From: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
To: davem@davemloft.net
Cc: Mark Rustad <mark.d.rustad@intel.com>,
netdev@vger.kernel.org, nhorman@redhat.com, sassmann@redhat.com,
jogreene@redhat.com, Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Subject: [net-next 03/18] ixgbe: Correct length check for round up
Date: Thu, 7 Apr 2016 20:20:58 -0700 [thread overview]
Message-ID: <1460085673-87056-4-git-send-email-jeffrey.t.kirsher@intel.com> (raw)
In-Reply-To: <1460085673-87056-1-git-send-email-jeffrey.t.kirsher@intel.com>
From: Mark Rustad <mark.d.rustad@intel.com>
The function ixgbe_host_interface_command actually uses a multiple
of word sized buffer to do its business, but only checks against
the actual length passed in. This means that on read operations it
could be possible to modify locations beyond the length passed in.
Change the check to round up in the same way, just to avoid any
possible hazard.
Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
index dfdb114..a2ca9ef 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
@@ -3557,7 +3557,7 @@ s32 ixgbe_host_interface_command(struct ixgbe_hw *hw, u32 *buffer,
if (buf_len == 0)
return 0;
- if (length < (buf_len + hdr_size)) {
+ if (length < round_up(buf_len, 4) + hdr_size) {
hw_dbg(hw, "Buffer not large enough for reply message.\n");
return IXGBE_ERR_HOST_INTERFACE_COMMAND;
}
--
2.5.5
next prev parent reply other threads:[~2016-04-08 3:21 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-08 3:20 [net-next 00/18][pull request] 10GbE Intel Wired LAN Driver Updates 2016-04-07 Jeff Kirsher
2016-04-08 3:20 ` [net-next 01/18] ixgbe: Delete some unused register definitions Jeff Kirsher
2016-04-08 3:20 ` [net-next 02/18] ixgbe: Change the lan_id and func fields to a u8 to avoid casts Jeff Kirsher
2016-04-08 3:20 ` Jeff Kirsher [this message]
2016-04-08 3:20 ` [net-next 04/18] ixgbe: Clean up interface for firmware commands Jeff Kirsher
2016-04-08 3:21 ` [net-next 05/18] ixgbe: Take manageability semaphore " Jeff Kirsher
2016-04-08 3:21 ` [net-next 06/18] ixgbe/ixgbevf: Add support for bulk free in Tx cleanup & cleanup boolean logic Jeff Kirsher
2016-04-08 3:21 ` [net-next 07/18] ixgbe: Add support for single-port X550 device Jeff Kirsher
2016-04-08 3:21 ` [net-next 08/18] ixgbe: Add definitions for x550em_a 10G MAC Jeff Kirsher
2016-04-08 3:21 ` [net-next 09/18] ixgbe: Use method pointer to access IOSF devices Jeff Kirsher
2016-04-08 3:21 ` [net-next 10/18] ixgbe: Add support for x550em_a 10G MAC type Jeff Kirsher
2016-04-08 3:21 ` [net-next 11/18] ixgbe: Use new methods for PHY access Jeff Kirsher
2016-04-08 3:21 ` [net-next 12/18] ixgbe: Read and set instance id Jeff Kirsher
2016-04-08 3:21 ` [net-next 13/18] ixgbe: Read and parse NW_MNG_IF_SEL register Jeff Kirsher
2016-04-08 3:21 ` [net-next 14/18] ixgbe: Introduce function to control MDIO speed Jeff Kirsher
2016-04-08 3:21 ` [net-next 15/18] ixgbe: Add support for SFPs with retimer Jeff Kirsher
2016-04-08 3:21 ` [net-next 15/18] ixgbe: Add support for SFPs with retimer, Re: [PATCH v3] PCI: rcar-pcie: Remove Gen2 designation from Kconfig, [PATCH bluetooth-next 07/10] ipv6: introduce neighbour discovery ops, [PATCH 3/5] ARM: dts: r8a7790: Don't disable referenced optional clocks Jeff Kirsher, Simon Horman, Alexander Aring, Simon Horman
2016-04-08 3:21 ` [net-next 16/18] ixgbe: Add support for SGMII backplane interface Jeff Kirsher
2016-04-08 3:21 ` [net-next 17/18] ixgbe: Add KR backplane support for x550em_a Jeff Kirsher
