* [PATCH net] net: mlx5: fix sizeof usage in health_care's reg_handler
@ 2013-08-02 10:16 Daniel Borkmann
2013-08-02 22:11 ` David Miller
0 siblings, 1 reply; 6+ messages in thread
From: Daniel Borkmann @ 2013-08-02 10:16 UTC (permalink / raw)
To: davem; +Cc: netdev, Or Gerlitz
In mlx5's function health_care() the callback handler reg_handler() is
being called that checks the devices registers like:
reg_handler(dev->pdev, health->health, sizeof(health->health));
health->health is a pointer to the member "struct health_buffer __iomem
*health" of mlx5_core_health, where health buffer itself looks like:
struct health_buffer {
__be32 assert_var[5];
__be32 rsvd0[3];
__be32 assert_exit_ptr;
__be32 assert_callra;
__be32 rsvd1[2];
...
__be16 ext_sync;
};
Therefore, I strongly assume sizeof(*health->health) is being meant
to be passed as an argument. Interestingly, there are actually no
in-tree users of mlx5_[un]register_health_report_handler(), but some
debugging modules might want to know the correct size instead.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
---
drivers/net/ethernet/mellanox/mlx5/core/health.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/health.c b/drivers/net/ethernet/mellanox/mlx5/core/health.c
index 748f10a..3592e43 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/health.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/health.c
@@ -101,7 +101,7 @@ static void health_care(struct work_struct *work)
spin_lock_irq(&health_lock);
if (reg_handler)
reg_handler(dev->pdev, health->health,
- sizeof(health->health));
+ sizeof(*health->health));
list_del_init(&health->list);
spin_unlock_irq(&health_lock);
--
1.7.11.7
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH net] net: mlx5: fix sizeof usage in health_care's reg_handler
2013-08-02 10:16 [PATCH net] net: mlx5: fix sizeof usage in health_care's reg_handler Daniel Borkmann
@ 2013-08-02 22:11 ` David Miller
2013-08-02 22:43 ` Daniel Borkmann
2013-08-05 6:33 ` Eli Cohen
0 siblings, 2 replies; 6+ messages in thread
From: David Miller @ 2013-08-02 22:11 UTC (permalink / raw)
To: dborkman; +Cc: netdev, ogerlitz
From: Daniel Borkmann <dborkman@redhat.com>
Date: Fri, 2 Aug 2013 12:16:17 +0200
> Therefore, I strongly assume sizeof(*health->health) is being meant
> to be passed as an argument. Interestingly, there are actually no
> in-tree users of mlx5_[un]register_health_report_handler(), but some
> debugging modules might want to know the correct size instead.
I want these hooks and infrastructure removed immediately.
If there are no in-tree users there is no reason for them to
exist at all.
Thanks.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] net: mlx5: fix sizeof usage in health_care's reg_handler
2013-08-02 22:11 ` David Miller
@ 2013-08-02 22:43 ` Daniel Borkmann
2013-08-03 21:42 ` Or Gerlitz
2013-08-05 6:33 ` Eli Cohen
1 sibling, 1 reply; 6+ messages in thread
From: Daniel Borkmann @ 2013-08-02 22:43 UTC (permalink / raw)
To: ogerlitz; +Cc: netdev, David Miller
On 08/03/2013 12:11 AM, David Miller wrote:
> From: Daniel Borkmann <dborkman@redhat.com>
> Date: Fri, 2 Aug 2013 12:16:17 +0200
>
>> Therefore, I strongly assume sizeof(*health->health) is being meant
>> to be passed as an argument. Interestingly, there are actually no
>> in-tree users of mlx5_[un]register_health_report_handler(), but some
>> debugging modules might want to know the correct size instead.
>
> I want these hooks and infrastructure removed immediately.
>
> If there are no in-tree users there is no reason for them to
> exist at all.
Ok, I let Or handle that. Maybe he wants to add a user of it, instead.
