| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Mar 2024 07:28:56 +0100
From: Paul Menzel <pmenzel@...gen.mpg.de>
To: Jesse Brandeburg <jesse.brandeburg@...el.com>
Cc: intel-wired-lan@...ts.osuosl.org,
Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>,
netdev@...r.kernel.org, Eric Dumazet <edumazet@...gle.com>,
Tony Nguyen <anthony.l.nguyen@...el.com>, Simon Horman <horms@...nel.org>,
Przemek Kitszel <przemyslaw.kitszel@...el.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
"David S. Miller" <davem@...emloft.net>, Robert Elliott <elliott@....com>
Subject: Re: [Intel-wired-lan] [PATCH iwl-net v1] ice: fix bug with suspend
and rebuild
Dear Jesse,
Thank you for your patch.
Am 05.03.24 um 00:08 schrieb Jesse Brandeburg:
> The ice driver would previously panic during suspend. This is caused
> from the driver *only* calling the ice_vsi_free_q_vectors() function by
> itself, when it is suspending. Since commit b3e7b3a6ee92 ("ice: prevent
> NULL pointer deref during reload") the driver has zeroed out
> num_q_vectors, and only restored it in ice_vsi_cfg_def().
>
> This further causes the ice_rebuild() function to allocate a zero length
> buffer, after which num_q_vectors is updated, and then the new value of
> num_q_vectors is used to index into the zero length buffer, which
> corrupts memory.
[…]
For the commit message summary I suggest to be more specific. Maybe:
ice: Fix memory corruption with suspend and rebuild
ice: Avoid 0-length buffer to fix memory corruption with suspend/rebuild
Reviewed-by: Paul Menzel <pmenzel@...gen.mpg.de>
Kind regards,
Paul
Powered by blists - more mailing lists