From patchwork Mon Sep 22 09:51:51 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Manish Chopra X-Patchwork-Id: 391857 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id B572E14012C for ; Mon, 22 Sep 2014 20:26:07 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753897AbaIVKZs (ORCPT ); Mon, 22 Sep 2014 06:25:48 -0400 Received: from mx0a-0016ce01.pphosted.com ([67.231.148.157]:43056 "EHLO mx0a-0016ce01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753229AbaIVKZr (ORCPT ); Mon, 22 Sep 2014 06:25:47 -0400 Received: from pps.filterd (m0045602.ppops.net [127.0.0.1]) by mx0a-0016ce01.pphosted.com (8.14.5/8.14.5) with SMTP id s8MAOQLi009820; Mon, 22 Sep 2014 03:25:46 -0700 Received: from avcashub1.qlogic.com (avcashub2.qlogic.com [198.70.193.116]) by mx0a-0016ce01.pphosted.com with ESMTP id 1ph7tat5kw-2 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 22 Sep 2014 03:25:46 -0700 Received: from dut6217.mv.qlogic.com (172.29.56.217) by qlc.com (10.1.4.191) with Microsoft SMTP Server id 14.2.347.0; Mon, 22 Sep 2014 03:25:47 -0700 Received: by dut6217.mv.qlogic.com (Postfix, from userid 0) id CB943521EBB; Mon, 22 Sep 2014 05:51:56 -0400 (EDT) From: Manish Chopra To: CC: , Subject: [PATCH net 2/4] qlcnic: Fix memory corruption while reading stats using ethtool. Date: Mon, 22 Sep 2014 05:51:51 -0400 Message-ID: <1411379513-26902-3-git-send-email-manish.chopra@qlogic.com> X-Mailer: git-send-email 1.7.7 In-Reply-To: <1411379513-26902-1-git-send-email-manish.chopra@qlogic.com> References: <1411379513-26902-1-git-send-email-manish.chopra@qlogic.com> MIME-Version: 1.0 disclaimer: bypass X-Proofpoint-Virus-Version: vendor=nai engine=5600 definitions=7568 signatures=670528 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=1 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1409220105 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org o Driver is doing memset with zero for total number of stats bytes when it has already filled some data in the stats buffer, which can overwrite memory area beyond the length of stats buffer. o Fix this by initializing stats buffer with zero before filling any data in it. Signed-off-by: Manish Chopra --- .../net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c | 6 ++---- 1 files changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c index 141f116..2d77b76 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c @@ -1333,12 +1333,11 @@ static void qlcnic_get_ethtool_stats(struct net_device *dev, struct qlcnic_host_tx_ring *tx_ring; struct qlcnic_esw_statistics port_stats; struct qlcnic_mac_statistics mac_stats; - int index, ret, length, size, tx_size, ring; + int index, ret, length, size, ring; char *p; - tx_size = adapter->drv_tx_rings * QLCNIC_TX_STATS_LEN; + memset(data, 0, stats->n_stats * sizeof(u64)); - memset(data, 0, tx_size * sizeof(u64)); for (ring = 0, index = 0; ring < adapter->drv_tx_rings; ring++) { if (test_bit(__QLCNIC_DEV_UP, &adapter->state)) { tx_ring = &adapter->tx_ring[ring]; @@ -1347,7 +1346,6 @@ static void qlcnic_get_ethtool_stats(struct net_device *dev, } } - memset(data, 0, stats->n_stats * sizeof(u64)); length = QLCNIC_STATS_LEN; for (index = 0; index < length; index++) { p = (char *)adapter + qlcnic_gstrings_stats[index].stat_offset;