[PATCH net-next v2 7/7] net: ipa: avoid field overflow

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alex Elder <elder@linaro.org>
To: davem@davemloft.net, kuba@kernel.org
Cc: elder@kernel.org, evgreen@chromium.org,
	bjorn.andersson@linaro.org, cpratapa@codeaurora.org,
	subashab@codeaurora.org, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v2 7/7] net: ipa: avoid field overflow
Date: Fri,  5 Feb 2021 16:11:00 -0600	[thread overview]
Message-ID: <20210205221100.1738-8-elder@linaro.org> (raw)
In-Reply-To: <20210205221100.1738-1-elder@linaro.org>

It's possible that the length passed to ipa_header_size_encoded()
is larger than what can be represented by the HDR_LEN field alone
(starting with IPA v4.5).  If we attempted that, u32_encode_bits()
would trigger a build-time error.

Avoid this problem by masking off high-order bits of the value
encoded as the lower portion of the header length.

The same sort of problem exists in ipa_metadata_offset_encoded(),
so implement the same fix there.

Signed-off-by: Alex Elder <elder@linaro.org>
---
 drivers/net/ipa/ipa_reg.h | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/drivers/net/ipa/ipa_reg.h b/drivers/net/ipa/ipa_reg.h
index e6b0827a244ec..732e691e9aa62 100644
--- a/drivers/net/ipa/ipa_reg.h
+++ b/drivers/net/ipa/ipa_reg.h
@@ -408,15 +408,18 @@ enum ipa_cs_offload_en {
 static inline u32 ipa_header_size_encoded(enum ipa_version version,
 					  u32 header_size)
 {
+	u32 size = header_size & field_mask(HDR_LEN_FMASK);
 	u32 val;
 
-	val = u32_encode_bits(header_size, HDR_LEN_FMASK);
-	if (version < IPA_VERSION_4_5)
+	val = u32_encode_bits(size, HDR_LEN_FMASK);
+	if (version < IPA_VERSION_4_5) {
+		/* ipa_assert(header_size == size); */
 		return val;
+	}
 
 	/* IPA v4.5 adds a few more most-significant bits */
-	header_size >>= hweight32(HDR_LEN_FMASK);
-	val |= u32_encode_bits(header_size, HDR_LEN_MSB_FMASK);
+	size = header_size >> hweight32(HDR_LEN_FMASK);
+	val |= u32_encode_bits(size, HDR_LEN_MSB_FMASK);
 
 	return val;
 }
@@ -425,15 +428,18 @@ static inline u32 ipa_header_size_encoded(enum ipa_version version,
 static inline u32 ipa_metadata_offset_encoded(enum ipa_version version,
 					      u32 offset)
 {
+	u32 off = offset & field_mask(HDR_OFST_METADATA_FMASK);
 	u32 val;
 
-	val = u32_encode_bits(offset, HDR_OFST_METADATA_FMASK);
-	if (version < IPA_VERSION_4_5)
+	val = u32_encode_bits(off, HDR_OFST_METADATA_FMASK);
+	if (version < IPA_VERSION_4_5) {
+		/* ipa_assert(offset == off); */
 		return val;
+	}
 
 	/* IPA v4.5 adds a few more most-significant bits */
-	offset >>= hweight32(HDR_OFST_METADATA_FMASK);
-	val |= u32_encode_bits(offset, HDR_OFST_METADATA_MSB_FMASK);
+	off = offset >> hweight32(HDR_OFST_METADATA_FMASK);
+	val |= u32_encode_bits(off, HDR_OFST_METADATA_MSB_FMASK);
 
 	return val;
 }
-- 
2.20.1

next prev parent reply	other threads:[~2021-02-06  3:39 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-05 22:10 [PATCH net-next v2 0/7] net: ipa: a mix of small improvements Alex Elder
2021-02-05 22:10 ` [PATCH net-next v2 1/7] net: ipa: move mutex calls into __gsi_channel_stop() Alex Elder
2021-02-05 22:10 ` [PATCH net-next v2 2/7] net: ipa: synchronize NAPI only for suspend Alex Elder
2021-02-05 22:10 ` [PATCH net-next v2 3/7] net: ipa: do not cache event ring state Alex Elder
2021-02-05 22:10 ` [PATCH net-next v2 4/7] net: ipa: remove two unused register definitions Alex Elder
2021-02-05 22:10 ` [PATCH net-next v2 5/7] net: ipa: use a Boolean rather than count when replenishing Alex Elder
2021-02-05 22:10 ` [PATCH net-next v2 6/7] net: ipa: get rid of status size constraint Alex Elder
2021-02-05 22:11 ` Alex Elder [this message]
2021-02-06 22:58 ` [PATCH net-next v2 0/7] net: ipa: a mix of small improvements Jakub Kicinski
  -- strict thread matches above, loose matches on Subject: below --
2021-02-05 14:38 Alex Elder
2021-02-05 14:38 ` [PATCH net-next v2 7/7] net: ipa: avoid field overflow Alex Elder

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e6b0827a244e dfblob:732e691e9aa6 )
 OR (
bs:"[PATCH net-next v2 7/7] net: ipa: avoid field overflow" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210205221100.1738-8-elder@linaro.org \
    --to=elder@linaro.org \
    --cc=bjorn.andersson@linaro.org \
    --cc=cpratapa@codeaurora.org \
    --cc=davem@davemloft.net \
    --cc=elder@kernel.org \
    --cc=evgreen@chromium.org \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=subashab@codeaurora.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.