I also noticed that coverty scanner found a couple of other issues,
e.g. outlen_write() in mlx5/core/cmd.c does a kzalloc() without
doing sanity checks on the user-passed allocation size, e.g. it
could even be a negative value passed to it.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] net: mlx5: fix sizeof usage in health_care's reg_handler
2013-08-02 22:43 ` Daniel Borkmann
@ 2013-08-03 21:42 ` Or Gerlitz
0 siblings, 0 replies; 6+ messages in thread
From: Or Gerlitz @ 2013-08-03 21:42 UTC (permalink / raw)
To: Daniel Borkmann, Eli Cohen; +Cc: ogerlitz, netdev, David Miller, Eli Cohen
On Sat, Aug 3, 2013 at 1:43 AM, Daniel Borkmann <dborkman@redhat.com> wrote:
> On 08/03/2013 12:11 AM, David Miller wrote:
>>
>> From: Daniel Borkmann <dborkman@redhat.com>
>> Date: Fri, 2 Aug 2013 12:16:17 +0200
>>
>>> Therefore, I strongly assume sizeof(*health->health) is being meant
>>> to be passed as an argument. Interestingly, there are actually no
>>> in-tree users of mlx5_[un]register_health_report_handler(), but some
>>> debugging modules might want to know the correct size instead.
>>
>>
>> I want these hooks and infrastructure removed immediately.
>>
>> If there are no in-tree users there is no reason for them to
>> exist at all.
>
>
> Ok, I let Or handle that. Maybe he wants to add a user of it, instead.
>
> I also noticed that coverty scanner found a couple of other issues,
> e.g. outlen_write() in mlx5/core/cmd.c does a kzalloc() without
> doing sanity checks on the user-passed allocation size, e.g. it
> could even be a negative value passed to it.
Hi Daniel,
As listed in the kernel maintainers file, Eli Cohen (copied) is the
upstream maintainer for the mlx5 driver, please make sure to send/copy him
on patches/questions you have on mlx5. I will let Eli answer/handle your
findings/questions.
Or.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] net: mlx5: fix sizeof usage in health_care's reg_handler
2013-08-02 22:11 ` David Miller
2013-08-02 22:43 ` Daniel Borkmann
@ 2013-08-05 6:33 ` Eli Cohen
2013-08-05 6:39 ` David Miller
1 sibling, 1 reply; 6+ messages in thread
From: Eli Cohen @ 2013-08-05 6:33 UTC (permalink / raw)
To: David Miller; +Cc: dborkman, netdev, ogerlitz
On Fri, Aug 02, 2013 at 03:11:32PM -0700, David Miller wrote:
> From: Daniel Borkmann <dborkman@redhat.com>
> Date: Fri, 2 Aug 2013 12:16:17 +0200
>
> > Therefore, I strongly assume sizeof(*health->health) is being meant
> > to be passed as an argument. Interestingly, there are actually no
Daniel, you're fix is correct. I meant to pass the size of the struct
and not the size of the pointer.
> > in-tree users of mlx5_[un]register_health_report_handler(), but some
> > debugging modules might want to know the correct size instead.
>
> I want these hooks and infrastructure removed immediately.
>
> If there are no in-tree users there is no reason for them to
> exist at all.
>
Hi Dave,
the intention here was to allow other module, if they so wish, to get
notified of any problems detected at the device. I understand that you
don't like this but is there another way to handle this requirement
which will be accepted?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] net: mlx5: fix sizeof usage in health_care's reg_handler
2013-08-05 6:33 ` Eli Cohen
@ 2013-08-05 6:39 ` David Miller
0 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2013-08-05 6:39 UTC (permalink / raw)
To: eli; +Cc: dborkman, netdev, ogerlitz
From: Eli Cohen <eli@dev.mellanox.co.il>
Date: Mon, 5 Aug 2013 09:33:34 +0300
> the intention here was to allow other module, if they so wish, to get
> notified of any problems detected at the device. I understand that you
> don't like this but is there another way to handle this requirement
> which will be accepted?
Which modules? I do not see them.
Please remove this unused facility, now.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-08-05 6:39 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-02 10:16 [PATCH net] net: mlx5: fix sizeof usage in health_care's reg_handler Daniel Borkmann
2013-08-02 22:11 ` David Miller
2013-08-02 22:43 ` Daniel Borkmann
2013-08-03 21:42 ` Or Gerlitz
2013-08-05 6:33 ` Eli Cohen
2013-08-05 6:39 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.