From patchwork Tue Sep 14 11:27:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 511567 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 146EDC433EF for ; Tue, 14 Sep 2021 11:28:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F1680610F9 for ; Tue, 14 Sep 2021 11:28:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232123AbhINL31 (ORCPT ); Tue, 14 Sep 2021 07:29:27 -0400 Received: from new2-smtp.messagingengine.com ([66.111.4.224]:43761 "EHLO new2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232065AbhINL3V (ORCPT ); Tue, 14 Sep 2021 07:29:21 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailnew.nyi.internal (Postfix) with ESMTP id 849D35805A9; Tue, 14 Sep 2021 07:28:04 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 14 Sep 2021 07:28:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=K9xA/itOgD7/PUD9NPffe+zhElX6cckwkTsVzK1EbEA=; b=dlb39cVk SGZd6J4X0hZfzZOy1bYYYxlpVOuePKqIuyR0b/RUYz7uzbm4Ws5RSbLx3ZJ7OsZV J4M/8vlEIGZ2BudNDES8UyfQDz87wZUhITLUSRs2ncVdR/Hj6xBCqVBOwERCqY5g ACVlOSxeowQT62wBjVg/SMh4YSCiyjGkP73VtT+C9ibgejcrcQQvcBuVJjpzmBd4 b5OKr+/ZzT7PVuJuRGT4CjmjFnR4hva3prIyFrYxtjPNsb3AgysO+wA0/QiTO0L4 v/NQuUTrUHj6Fjw7WSgO0pXGXMsHCpHBIpCDC2SO7d6DwvxYofyPH3y1kgX1bCPR z2dNXKnzjvM+mA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudegledgfeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhgggfestdekre dtredttdenucfhrhhomhepkfguohcuufgthhhimhhmvghluceoihguohhstghhsehiugho shgthhdrohhrgheqnecuggftrfgrthhtvghrnhepudetieevffffveelkeeljeffkefhke ehgfdtffethfelvdejgffghefgveejkefhnecuvehluhhsthgvrhfuihiivgeptdenucfr rghrrghmpehmrghilhhfrhhomhepihguohhstghhsehiughoshgthhdrohhrgh X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 14 Sep 2021 07:28:02 -0400 (EDT) From: Ido Schimmel To: netdev@vger.kernel.org Cc: mkubecek@suse.cz, kuba@kernel.org, andrew@lunn.ch, f.fainelli@gmail.com, vadimp@nvidia.com, mlxsw@nvidia.com, vladyslavt@nvidia.com, moshe@nvidia.com, popadrian1996@gmail.com, Ido Schimmel Subject: [PATCH ethtool 2/5] cmis: Fix invalid memory access in IOCTL path Date: Tue, 14 Sep 2021 14:27:35 +0300 Message-Id: <20210914112738.358627-3-idosch@idosch.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210914112738.358627-1-idosch@idosch.org> References: <20210914112738.358627-1-idosch@idosch.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Ido Schimmel Page 01h is an optional page that is not available for flat memory modules. Trying to blindly access it results in the following report from AddressSanitizer [1]. Instead, pass the base address of the Lower Memory. This results in wrong information being parsed, but this never worked correctly since CMIS support first appeared in cited commit. The information will be parsed correctly in a follow-up submission that reworks the EEPROM parsing code to use a memory map with pointers to individual pages instead of passing one large buffer. [1] ==968785==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6120000001d4 at pc 0x0000004806ee bp 0x7ffefbc977a0 sp 0x7ffefbc97798 READ of size 1 at 0x6120000001d4 thread T0 #0 0x4806ed in cmis_print_smf_cbl_len cmis.c:127 #1 0x48113e in cmis_show_link_len_from_page cmis.c:279 #2 0x4811e3 in cmis_show_link_len cmis.c:300 #3 0x481358 in qsfp_dd_show_all cmis.c:336 #4 0x47d190 in sff8636_show_all qsfp.c:861 #5 0x42130b in do_getmodule ethtool.c:4908 #6 0x42a38a in main ethtool.c:6383 #7 0x7f11db6c51e1 in __libc_start_main (/lib64/libc.so.6+0x281e1) #8 0x40258d in _start (ethtool+0x40258d) Address 0x6120000001d4 is a wild pointer. SUMMARY: AddressSanitizer: heap-buffer-overflow cmis.c:127 in cmis_print_smf_cbl_len Fixes: 88ca347ef35a ("Add QSFP-DD support"). Signed-off-by: Ido Schimmel --- cmis.