diff mbox series

[net-next,05/15] ice: fix stack leakage

Message ID 20191121074612.3055661-6-jeffrey.t.kirsher@intel.com
State Changes Requested
Delegated to: David Miller
Headers show
Series 100GbE Intel Wired LAN Driver Updates 2019-11-20 | expand

Commit Message

Kirsher, Jeffrey T Nov. 21, 2019, 7:46 a.m. UTC 
From: Jesse Brandeburg <jesse.brandeburg@intel.com>

In the case of an invalid virtchannel request the driver
would return uninitialized data to the VF from the PF stack
which is a bug.  Fix by initializing the stack variable
earlier in the function before any return paths can be taken.

Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Jakub Kicinski Nov. 21, 2019, 10:25 p.m. UTC | #1 
On Wed, 20 Nov 2019 23:46:02 -0800, Jeff Kirsher wrote:
> From: Jesse Brandeburg <jesse.brandeburg@intel.com>
> 
> In the case of an invalid virtchannel request the driver
> would return uninitialized data to the VF from the PF stack
> which is a bug.  Fix by initializing the stack variable
> earlier in the function before any return paths can be taken.

I'd argue users may not want hypervisor stack to get leaked into the
VMs, and therefore this should really have a fixes tag...
David Miller Nov. 21, 2019, 10:37 p.m. UTC | #2 
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Thu, 21 Nov 2019 14:25:48 -0800

> On Wed, 20 Nov 2019 23:46:02 -0800, Jeff Kirsher wrote:
>> From: Jesse Brandeburg <jesse.brandeburg@intel.com>
>> 
>> In the case of an invalid virtchannel request the driver
>> would return uninitialized data to the VF from the PF stack
>> which is a bug.  Fix by initializing the stack variable
>> earlier in the function before any return paths can be taken.
> 
> I'd argue users may not want hypervisor stack to get leaked into the
> VMs, and therefore this should really have a fixes tag...

Agreed.
Kirsher, Jeffrey T Nov. 21, 2019, 11:07 p.m. UTC | #3 
On Thu, 2019-11-21 at 14:25 -0800, Jakub Kicinski wrote:
> On Wed, 20 Nov 2019 23:46:02 -0800, Jeff Kirsher wrote:
> > From: Jesse Brandeburg <jesse.brandeburg@intel.com>
> > 
> > In the case of an invalid virtchannel request the driver
> > would return uninitialized data to the VF from the PF stack
> > which is a bug.  Fix by initializing the stack variable
> > earlier in the function before any return paths can be taken.
> 
> I'd argue users may not want hypervisor stack to get leaked into the
> VMs, and therefore this should really have a fixes tag...

Added...

Fixes: 1071a8358a28 ("ice: Implement virtchnl commands for AVF support")
diff mbox series

Patch

diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c
index fd419230a6c0..f8d26674cf5a 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c
@@ -1886,8 +1886,8 @@  static int ice_vc_get_stats_msg(struct ice_vf *vf, u8 *msg)
 	enum virtchnl_status_code v_ret = VIRTCHNL_STATUS_SUCCESS;
 	struct virtchnl_queue_select *vqs =
 		(struct virtchnl_queue_select *)msg;
+	struct ice_eth_stats stats = { 0 };
 	struct ice_pf *pf = vf->pf;
-	struct ice_eth_stats stats;
 	struct ice_vsi *vsi;
 
 	if (!test_bit(ICE_VF_STATE_ACTIVE, vf->vf_states)) {
@@ -1906,7 +1906,6 @@  static int ice_vc_get_stats_msg(struct ice_vf *vf, u8 *msg)
 		goto error_param;
 	}
 
-	memset(&stats, 0, sizeof(struct ice_eth_stats));
 	ice_update_eth_stats(vsi);
 
 	stats = vsi->eth_stats;