From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Arthur Kiyanovski <akiyano@amazon.com>,
Sameeh Jubran <sameehj@amazon.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 09/21] net: ena: fix potential crash when rxfh key is NULL
Date: Sat, 22 Feb 2020 21:23:59 -0500 [thread overview]
Message-ID: <20200223022411.2159-9-sashal@kernel.org> (raw)
In-Reply-To: <20200223022411.2159-1-sashal@kernel.org>
From: Arthur Kiyanovski <akiyano@amazon.com>
[ Upstream commit 91a65b7d3ed8450f31ab717a65dcb5f9ceb5ab02 ]
When ethtool -X is called without an hkey, ena_com_fill_hash_function()
is called with key=NULL, which is passed to memcpy causing a crash.
This commit fixes this issue by checking key is not NULL.
Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amazon/ena/ena_com.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c
index 10e6053f66712..f2dde1ab424a1 100644
--- a/drivers/net/ethernet/amazon/ena/ena_com.c
+++ b/drivers/net/ethernet/amazon/ena/ena_com.c
@@ -2069,15 +2069,16 @@ int ena_com_fill_hash_function(struct ena_com_dev *ena_dev,
switch (func) {
case ENA_ADMIN_TOEPLITZ:
- if (key_len > sizeof(hash_key->key)) {
- pr_err("key len (%hu) is bigger than the max supported (%zu)\n",
- key_len, sizeof(hash_key->key));
- return -EINVAL;
+ if (key) {
+ if (key_len != sizeof(hash_key->key)) {
+ pr_err("key len (%hu) doesn't equal the supported size (%zu)\n",
+ key_len, sizeof(hash_key->key));
+ return -EINVAL;
+ }
+ memcpy(hash_key->key, key, key_len);
+ rss->hash_init_val = init_val;
+ hash_key->keys_num = key_len >> 2;
}
-
- memcpy(hash_key->key, key, key_len);
- rss->hash_init_val = init_val;
- hash_key->keys_num = key_len >> 2;
break;
case ENA_ADMIN_CRC32:
rss->hash_init_val = init_val;
--
2.20.1
next prev parent reply other threads:[~2020-02-23 2:28 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-23 2:23 [PATCH AUTOSEL 4.14 01/21] ipmi:ssif: Handle a possible NULL pointer reference Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 02/21] drm/msm: Set dma maximum segment size for mdss Sasha Levin
2020-02-23 2:23 ` Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 03/21] dax: pass NOWAIT flag to iomap_apply Sasha Levin
2020-02-23 2:23 ` Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 04/21] mac80211: consider more elements in parsing CRC Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 05/21] cfg80211: check wiphy driver existence for drvinfo report Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 06/21] qmi_wwan: re-add DW5821e pre-production variant Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 07/21] qmi_wwan: unconditionally reject 2 ep interfaces Sasha Levin
2020-02-23 2:23 ` [PATCH AUTOSEL 4.14 08/21] arm/ftrace: Fix BE text poking Sasha Levin
2020-02-23 2:23 ` Sasha Levin
2020-02-23 2:23 ` Sasha Levin [this message]
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 10/21] net: ena: fix uses of round_jiffies() Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 11/21] net: ena: add missing ethtool TX timestamping indication Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 12/21] net: ena: fix incorrect default RSS key Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 13/21] net: ena: rss: fix failure to get indirection table Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 14/21] net: ena: rss: store hash function as values and not bits Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 15/21] net: ena: fix incorrectly saving queue numbers when setting RSS indirection table Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 16/21] net: ena: ethtool: use correct value for crc32 hash Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 17/21] net: ena: ena-com.c: prevent NULL pointer dereference Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 18/21] enic: prevent waking up stopped tx queues over watchdog reset Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 19/21] cifs: Fix mode output in debugging statements Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 20/21] bcache: ignore pending signals when creating gc and allocator thread Sasha Levin
2020-02-23 2:24 ` [PATCH AUTOSEL 4.14 21/21] cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200223022411.2159-9-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=akiyano@amazon.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sameehj@amazon.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.