lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230330061840.GM831478@unreal>
Date:   Thu, 30 Mar 2023 09:18:40 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     Sai Krishna <saikrishnag@...vell.com>
Cc:     davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
        pabeni@...hat.com, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, sgoutham@...vell.com,
        richardcochran@...il.com, Hariprasad Kelam <hkelam@...vell.com>
Subject: Re: [net PATCH 3/7] octeontx2-af: Add validation for lmac type

On Wed, Mar 29, 2023 at 10:36:15PM +0530, Sai Krishna wrote:
> From: Hariprasad Kelam <hkelam@...vell.com>
> 
> Upon physical link change, firmware reports to the kernel about the
> change along with the details like speed, lmac_type_id, etc.
> Kernel derives lmac_type based on lmac_type_id received from firmware.
> 
> In a few scenarios, firmware returns an invalid lmac_type_id, which
> is resulting in below kernel panic. This patch adds the missing
> validation of the lmac_type_id field.
> 
> Internal error: Oops: 96000005 [#1] PREEMPT SMP
> [   35.321595] Modules linked in:
> [   35.328982] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted
> 5.4.210-g2e3169d8e1bc-dirty #17
> [   35.337014] Hardware name: Marvell CN103XX board (DT)
> [   35.344297] Workqueue: events work_for_cpu_fn
> [   35.352730] pstate: 40400089 (nZcv daIf +PAN -UAO)
> [   35.360267] pc : strncpy+0x10/0x30
> [   35.366595] lr : cgx_link_change_handler+0x90/0x180
> 
> Fixes: 61071a871ea6 ("octeontx2-af: Forward CGX link notifications to PFs")
> Signed-off-by: Hariprasad Kelam <hkelam@...vell.com>
> Signed-off-by: Sunil Kovvuri Goutham <sgoutham@...vell.com>
> Signed-off-by: Sai Krishna <saikrishnag@...vell.com>
> ---
>  drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
> index 724df6398bbe..180aa84cf1c3 100644
> --- a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
> +++ b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
> @@ -1231,6 +1231,13 @@ static inline void link_status_user_format(u64 lstat,
>  	linfo->an = FIELD_GET(RESP_LINKSTAT_AN, lstat);
>  	linfo->fec = FIELD_GET(RESP_LINKSTAT_FEC, lstat);
>  	linfo->lmac_type_id = FIELD_GET(RESP_LINKSTAT_LMAC_TYPE, lstat);
> +
> +	if (linfo->lmac_type_id >= LMAC_MODE_MAX) {
> +		dev_err(&cgx->pdev->dev, "Unknown lmac_type_id %d reported by firmware on cgx port%d:%d",
> +			linfo->lmac_type_id, cgx->cgx_id, lmac_id);
> +		return;

You are keeping old lmac_type, which is out-of-sync now.
Why don't you do something like that?

if (linfo->lmac_type_id >= LMAC_MODE_MAX) {
  strncpy(linfo->lmac_type, "Unknown", LMACTYPE_STR_LEN - 1);
  return;
}


> +	}
> +
>  	lmac_string = cgx_lmactype_string[linfo->lmac_type_id];
>  	strncpy(linfo->lmac_type, lmac_string, LMACTYPE_STR_LEN - 1);
>  }
> -- 
> 2.25.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