| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Jun 2024 22:36:42 +1000 From: Michael Ellerman <mpe@...erman.id.au> To: Ghadi Elie Rahme <ghadi.rahme@...onical.com>, netdev@...r.kernel.org Cc: Ghadi Elie Rahme <ghadi.rahme@...onical.com>, stable@...r.kernel.org Subject: Re: [PATCH v2 net] bnx2x: Fix multiple UBSAN array-index-out-of-bounds Ghadi Elie Rahme <ghadi.rahme@...onical.com> writes: > Fix UBSAN warnings that occur when using a system with 32 physical > cpu cores or more, or when the user defines a number of Ethernet > queues greater than or equal to FP_SB_MAX_E1x using the num_queues > module parameter. > > The value of the maximum number of Ethernet queues should be limited > to FP_SB_MAX_E1x in case FCOE is disabled or to [FP_SB_MAX_E1x-1] if > enabled to avoid out of bounds reads and writes. > > Stack traces: > > UBSAN: array-index-out-of-bounds in > drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11 > index 20 is out of range for type 'stats_query_entry [19]' > CPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic > #202405052133 > Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360 Gen9, > BIOS P89 10/21/2019 > Call Trace: > <TASK> > dump_stack_lvl+0x76/0xa0 > dump_stack+0x10/0x20 > __ubsan_handle_out_of_bounds+0xcb/0x110 > bnx2x_prep_fw_stats_req+0x2e1/0x310 [bnx2x] > bnx2x_stats_init+0x156/0x320 [bnx2x] > bnx2x_post_irq_nic_init+0x81/0x1a0 [bnx2x] > bnx2x_nic_load+0x8e8/0x19e0 [bnx2x] > bnx2x_open+0x16b/0x290 [bnx2x] > __dev_open+0x10e/0x1d0 > RIP: 0033:0x736223927a0a > Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca > 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 > f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 > RSP: 002b:00007ffc0bb2ada8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c > RAX: ffffffffffffffda RBX: 0000583df50f9c78 RCX: 0000736223927a0a > RDX: 0000000000000020 RSI: 0000583df50ee510 RDI: 0000000000000003 > RBP: 0000583df50d4940 R08: 00007ffc0bb2adb0 R09: 0000000000000080 > R10: 0000000000000000 R11: 0000000000000246 R12: 0000583df5103ae0 > R13: 000000000000035a R14: 0000583df50f9c30 R15: 0000583ddddddf00 > </TASK> > ---[ end trace ]--- > ------------[ cut here ]------------ > UBSAN: array-index-out-of-bounds in > drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1546:11 > index 28 is out of range for type 'stats_query_entry [19]' > CPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic > #202405052133 > Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360 Gen9, > BIOS P89 10/21/2019 > Call Trace: > <TASK> > dump_stack_lvl+0x76/0xa0 > dump_stack+0x10/0x20 > __ubsan_handle_out_of_bounds+0xcb/0x110 > bnx2x_prep_fw_stats_req+0x2fd/0x310 [bnx2x] > bnx2x_stats_init+0x156/0x320 [bnx2x] > bnx2x_post_irq_nic_init+0x81/0x1a0 [bnx2x] > bnx2x_nic_load+0x8e8/0x19e0 [bnx2x] > bnx2x_open+0x16b/0x290 [bnx2x] > __dev_open+0x10e/0x1d0 I also hit this one on powerpc: https://lore.kernel.org/all/87pltc4rs8.fsf@mail.lhotse/ And confirm that this patch fixes it there too. cheers
Powered by blists - more mailing lists