Message ID | 20190211194318.28698-1-halves@canonical.com |
---|---|
State | New |
Headers | show |
Series | [SRU,Trusty] ixgbe: check for vfs outside of sriov_num_vfs before dereference | expand |
On 2019-02-11 17:43:18 , Heitor R. Alves de Siqueira wrote: > BugLink: http://launchpad.net/bugs/1815501 > > The check for vfinfo is not sufficient because it does not protect > against specifying vf that is outside of sriov_num_vfs range. > All of the ndo functions have a check for it except for > ixgbevf_ndo_set_spoofcheck(). > > The following patch is all we need to protect against this panic: > > ip link set p96p1 vf 0 spoofchk off > BUG: unable to handle kernel NULL pointer dereference at 0000000000000052 > IP: [<ffffffffa044a1c1>] > ixgbe_ndo_set_vf_spoofchk+0x51/0x150 [ixgbe] > > Reported-by: Thierry Herbelot <thierry.herbelot@6wind.com> > Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> > Acked-by: Thierry Herbelot <thierry.herbelot@6wind.com> > Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> > (cherry pick from commit 600a507ddcb99096731e1d96a3ebf43e20fc7f80 upstream) > Signed-off-by: Heitor R. Alves de Siqueira <halves@canonical.com> > --- > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > index 72084f70adbb..45ec9cb6a474 100644 > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > @@ -1248,6 +1248,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) > struct ixgbe_hw *hw = &adapter->hw; > u32 regval; > > + if (vf >= adapter->num_vfs) > + return -EINVAL; > + > adapter->vfinfo[vf].spoofchk_enabled = setting; > > regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg)); BugLink should be https not http, and the "cherry pick" line should be (cherry picked from commit 600a507ddcb99096731e1d96a3ebf43e20fc7f80) Those 2 things can be fixed as we're applying the patch. Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Will send v2 with correct author. On Mon, Feb 11, 2019 at 5:43 PM Heitor R. Alves de Siqueira < halves@canonical.com> wrote: > BugLink: http://launchpad.net/bugs/1815501 > > The check for vfinfo is not sufficient because it does not protect > against specifying vf that is outside of sriov_num_vfs range. > All of the ndo functions have a check for it except for > ixgbevf_ndo_set_spoofcheck(). > > The following patch is all we need to protect against this panic: > > ip link set p96p1 vf 0 spoofchk off > BUG: unable to handle kernel NULL pointer dereference at 0000000000000052 > IP: [<ffffffffa044a1c1>] > ixgbe_ndo_set_vf_spoofchk+0x51/0x150 [ixgbe] > > Reported-by: Thierry Herbelot <thierry.herbelot@6wind.com> > Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> > Acked-by: Thierry Herbelot <thierry.herbelot@6wind.com> > Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> > (cherry pick from commit 600a507ddcb99096731e1d96a3ebf43e20fc7f80 upstream) > Signed-off-by: Heitor R. Alves de Siqueira <halves@canonical.com> > --- > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > index 72084f70adbb..45ec9cb6a474 100644 > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > @@ -1248,6 +1248,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device > *netdev, int vf, bool setting) > struct ixgbe_hw *hw = &adapter->hw; > u32 regval; > > + if (vf >= adapter->num_vfs) > + return -EINVAL; > + > adapter->vfinfo[vf].spoofchk_enabled = setting; > > regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg)); > -- > 2.17.1 > >
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c index 72084f70adbb..45ec9cb6a474 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c @@ -1248,6 +1248,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) struct ixgbe_hw *hw = &adapter->hw; u32 regval; + if (vf >= adapter->num_vfs) + return -EINVAL; + adapter->vfinfo[vf].spoofchk_enabled = setting; regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg));