lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: 
 <CH0PR18MB433904A22EE2C4F2E408B6F6CD1F2@CH0PR18MB4339.namprd18.prod.outlook.com>
Date: Fri, 3 May 2024 06:20:02 +0000
From: Geethasowjanya Akula <gakula@...vell.com>
To: Simon Horman <horms@...nel.org>, "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
        Paolo
 Abeni <pabeni@...hat.com>
CC: Sunil Kovvuri Goutham <sgoutham@...vell.com>,
        Subbaraya Sundeep Bhatta
	<sbhatta@...vell.com>,
        Hariprasad Kelam <hkelam@...vell.com>,
        Dan Carpenter
	<dan.carpenter@...aro.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: RE: [EXTERNAL] [PATCH net-next] octeontx2-pf: Treat truncation of IRQ
 name as an error



> -----Original Message-----
> From: Simon Horman <horms@...nel.org>
> Sent: Wednesday, May 1, 2024 11:57 PM
> To: David S. Miller <davem@...emloft.net>; Eric Dumazet
> <edumazet@...gle.com>; Jakub Kicinski <kuba@...nel.org>; Paolo Abeni
> <pabeni@...hat.com>
> Cc: Sunil Kovvuri Goutham <sgoutham@...vell.com>; Geethasowjanya
> Akula <gakula@...vell.com>; Subbaraya Sundeep Bhatta
> <sbhatta@...vell.com>; Hariprasad Kelam <hkelam@...vell.com>; Dan
> Carpenter <dan.carpenter@...aro.org>; netdev@...r.kernel.org
> Subject: [EXTERNAL] [PATCH net-next] octeontx2-pf: Treat truncation of IRQ
> name as an error

> 
> ----------------------------------------------------------------------
> According to GCC, the constriction of irq_name in otx2_open() may,
> theoretically, be truncated.
> 
> This patch takes the approach of treating such a situation as an error which it
> detects by making use of the return value of snprintf, which is the total
> number of bytes, including the trailing '\0', that would have been written.
> 
> Based on the approach taken to a similar problem in commit 54b909436ede
> ("rtc: fix snprintf() checking in is_rtc_hctosys()")
> 
> Flagged by gcc-13 W=1 builds as:
> 
> .../otx2_pf.c:1933:58: warning: 'snprintf' output may be truncated before the
> last format character [-Wformat-truncation=]
>  1933 |                 snprintf(irq_name, NAME_SIZE, "%s-rxtx-%d", pf->netdev-
> >name,
>       |                                                          ^
> .../otx2_pf.c:1933:17: note: 'snprintf' output between 8 and 33 bytes into a
> destination of size 32
>  1933 |                 snprintf(irq_name, NAME_SIZE, "%s-rxtx-%d", pf->netdev-
> >name,
>       |
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  1934 |                          qidx);
>       |                          ~~~~~
> 
> Compile tested only.
> 
> Signed-off-by: Simon Horman <horms@...nel.org>
> ---
>  drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c
> b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c
> index 6a44dacff508..14bccff0ee5c 100644
> --- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c
> +++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c
> @@ -1886,9 +1886,17 @@ int otx2_open(struct net_device *netdev)
>  	vec = pf->hw.nix_msixoff + NIX_LF_CINT_VEC_START;
>  	for (qidx = 0; qidx < pf->hw.cint_cnt; qidx++) {
>  		irq_name = &pf->hw.irq_name[vec * NAME_SIZE];
> +		int name_len;
> 
> -		snprintf(irq_name, NAME_SIZE, "%s-rxtx-%d", pf->netdev-
> >name,
> -			 qidx);
> +		name_len = snprintf(irq_name, NAME_SIZE, "%s-rxtx-%d",
> +				    pf->netdev->name, qidx);
> +		if (name_len >= NAME_SIZE) {
> +			dev_err(pf->dev,
> +				"RVUPF%d: IRQ registration failed for CQ%d,
> irq name is too long\n",
> +				rvu_get_pf(pf->pcifunc), qidx);
> +			err = -EINVAL;
> +			goto err_free_cints;
> +		}
> 
>  		err = request_irq(pci_irq_vector(pf->pdev, vec),
>  				  otx2_cq_intr_handler, 0, irq_name,

Tested-by: Geetha sowjanya  <gakula@...vell.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