[PATCH] qede: Fix memset corruption

[PATCH] qede: Fix memset corruption

[Shai Malin]

Thanks to Kees Cook who detected the problem of memset that starting
from not the first member, but sized for the whole struct.
The better change will be to remove the redundant memset and to clear
only the msix_cnt member.

Signed-off-by: Prabhakar Kushwaha <pkushwaha@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: Shai Malin <smalin@marvell.com>
---
 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c
index d400e9b235bf..a0f20c5337d0 100644
--- a/drivers/net/ethernet/qlogic/qede/qede_main.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_main.c
@@ -1866,6 +1866,7 @@ static void qede_sync_free_irqs(struct qede_dev *edev)
 	}
 
 	edev->int_info.used_cnt = 0;
+	edev->int_info.msix_cnt = 0;
 }
 
 static int qede_req_msix_irqs(struct qede_dev *edev)
@@ -2419,7 +2420,6 @@ static int qede_load(struct qede_dev *edev, enum qede_load_mode mode,
 	goto out;
 err4:
 	qede_sync_free_irqs(edev);
-	memset(&edev->int_info.msix_cnt, 0, sizeof(struct qed_int_info));
 err3:
 	qede_napi_disable_remove(edev);
 err2:
-- 
2.22.0

Re: [PATCH] qede: Fix memset corruption

[Kees Cook]

On Tue, Aug 24, 2021 at 07:52:49PM +0300, Shai Malin wrote:
> Thanks to Kees Cook who detected the problem of memset that starting
> from not the first member, but sized for the whole struct.
> The better change will be to remove the redundant memset and to clear
> only the msix_cnt member.

Okay, thanks. It wasn't clear if this needs to be _only_ the msix_cnt
member or something else.

> 
> Signed-off-by: Prabhakar Kushwaha <pkushwaha@marvell.com>
> Signed-off-by: Ariel Elior <aelior@marvell.com>
> Signed-off-by: Shai Malin <smalin@marvell.com>

Reported-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c
> index d400e9b235bf..a0f20c5337d0 100644
> --- a/drivers/net/ethernet/qlogic/qede/qede_main.c
> +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c
> @@ -1866,6 +1866,7 @@ static void qede_sync_free_irqs(struct qede_dev *edev)
>  	}
>  
>  	edev->int_info.used_cnt = 0;
> +	edev->int_info.msix_cnt = 0;
>  }
>  
>  static int qede_req_msix_irqs(struct qede_dev *edev)
> @@ -2419,7 +2420,6 @@ static int qede_load(struct qede_dev *edev, enum qede_load_mode mode,
>  	goto out;
>  err4:
>  	qede_sync_free_irqs(edev);
> -	memset(&edev->int_info.msix_cnt, 0, sizeof(struct qed_int_info));
>  err3:
>  	qede_napi_disable_remove(edev);
>  err2:
> -- 
> 2.22.0
> 

-- 
Kees Cook

Re: [PATCH] qede: Fix memset corruption

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to netdev/net.git (refs/heads/master):

On Tue, 24 Aug 2021 19:52:49 +0300 you wrote:
> Thanks to Kees Cook who detected the problem of memset that starting
> from not the first member, but sized for the whole struct.
> The better change will be to remove the redundant memset and to clear
> only the msix_cnt member.
> 
> Signed-off-by: Prabhakar Kushwaha <pkushwaha@marvell.com>
> Signed-off-by: Ariel Elior <aelior@marvell.com>
> Signed-off-by: Shai Malin <smalin@marvell.com>
> 
> [...]

Here is the summary with links:
  - qede: Fix memset corruption
    https://git.kernel.org/netdev/net/c/e543468869e2

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html