Message ID | 20190212125442.6522-1-halves@canonical.com |
---|---|
State | New |
Headers | show |
Series | [SRU,v2,Trusty] ixgbe: check for vfs outside of sriov_num_vfs before dereference | expand |
On 12.02.19 13:54, Heitor R. Alves de Siqueira wrote: > From: Emil Tantilov <emil.s.tantilov@intel.com> > > BugLink: https://launchpad.net/bugs/1815501 > > The check for vfinfo is not sufficient because it does not protect > against specifying vf that is outside of sriov_num_vfs range. > All of the ndo functions have a check for it except for > ixgbevf_ndo_set_spoofcheck(). > > The following patch is all we need to protect against this panic: > > ip link set p96p1 vf 0 spoofchk off > BUG: unable to handle kernel NULL pointer dereference at 0000000000000052 > IP: [<ffffffffa044a1c1>] > ixgbe_ndo_set_vf_spoofchk+0x51/0x150 [ixgbe] > > Reported-by: Thierry Herbelot <thierry.herbelot@6wind.com> > Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> > Acked-by: Thierry Herbelot <thierry.herbelot@6wind.com> > Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> > (cherry picked from commit 600a507ddcb99096731e1d96a3ebf43e20fc7f80) > Signed-off-by: Heitor R. Alves de Siqueira <halves@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > index 72084f70adbb..45ec9cb6a474 100644 > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > @@ -1248,6 +1248,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) > struct ixgbe_hw *hw = &adapter->hw; > u32 regval; > > + if (vf >= adapter->num_vfs) > + return -EINVAL; > + > adapter->vfinfo[vf].spoofchk_enabled = setting; > > regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg)); >
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-By: You-Sheng Yang <vicamo.yang@canonical.com>
On 2019-02-12 10:54:42 , Heitor R. Alves de Siqueira wrote: > From: Emil Tantilov <emil.s.tantilov@intel.com> > > BugLink: https://launchpad.net/bugs/1815501 > > The check for vfinfo is not sufficient because it does not protect > against specifying vf that is outside of sriov_num_vfs range. > All of the ndo functions have a check for it except for > ixgbevf_ndo_set_spoofcheck(). > > The following patch is all we need to protect against this panic: > > ip link set p96p1 vf 0 spoofchk off > BUG: unable to handle kernel NULL pointer dereference at 0000000000000052 > IP: [<ffffffffa044a1c1>] > ixgbe_ndo_set_vf_spoofchk+0x51/0x150 [ixgbe] > > Reported-by: Thierry Herbelot <thierry.herbelot@6wind.com> > Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> > Acked-by: Thierry Herbelot <thierry.herbelot@6wind.com> > Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> > (cherry picked from commit 600a507ddcb99096731e1d96a3ebf43e20fc7f80) > Signed-off-by: Heitor R. Alves de Siqueira <halves@canonical.com> > --- > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > index 72084f70adbb..45ec9cb6a474 100644 > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > @@ -1248,6 +1248,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) > struct ixgbe_hw *hw = &adapter->hw; > u32 regval; > > + if (vf >= adapter->num_vfs) > + return -EINVAL; > + > adapter->vfinfo[vf].spoofchk_enabled = setting; > > regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg)); > -- > 2.17.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c index 72084f70adbb..45ec9cb6a474 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c @@ -1248,6 +1248,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) struct ixgbe_hw *hw = &adapter->hw; u32 regval; + if (vf >= adapter->num_vfs) + return -EINVAL; + adapter->vfinfo[vf].spoofchk_enabled = setting; regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg));