| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250311110418.GK4159220@kernel.org>
Date: Tue, 11 Mar 2025 12:04:18 +0100
From: Simon Horman <horms@...nel.org>
To: Kyungwook Boo <bookyungwook@...il.com>
Cc: "Loktionov, Aleksandr" <aleksandr.loktionov@...el.com>,
Przemek Kitszel <przemyslaw.kitszel@...el.com>,
Tony Nguyen <anthony.l.nguyen@...el.com>,
intel-wired-lan@...ts.osuosl.org, netdev@...r.kernel.org
Subject: Re: [PATCH iwl-next v2] i40e: fix MMIO write access to an invalid
page in i40e_clear_hw
On Tue, Mar 11, 2025 at 02:16:02PM +0900, Kyungwook Boo wrote:
> When the device sends a specific input, an integer underflow can occur, leading
> to MMIO write access to an invalid page.
>
> Prevent the integer underflow by changing the type of related variables.
>
> Signed-off-by: Kyungwook Boo <bookyungwook@...il.com>
> Link: https://lore.kernel.org/lkml/ffc91764-1142-4ba2-91b6-8c773f6f7095@gmail.com/T/
> ---
> Changes in v2:
> - Formatting properly
> - Fix variable shadowing
> - Link to v1: https://lore.kernel.org/netdev/55acc5dc-8d5a-45bc-a59c-9304071e4579@gmail.com/
> ---
> drivers/net/ethernet/intel/i40e/i40e_common.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_common.c b/drivers/net/ethernet/intel/i40e/i40e_common.c
> index 370b4bddee44..b11c35e307ca 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_common.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_common.c
> @@ -817,10 +817,11 @@ int i40e_pf_reset(struct i40e_hw *hw)
> void i40e_clear_hw(struct i40e_hw *hw)
> {
> u32 num_queues, base_queue;
> - u32 num_pf_int;
> - u32 num_vf_int;
> + s32 num_pf_int;
> + s32 num_vf_int;
> u32 num_vfs;
> - u32 i, j;
> + s32 i;
> + u32 j;
> u32 val;
> u32 eol = 0x7ff;
>
> ---
> base-commit: 4d872d51bc9d7b899c1f61534e3dbde72613f627
I see that this addresses the problem at the first link above.
And I'd happy to see it accepted as-is.
Reviewed-by: Simon Horman <horms@...nel.org>
But, as an aside, wouldn't it be more appropriate to use generic
types like int and unsigned int for most of the above variables?
Perhaps this could be addressed by a follow-up. Or perhaps that
would just be churn, IDK.
Powered by blists - more mailing lists