All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jakub Kicinski <kuba@kernel.org>
To: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Cc: davem@davemloft.net, Qian Cai <cai@lca.pw>,
	netdev@vger.kernel.org, nhorman@redhat.com, sassmann@redhat.com,
	Andrew Bowers <andrewx.bowers@intel.com>
Subject: Re: [net-next 9/9] i40e: silence an UBSAN false positive
Date: Mon, 22 Jun 2020 17:35:10 -0700	[thread overview]
Message-ID: <20200622173510.04ee7bf3@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> (raw)
In-Reply-To: <20200622221817.2287549-10-jeffrey.t.kirsher@intel.com>

On Mon, 22 Jun 2020 15:18:17 -0700 Jeff Kirsher wrote:
> From: Qian Cai <cai@lca.pw>
> 
> virtchnl_rss_lut.lut is used for the RSS lookup table, but in
> i40e_vc_config_rss_lut(), it is indexed by subscript results in a false
> positive.

This is commit message is not great either. The point is that we have a
pad[1] after the lut[1], and supposedly indexing second element of
lut[] is expected? Not sure why accessing pad is okay...

>  UBSAN: array-index-out-of-bounds in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:2983:15
>  index 1 is out of range for type 'u8 [1]'
>  CPU: 34 PID: 871 Comm: kworker/34:2 Not tainted 5.7.0-next-20200605+ #5
>  Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 03/09/2018
>  Workqueue: i40e i40e_service_task [i40e]
>  Call Trace:
>   dump_stack+0xa7/0xea
>   ubsan_epilogue+0x9/0x45
>   __ubsan_handle_out_of_bounds+0x6f/0x80
>   i40e_vc_process_vf_msg+0x457c/0x4660 [i40e]
>   i40e_service_task+0x96c/0x1ab0 [i40e]
>   process_one_work+0x57d/0xbd0
>   worker_thread+0x63/0x5b0
>   kthread+0x20c/0x230
>   ret_from_fork+0x22/0x30
> 
> Fixes: d510497b8397 ("i40e: add input validation for virtchnl handlers")
> Signed-off-by: Qian Cai <cai@lca.pw>
> Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
> ---
>  drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
> index 62132df0527e..5070b3a4b026 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
> @@ -3018,6 +3018,7 @@ static int i40e_vc_config_rss_lut(struct i40e_vf *vf, u8 *msg)
>  	struct i40e_vsi *vsi = NULL;
>  	i40e_status aq_ret = 0;
>  	u16 i;
> +	u8 *lut = vrl->lut;

reverse xmas tree

>  	if (!test_bit(I40E_VF_STATE_ACTIVE, &vf->vf_states) ||
>  	    !i40e_vc_isvalid_vsi_id(vf, vrl->vsi_id) ||


      reply	other threads:[~2020-06-23  0:35 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-22 22:18 [net-next 0/9][pull request] 40GbE Intel Wired LAN Driver Updates 2020-06-22 Jeff Kirsher
2020-06-22 22:18 ` [net-next 1/9] i40e: Move client header location Jeff Kirsher
2020-06-22 22:18 ` [net-next 2/9] i40e: remove unused defines Jeff Kirsher
2020-06-23  0:47   ` Shannon Nelson
2020-06-22 22:18 ` [net-next 3/9] i40e: make PF wait reset loop reliable Jeff Kirsher
2020-06-22 22:18 ` [net-next 4/9] i40e: detect and log info about pre-recovery mode Jeff Kirsher
2020-06-22 23:55   ` Jakub Kicinski
2020-06-23  0:18     ` Kirsher, Jeffrey T
2020-06-23  0:29       ` Jakub Kicinski
2020-06-23  0:41         ` Kirsher, Jeffrey T
2020-06-23  3:13     ` Kirsher, Jeffrey T
2020-06-23 20:40       ` Jakub Kicinski
2020-06-22 22:18 ` [net-next 5/9] i40e: Add a check to see if MFS is set Jeff Kirsher
2020-06-22 22:18 ` [net-next 6/9] net/intel: remove driver versions from Intel drivers Jeff Kirsher
2020-06-22 22:18 ` [net-next 7/9] i40e: Add support for 5Gbps cards Jeff Kirsher
2020-06-22 22:18 ` [net-next 8/9] i40e: Remove scheduling while atomic possibility Jeff Kirsher
2020-06-22 22:18 ` [net-next 9/9] i40e: silence an UBSAN false positive Jeff Kirsher
2020-06-23  0:35   ` Jakub Kicinski [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200622173510.04ee7bf3@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com \
    --to=kuba@kernel.org \
    --cc=andrewx.bowers@intel.com \
    --cc=cai@lca.pw \
    --cc=davem@davemloft.net \
    --cc=jeffrey.t.kirsher@intel.com \
    --cc=netdev@vger.kernel.org \
    --cc=nhorman@redhat.com \
    --cc=sassmann@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.