From patchwork Mon Feb 11 19:43:18 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Heitor Alves de Siqueira <halves@canonical.com>
X-Patchwork-Id: 1040127
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 43yx751ksHz9s7h;
	Tue, 12 Feb 2019 06:44:01 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1gtHUh-0008IY-EQ; Mon, 11 Feb 2019 19:43:55 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <halves@canonical.com>)
	id 1gtHUf-0008IQ-LA
	for kernel-team@lists.ubuntu.com; Mon, 11 Feb 2019 19:43:53 +0000
Received: from mail-qt1-f198.google.com ([209.85.160.198])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <halves@canonical.com>)
	id 1gtHUf-00084d-Bd
	for kernel-team@lists.ubuntu.com; Mon, 11 Feb 2019 19:43:53 +0000
Received: by mail-qt1-f198.google.com with SMTP id v4so105715qtp.12
	for <kernel-team@lists.ubuntu.com>;
	Mon, 11 Feb 2019 11:43:53 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id;
	bh=S3F5rzNFZl8yjqzVhXfR+FFqm0qid1/xV6uDg0BtbyE=;
	b=Th2wq40WfPeAryFzIZnn5FnmcuTzFHeUYNaesO3Zb1XV8Otbc04LHZO9IiisUQrRuu
	LaqdEv2HM3nKTNP6H2vFMFHxqLF5gzgXqGOHTuTBCXqN6RAbSNIDBkALFsQ+mT81YZkD
	sLQ0KPaoXdp+hfo7X+XmmJ54n9raOabwI497xlE50LjxmkazStnyny/lQpZIlQIusQVU
	ulW7/h5pO8Z0a6eZ34PXQe8Fj+pSXFdMFs6vXxLQRdHQ0yjtyVasUIxavJvb8ECTobit
	d7lnKoaaZKd/op4DXZnGRJGV7cSar1Z7uFMxUXH/7mhTF8PipCYJpo8864e+EG+Rd+wB
	wbAA==
X-Gm-Message-State: AHQUAuYi4unabLZkKtKz6M7o5aXlr6Lo1f/0vRy7RRlFHEi2GF/Nzb+w
	GP9HP79DLqZ0mxYfm52AhAl/iKsqvy/JFVsc3/cGJX0UiaMYxp2K4fILMfLO+Ik3SX2V+WhZoJ7
	UlDJX99mYezK2VIZtfb7L1QCglHZx5TV9AKRPRnMLzQ==
X-Received: by 2002:a0c:b626:: with SMTP id
	f38mr17489023qve.166.1549914232369;
	Mon, 11 Feb 2019 11:43:52 -0800 (PST)
X-Google-Smtp-Source: 
 AHgI3IbeejqJDXMsTAexs1goaBdo69OGK1kyuSIaRXcsntDDhIYfPMDs55L/g6g+1XOFsWXBFlveYw==
X-Received: by 2002:a0c:b626:: with SMTP id
	f38mr17489018qve.166.1549914232234;
	Mon, 11 Feb 2019 11:43:52 -0800 (PST)
Received: from localhost.localdomain
	([2804:14d:ac80:5443:6d3:b0ff:febf:db19])
	by smtp.gmail.com with ESMTPSA id
	c49sm31494019qtc.94.2019.02.11.11.43.50
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 11 Feb 2019 11:43:51 -0800 (PST)
From: "Heitor R. Alves de Siqueira" <halves@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty] ixgbe: check for vfs outside of sriov_num_vfs before
	dereference
Date: Mon, 11 Feb 2019 17:43:18 -0200
Message-Id: <20190211194318.28698-1-halves@canonical.com>
X-Mailer: git-send-email 2.17.1
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: http://launchpad.net/bugs/1815501

The check for vfinfo is not sufficient because it does not protect
against specifying vf that is outside of sriov_num_vfs range.
All of the ndo functions have a check for it except for
ixgbevf_ndo_set_spoofcheck().

The following patch is all we need to protect against this panic:

ip link set p96p1 vf 0 spoofchk off
BUG: unable to handle kernel NULL pointer dereference at 0000000000000052
IP: [<ffffffffa044a1c1>]
ixgbe_ndo_set_vf_spoofchk+0x51/0x150 [ixgbe]

Reported-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com>
Acked-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
(cherry pick from commit 600a507ddcb99096731e1d96a3ebf43e20fc7f80 upstream)
Signed-off-by: Heitor R. Alves de Siqueira <halves@canonical.com>
Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 72084f70adbb..45ec9cb6a474 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1248,6 +1248,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting)
 	struct ixgbe_hw *hw = &adapter->hw;
 	u32 regval;
 
+	if (vf >= adapter->num_vfs)
+		return -EINVAL;
+
 	adapter->vfinfo[vf].spoofchk_enabled = setting;
 
 	regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg));