From: <sameehj@amazon.com>
To: <davem@davemloft.net>, <netdev@vger.kernel.org>
Cc: Arthur Kiyanovski <akiyano@amazon.com>, <dwmw@amazon.com>,
<zorik@amazon.com>, <matua@amazon.com>, <saeedb@amazon.com>,
<msw@amazon.com>, <aliguori@amazon.com>, <nafea@amazon.com>,
<gtzalik@amazon.com>, <netanel@amazon.com>, <alisaidi@amazon.com>,
<benh@amazon.com>, <sameehj@amazon.com>, <ndagan@amazon.com>
Subject: [PATCH V2 net 01/12] net: ena: fix potential crash when rxfh key is NULL
Date: Tue, 11 Feb 2020 15:17:40 +0000 [thread overview]
Message-ID: <20200211151751.29718-2-sameehj@amazon.com> (raw)
In-Reply-To: <20200211151751.29718-1-sameehj@amazon.com>
From: Arthur Kiyanovski <akiyano@amazon.com>
When ethtool -X is called without an hkey, ena_com_fill_hash_function()
is called with key=NULL, which is passed to memcpy causing a crash.
This commit fixes this issue by checking key is not NULL.
Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
---
drivers/net/ethernet/amazon/ena/ena_com.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c
index ea62604fd..e54c44fdc 100644
--- a/drivers/net/ethernet/amazon/ena/ena_com.c
+++ b/drivers/net/ethernet/amazon/ena/ena_com.c
@@ -2297,15 +2297,16 @@ int ena_com_fill_hash_function(struct ena_com_dev *ena_dev,
switch (func) {
case ENA_ADMIN_TOEPLITZ:
- if (key_len > sizeof(hash_key->key)) {
- pr_err("key len (%hu) is bigger than the max supported (%zu)\n",
- key_len, sizeof(hash_key->key));
- return -EINVAL;
+ if (key) {
+ if (key_len != sizeof(hash_key->key)) {
+ pr_err("key len (%hu) doesn't equal the supported size (%zu)\n",
+ key_len, sizeof(hash_key->key));
+ return -EINVAL;
+ }
+ memcpy(hash_key->key, key, key_len);
+ rss->hash_init_val = init_val;
+ hash_key->keys_num = key_len >> 2;
}
-
- memcpy(hash_key->key, key, key_len);
- rss->hash_init_val = init_val;
- hash_key->keys_num = key_len >> 2;
break;
case ENA_ADMIN_CRC32:
rss->hash_init_val = init_val;
--
2.24.1.AMZN
next prev parent reply other threads:[~2020-02-11 15:18 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-11 15:17 [PATCH V2 net 00/12] Bug fixes for ENA Ethernet driver sameehj
2020-02-11 15:17 ` sameehj [this message]
2020-02-11 15:17 ` [PATCH V2 net 02/12] net: ena: fix uses of round_jiffies() sameehj
2020-02-11 15:17 ` [PATCH V2 net 03/12] net: ena: add missing ethtool TX timestamping indication sameehj
2020-02-11 15:17 ` [PATCH V2 net 04/12] net: ena: fix incorrect default RSS key sameehj
2020-02-11 15:17 ` [PATCH V2 net 05/12] net: ena: rss: do not allocate key when not supported sameehj
2020-02-11 15:17 ` [PATCH V2 net 06/12] net: ena: rss: fix failure to get indirection table sameehj
2020-02-11 15:17 ` [PATCH V2 net 07/12] net: ena: rss: store hash function as values and not bits sameehj
2020-02-11 15:17 ` [PATCH V2 net 08/12] net: ena: fix incorrectly saving queue numbers when setting RSS indirection table sameehj
2020-02-11 15:17 ` [PATCH V2 net 09/12] net: ena: fix corruption of dev_idx_to_host_tbl sameehj
2020-02-11 15:17 ` [PATCH V2 net 10/12] net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE sameehj
2020-02-11 15:17 ` [PATCH V2 net 11/12] net: ena: ethtool: use correct value for crc32 hash sameehj
2020-02-11 15:17 ` [PATCH V2 net 12/12] net: ena: ena-com.c: prevent NULL pointer dereference sameehj
2020-02-12 1:10 ` [PATCH V2 net 00/12] Bug fixes for ENA Ethernet driver David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200211151751.29718-2-sameehj@amazon.com \
--to=sameehj@amazon.com \
--cc=akiyano@amazon.com \
--cc=aliguori@amazon.com \
--cc=alisaidi@amazon.com \
--cc=benh@amazon.com \
--cc=davem@davemloft.net \
--cc=dwmw@amazon.com \
--cc=gtzalik@amazon.com \
--cc=matua@amazon.com \
--cc=msw@amazon.com \
--cc=nafea@amazon.com \
--cc=ndagan@amazon.com \
--cc=netanel@amazon.com \
--cc=netdev@vger.kernel.org \
--cc=saeedb@amazon.com \
--cc=zorik@amazon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.