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmis.c b/cmis.c index 361b721f332f..1a91e798e4b8 100644 --- a/cmis.c +++ b/cmis.c @@ -297,7 +297,7 @@ static void cmis_show_link_len_from_page(const __u8 *page_one_data) */ static void cmis_show_link_len(const __u8 *id) { - cmis_show_link_len_from_page(id + PAG01H_UPPER_OFFSET); + cmis_show_link_len_from_page(id); } /** From patchwork Tue Sep 14 11:27:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 511566 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6578AC433F5 for ; Tue, 14 Sep 2021 11:28:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4E69960FBF for ; Tue, 14 Sep 2021 11:28:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232211AbhINL3c (ORCPT ); Tue, 14 Sep 2021 07:29:32 -0400 Received: from new2-smtp.messagingengine.com ([66.111.4.224]:40341 "EHLO new2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231941AbhINL31 (ORCPT ); Tue, 14 Sep 2021 07:29:27 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailnew.nyi.internal (Postfix) with ESMTP id 413005805A9; Tue, 14 Sep 2021 07:28:10 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 14 Sep 2021 07:28:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=FJcN3GzOTm+TBWoN47pHFIzN3bdvmzDUMGUOy5zBY uo=; b=AsI5oesNPxWnE6c38NbbnCyP5egzPwsEeA7c5ium73FoTXjSYbUIh2PGs Pxz5K98ePe4Z5xWm3iQY1c+uGApjz+CcWpfNhPc5mmFh1Qe0JB4ybQmWxk8yMcEe XhlG6FAFY8jnGvvDQ6jQgruKr3WRnedACCWUh7PkQBahwVdcP+tm2QIlltwPEH58 coiIe4apbbekGLuSmcBHpCRFzbEZTqsLgE9957c9bGoT3dRzNHC7xGYcuNddRlbq kwgJiCEGloFT8s5P0u19BeJY8Yb6l91c3JMc5pkqgkmMfFp4O2fhVISC/wBle41E ZrIIxvFzYwtzhNAOyGaoe3BnPQB1A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudegledgfeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhggtgfgsehtke ertdertdejnecuhfhrohhmpefkughoucfutghhihhmmhgvlhcuoehiughoshgthhesihgu ohhstghhrdhorhhgqeenucggtffrrghtthgvrhhnpeekheelfeefffdthfeuhfeuieeltd fgffejffdvuddtgeefvefhleffteeujeethfenucevlhhushhtvghrufhiiigvpedtnecu rfgrrhgrmhepmhgrihhlfhhrohhmpehiughoshgthhesihguohhstghhrdhorhhg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 14 Sep 2021 07:28:07 -0400 (EDT) From: Ido Schimmel To: netdev@vger.kernel.org Cc: mkubecek@suse.cz, kuba@kernel.org, andrew@lunn.ch, f.fainelli@gmail.com, vadimp@nvidia.com, mlxsw@nvidia.com, vladyslavt@nvidia.com, moshe@nvidia.com, popadrian1996@gmail.com, Ido Schimmel Subject: [PATCH ethtool 4/5] ethtool: Fix compilation warning when pretty dump is disabled Date: Tue, 14 Sep 2021 14:27:37 +0300 Message-Id: <20210914112738.358627-5-idosch@idosch.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210914112738.358627-1-idosch@idosch.org> References: <20210914112738.358627-1-idosch@idosch.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Ido Schimmel When pretty dump is disabled (i.e., configure --disable-pretty-dump), gcc 11.2.1 emits the following warning: ethtool.c: In function ‘dump_regs’: ethtool.c:1160:31: warning: comparison is always false due to limited range of data type [-Wtype-limits] 1160 | for (i = 0; i < ARRAY_SIZE(driver_list); i++) | ^ Fix it by avoiding iterating over 'driver_list' when pretty dump is disabled. Signed-off-by: Ido Schimmel --- ethtool.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/ethtool.c b/ethtool.c index a6826e9f9e3f..46887c7263e1 100644 --- a/ethtool.c +++ b/ethtool.c @@ -1089,12 +1089,12 @@ static int parse_hkey(char **rss_hkey, u32 key_size, return 0; } +#ifdef ETHTOOL_ENABLE_PRETTY_DUMP static const struct { const char *name; int (*func)(struct ethtool_drvinfo *info, struct ethtool_regs *regs); } driver_list[] = { -#ifdef ETHTOOL_ENABLE_PRETTY_DUMP { "8139cp", realtek_dump_regs }, { "8139too", realtek_dump_regs }, { "r8169", realtek_dump_regs }, @@ -1129,8 +1129,8 @@ static const struct { { "fec", fec_dump_regs }, { "igc", igc_dump_regs }, { "bnxt_en", bnxt_dump_regs }, -#endif }; +#endif void dump_hex(FILE *file, const u8 *data, int len, int offset) { @@ -1149,14 +1149,15 @@ void dump_hex(FILE *file, const u8 *data, int len, int offset) static int dump_regs(int gregs_dump_raw, int gregs_dump_hex, struct ethtool_drvinfo *info, struct ethtool_regs *regs) { - unsigned int i; - if (gregs_dump_raw) { fwrite(regs->data, regs->len, 1, stdout); goto nested; } - if (!gregs_dump_hex) +#ifdef ETHTOOL_ENABLE_PRETTY_DUMP + if (!gregs_dump_hex) { + unsigned int i; + for (i = 0; i < ARRAY_SIZE(driver_list); i++) if (!strncmp(driver_list[i].name, info->driver, ETHTOOL_BUSINFO_LEN)) { @@ -1168,6 +1169,8 @@ static int dump_regs(int gregs_dump_raw, int gregs_dump_hex, */ break; } + } +#endif dump_hex(stdout, regs->data, regs->len, 0);