GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/806018/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 806018,
    "url": "http://patchwork.ozlabs.org/api/patches/806018/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/04759fe12e6a8eb8e36e46060b907f02c269a826.1503692361.git.sbrivio@redhat.com/",
    "project": {
        "id": 7,
        "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api",
        "name": "Linux network development",
        "link_name": "netdev",
        "list_id": "netdev.vger.kernel.org",
        "list_email": "netdev@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<04759fe12e6a8eb8e36e46060b907f02c269a826.1503692361.git.sbrivio@redhat.com>",
    "list_archive_url": null,
    "date": "2017-08-25T20:48:48",
    "name": "[net] cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox()",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": true,
    "hash": "3244489987157d2e6415d2378f836a44e85f4b36",
    "submitter": {
        "id": 72032,
        "url": "http://patchwork.ozlabs.org/api/people/72032/?format=api",
        "name": "Stefano Brivio",
        "email": "sbrivio@redhat.com"
    },
    "delegate": {
        "id": 34,
        "url": "http://patchwork.ozlabs.org/api/users/34/?format=api",
        "username": "davem",
        "first_name": "David",
        "last_name": "Miller",
        "email": "davem@davemloft.net"
    },
    "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/04759fe12e6a8eb8e36e46060b907f02c269a826.1503692361.git.sbrivio@redhat.com/mbox/",
    "series": [],
    "comments": "http://patchwork.ozlabs.org/api/patches/806018/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/806018/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<netdev-owner@vger.kernel.org>",
        "X-Original-To": "patchwork-incoming@ozlabs.org",
        "Delivered-To": "patchwork-incoming@ozlabs.org",
        "Authentication-Results": [
            "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)",
            "ext-mx06.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com",
            "ext-mx06.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=sbrivio@redhat.com"
        ],
        "Received": [
            "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xfCvk528nz9sNv\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSat, 26 Aug 2017 06:49:38 +1000 (AEST)",
            "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S933024AbdHYUth (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tFri, 25 Aug 2017 16:49:37 -0400",
            "from mx1.redhat.com ([209.132.183.28]:51004 \"EHLO mx1.redhat.com\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S932586AbdHYUtf (ORCPT <rfc822;netdev@vger.kernel.org>);\n\tFri, 25 Aug 2017 16:49:35 -0400",
            "from smtp.corp.redhat.com\n\t(int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 82B9A13CF3;\n\tFri, 25 Aug 2017 20:49:35 +0000 (UTC)",
            "from elisabeth.redhat.com (unknown [10.33.36.99])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id BA7FE6F965;\n\tFri, 25 Aug 2017 20:49:33 +0000 (UTC)"
        ],
        "DMARC-Filter": "OpenDMARC Filter v1.3.2 mx1.redhat.com 82B9A13CF3",
        "From": "Stefano Brivio <sbrivio@redhat.com>",
        "To": "Ganesh Goudar <ganeshgr@chelsio.com>,\n\t\"David S . Miller\" <davem@davemloft.net>, netdev@vger.kernel.org",
        "Cc": "Hariprasad Shenai <hariprasad@chelsio.com>,\n\tCasey Leedom <leedom@chelsio.com>, Sai Vemuri <svemuri@redhat.com>",
        "Subject": "[PATCH net] cxgb4: Fix stack out-of-bounds read due to wrong size\n\tto t4_record_mbox()",
        "Date": "Fri, 25 Aug 2017 22:48:48 +0200",
        "Message-Id": "<04759fe12e6a8eb8e36e46060b907f02c269a826.1503692361.git.sbrivio@redhat.com>",
        "X-Scanned-By": "MIMEDefang 2.79 on 10.5.11.13",
        "X-Greylist": "Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.30]);\n\tFri, 25 Aug 2017 20:49:35 +0000 (UTC)",
        "Sender": "netdev-owner@vger.kernel.org",
        "Precedence": "bulk",
        "List-ID": "<netdev.vger.kernel.org>",
        "X-Mailing-List": "netdev@vger.kernel.org"
    },
    "content": "Passing commands for logging to t4_record_mbox() with size\nMBOX_LEN, when the actual command size is actually smaller,\ncauses out-of-bounds stack accesses in t4_record_mbox() while\ncopying command words here:\n\n\tfor (i = 0; i < size / 8; i++)\n\t\tentry->cmd[i] = be64_to_cpu(cmd[i]);\n\nUp to 48 bytes from the stack are then leaked to debugfs.\n\nThis happens whenever we send (and log) commands described by\nstructs fw_sched_cmd (32 bytes leaked), fw_vi_rxmode_cmd (48),\nfw_hello_cmd (48), fw_bye_cmd (48), fw_initialize_cmd (48),\nfw_reset_cmd (48), fw_pfvf_cmd (32), fw_eq_eth_cmd (16),\nfw_eq_ctrl_cmd (32), fw_eq_ofld_cmd (32), fw_acl_mac_cmd(16),\nfw_rss_glb_config_cmd(32), fw_rss_vi_config_cmd(32),\nfw_devlog_cmd(32), fw_vi_enable_cmd(48), fw_port_cmd(32),\nfw_sched_cmd(32), fw_devlog_cmd(32).\n\nThe cxgb4vf driver got this right instead.\n\nWhen we call t4_record_mbox() to log a command reply, a MBOX_LEN\nsize can be used though, as get_mbox_rpl() will fill cmd_rpl up\ncompletely.\n\nFixes: 7f080c3f2ff0 (\"cxgb4: Add support to enable logging of firmware mailbox commands\")\nSigned-off-by: Stefano Brivio <sbrivio@redhat.com>\n---\nI guess this should be queued up for -stable, back to 4.7.\n\n drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 6 +++---\n 1 file changed, 3 insertions(+), 3 deletions(-)",
    "diff": "diff --git a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c\nindex 82bf7aac6cdb..0293b41171a5 100644\n--- a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c\n+++ b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c\n@@ -369,12 +369,12 @@ int t4_wr_mbox_meat_timeout(struct adapter *adap, int mbox, const void *cmd,\n \t\tlist_del(&entry.list);\n \t\tspin_unlock(&adap->mbox_lock);\n \t\tret = (v == MBOX_OWNER_FW) ? -EBUSY : -ETIMEDOUT;\n-\t\tt4_record_mbox(adap, cmd, MBOX_LEN, access, ret);\n+\t\tt4_record_mbox(adap, cmd, size, access, ret);\n \t\treturn ret;\n \t}\n \n \t/* Copy in the new mailbox command and send it on its way ... */\n-\tt4_record_mbox(adap, cmd, MBOX_LEN, access, 0);\n+\tt4_record_mbox(adap, cmd, size, access, 0);\n \tfor (i = 0; i < size; i += 8)\n \t\tt4_write_reg64(adap, data_reg + i, be64_to_cpu(*p++));\n \n@@ -426,7 +426,7 @@ int t4_wr_mbox_meat_timeout(struct adapter *adap, int mbox, const void *cmd,\n \t}\n \n \tret = (pcie_fw & PCIE_FW_ERR_F) ? -ENXIO : -ETIMEDOUT;\n-\tt4_record_mbox(adap, cmd, MBOX_LEN, access, ret);\n+\tt4_record_mbox(adap, cmd, size, access, ret);\n \tdev_err(adap->pdev_dev, \"command %#x in mailbox %d timed out\\n\",\n \t\t*(const u8 *)cmd, mbox);\n \tt4_report_fw_error(adap);\n",
    "prefixes": [
        "net"
    ]
}