2016-04-08 3:21 ` [net-next 18/18] ixgbe: Bump version number Jeff Kirsher
2016-04-08 16:32 ` [net-next 00/18][pull request] 10GbE Intel Wired LAN Driver Updates 2016-04-07 David Miller
2016-04-18 10:58 [PATCH bluetooth-next 00/10] 6lowpan: introduce basic 6lowpan-nd Alexander Aring
2016-04-18 10:58 ` [PATCH bluetooth-next 06/10] ndisc: add addr_len parameter to ndisc_fill_addr_option Alexander Aring
[not found] ` <1460977108-4675-1-git-send-email-aar-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>
2016-04-18 10:58 ` [PATCH bluetooth-next 01/10] 6lowpan: add private neighbour data Alexander Aring
2016-04-18 10:58 ` Alexander Aring
2016-04-18 10:58 ` [PATCH bluetooth-next 02/10] 6lowpan: add 802.15.4 short addr slaac Alexander Aring
2016-04-18 10:58 ` Alexander Aring
2016-04-18 10:58 ` [PATCH bluetooth-next 03/10] 6lowpan: remove ipv6 module request Alexander Aring
2016-04-18 10:58 ` Alexander Aring
2016-04-18 10:58 ` [PATCH bluetooth-next 04/10] ndisc: add addr_len parameter to ndisc_opt_addr_space Alexander Aring
2016-04-18 10:58 ` Alexander Aring
2016-04-18 10:58 ` [PATCH bluetooth-next 05/10] ndisc: add addr_len parameter to ndisc_opt_addr_data Alexander Aring
2016-04-18 10:58 ` Alexander Aring
2016-04-18 10:58 ` [PATCH bluetooth-next 07/10] ipv6: introduce neighbour discovery ops Alexander Aring
2016-04-18 10:58 ` Alexander Aring
2016-04-18 12:59 ` kbuild test robot
2016-04-18 12:59 ` kbuild test robot
2016-04-18 13:28 ` Alexander Aring
2016-04-18 14:23 ` kbuild test robot
2016-04-18 14:23 ` kbuild test robot
2016-04-18 10:58 ` [PATCH bluetooth-next 08/10] ipv6: export ndisc functions Alexander Aring
2016-04-18 10:58 ` [PATCH bluetooth-next 09/10] 6lowpan: introduce 6lowpan-nd Alexander Aring
[not found] ` <1460977108-4675-10-git-send-email-aar-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>
2016-04-18 13:04 ` kbuild test robot
2016-04-18 13:04 ` kbuild test robot
2016-04-18 13:04 ` kbuild test robot
2016-04-18 15:04 ` kbuild test robot
2016-04-18 15:04 ` kbuild test robot
2016-04-18 10:58 ` [PATCH bluetooth-next 10/10] 6lowpan: add support for 802.15.4 short addr handling Alexander Aring
2016-04-21 3:51 [PATCH v3] PCI: rcar-pcie: Remove Gen2 designation from Kconfig Simon Horman
2016-04-21 3:51 ` Simon Horman
2016-04-21 13:38 ` Geert Uytterhoeven
2016-04-21 13:38 ` Geert Uytterhoeven
2016-04-22 0:14 ` Simon Horman
2016-04-22 0:14 ` Simon Horman
2016-04-27 23:08 [GIT PULL] Second Round of Renesas ARM Based SoC DT Updates for v4.7 Simon Horman
2016-04-27 23:08 ` Simon Horman
2016-04-27 23:08 ` [PATCH 1/5] ARM: dts: r8a7778: Don't disable referenced optional clocks Simon Horman
2016-04-27 23:08 ` Simon Horman
2016-04-27 23:08 ` [PATCH 2/5] ARM: dts: r8a7779: " Simon Horman
2016-04-27 23:08 ` Simon Horman
2016-04-27 23:08 ` [PATCH 3/5] ARM: dts: r8a7790: " Simon Horman
2016-04-27 23:08 ` Simon Horman
2016-04-27 23:08 ` [PATCH 4/5] ARM: dts: r8a7793: " Simon Horman
2016-04-27 23:08 ` Simon Horman
2016-04-27 23:08 ` [PATCH 5/5] ARM: dts: r8a7794: " Simon Horman
2016-04-27 23:08 ` Simon Horman
2016-04-28 13:51 ` [GIT PULL] Second Round of Renesas ARM Based SoC DT Updates for v4.7 Arnd Bergmann
2016-04-28 13:51 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1460085673-87056-4-git-send-email-jeffrey.t.kirsher@intel.com \
--to=jeffrey.t.kirsher@intel.com \
--cc=davem@davemloft.net \
--cc=jogreene@redhat.com \
--cc=mark.d.rustad@intel.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@redhat.com \
--cc=sassmann@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.