiao Chang wrote:
>> When queue number is > 4, left shift overflows due to 32 bits integer
>> variable. Mask calculation is wrong for MTL_RXQ_DMA_MAP1.
>>
>> If CONFIG_UBSAN is enabled, kernel dumps below warning:
>> [   10.363842] ==================================================================
>> [   10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/
>> linux-intel-iotg-5.15-5.15.0/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c:224:12
>> [   10.363929] shift exponent 40 is too large for 32-bit type 'unsigned int'
>> [   10.363953] CPU: 1 PID: 599 Comm: NetworkManager Not tainted 5.15.0-1003-intel-iotg
>> [   10.363956] Hardware name: ADLINK Technology Inc. LEC-EL/LEC-EL, BIOS 0.15.11 12/22/2021
>> [   10.363958] Call Trace:
>> [   10.363960]  <TASK>
>> [   10.363963]  dump_stack_lvl+0x4a/0x5f
>> [   10.363971]  dump_stack+0x10/0x12
>> [   10.363974]  ubsan_epilogue+0x9/0x45
>> [   10.363976]  __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e
>> [   10.363979]  ? wake_up_klogd+0x4a/0x50
>> [   10.363983]  ? vprintk_emit+0x8f/0x240
>> [   10.363986]  dwmac4_map_mtl_dma.cold+0x42/0x91 [stmmac]
>> [   10.364001]  stmmac_mtl_configuration+0x1ce/0x7a0 [stmmac]
>> [   10.364009]  ? dwmac410_dma_init_channel+0x70/0x70 [stmmac]
>> [   10.364020]  stmmac_hw_setup.cold+0xf/0xb14 [stmmac]
>> [   10.364030]  ? page_pool_alloc_pages+0x4d/0x70
>> [   10.364034]  ? stmmac_clear_tx_descriptors+0x6e/0xe0 [stmmac]
>> [   10.364042]  stmmac_open+0x39e/0x920 [stmmac]
>> [   10.364050]  __dev_open+0xf0/0x1a0
>> [   10.364054]  __dev_change_flags+0x188/0x1f0
>> [   10.364057]  dev_change_flags+0x26/0x60
>> [   10.364059]  do_setlink+0x908/0xc40
>> [   10.364062]  ? do_setlink+0xb10/0xc40
>> [   10.364064]  ? __nla_validate_parse+0x4c/0x1a0
>> [   10.364068]  __rtnl_newlink+0x597/0xa10
>> [   10.364072]  ? __nla_reserve+0x41/0x50
>> [   10.364074]  ? __kmalloc_node_track_caller+0x1d0/0x4d0
>> [   10.364079]  ? pskb_expand_head+0x75/0x310
>> [   10.364082]  ? nla_reserve_64bit+0x21/0x40
>> [   10.364086]  ? skb_free_head+0x65/0x80
>> [   10.364089]  ? security_sock_rcv_skb+0x2c/0x50
>> [   10.364094]  ? __cond_resched+0x19/0x30
>> [   10.364097]  ? kmem_cache_alloc_trace+0x15a/0x420
>> [   10.364100]  rtnl_newlink+0x49/0x70
>>
>> This change fixes MTL_RXQ_DMA_MAP1 mask issue and channel/queue
>> mapping warning.
>>
>> Fixes: d43042f4da3e ("net: stmmac: mapping mtl rx to dma channel")
>> Signed-off-by: Junxiao Chang <junxiao.chang@...el.com>
> 
> Thanks for addressing it, maybe a:
> 
> BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195
> Reported-by: Cedric Wassenaar <cedric@...espeed.nl>
> 
> would be courteous.
> --
> Florian

-- 
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