From: Simon Horman <horms@kernel.org>
To: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
Cc: intel-wired-lan@lists.osuosl.org, anthony.l.nguyen@intel.com,
netdev@vger.kernel.org, Paul Greenwalt <paul.greenwalt@intel.com>
Subject: Re: [Intel-wired-lan] [PATCH iwl-next] ixgbe: add bounds check for debugfs register access
Date: Fri, 3 Apr 2026 14:36:31 +0100 [thread overview]
Message-ID: <20260403133630.GD113102@horms.kernel.org> (raw)
In-Reply-To: <20260327073046.134085-2-aleksandr.loktionov@intel.com>
On Fri, Mar 27, 2026 at 08:30:36AM +0100, Aleksandr Loktionov wrote:
> From: Paul Greenwalt <paul.greenwalt@intel.com>
>
> Prevent out-of-bounds MMIO accesses triggered through user-controlled
> register offsets. IXGBE_HFDR (0x15FE8) is the highest valid MMIO
> register in the ixgbe register map; any offset beyond it would address
> unmapped memory.
>
> Add a defense-in-depth check at two levels:
>
> 1. ixgbe_read_reg() -- the noinline register read accessor. A
> WARN_ON_ONCE() guard here catches any future code path (including
> ioctl extensions) that might inadvertently pass an out-of-range
> offset without relying on higher layers to catch it first.
> ixgbe_write_reg() is a static inline called from the TX/RX hot path;
> adding WARN_ON_ONCE there would inline the check at every call site,
> so only the read path gets this guard.
>
> 2. ixgbe_dbg_reg_ops_write() -- the debugfs 'reg_ops' interface is the
> only current path where a raw, user-supplied offset enters the driver.
> Gating it before invoking the register accessors provides a clean,
> user-visible failure (silent ignore with no kernel splat) for
> deliberately malformed debugfs writes.
>
> Add a reg <= IXGBE_HFDR guard to both the read and write paths in
> ixgbe_dbg_reg_ops_write(), and a WARN_ON_ONCE + early-return guard to
> ixgbe_read_reg().
>
> Signed-off-by: Paul Greenwalt <paul.greenwalt@intel.com>
> Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
This feels like a bug fix to me, assuming users can
cause out of range access using the debugfs 'reg_ops' interface,
If so I think it should have a Fixes tag and go via iwl-net.
...
WARNING: multiple messages have this Message-ID (diff)
From: Simon Horman <horms@kernel.org>
To: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
Cc: intel-wired-lan@lists.osuosl.org, anthony.l.nguyen@intel.com,
netdev@vger.kernel.org, Paul Greenwalt <paul.greenwalt@intel.com>
Subject: Re: [PATCH iwl-next] ixgbe: add bounds check for debugfs register access
Date: Fri, 3 Apr 2026 14:36:31 +0100 [thread overview]
Message-ID: <20260403133630.GD113102@horms.kernel.org> (raw)
In-Reply-To: <20260327073046.134085-2-aleksandr.loktionov@intel.com>
On Fri, Mar 27, 2026 at 08:30:36AM +0100, Aleksandr Loktionov wrote:
> From: Paul Greenwalt <paul.greenwalt@intel.com>
>
> Prevent out-of-bounds MMIO accesses triggered through user-controlled
> register offsets. IXGBE_HFDR (0x15FE8) is the highest valid MMIO
> register in the ixgbe register map; any offset beyond it would address
> unmapped memory.
>
> Add a defense-in-depth check at two levels:
>
> 1. ixgbe_read_reg() -- the noinline register read accessor. A
> WARN_ON_ONCE() guard here catches any future code path (including
> ioctl extensions) that might inadvertently pass an out-of-range
> offset without relying on higher layers to catch it first.
> ixgbe_write_reg() is a static inline called from the TX/RX hot path;
> adding WARN_ON_ONCE there would inline the check at every call site,
> so only the read path gets this guard.
>
> 2. ixgbe_dbg_reg_ops_write() -- the debugfs 'reg_ops' interface is the
> only current path where a raw, user-supplied offset enters the driver.
> Gating it before invoking the register accessors provides a clean,
> user-visible failure (silent ignore with no kernel splat) for
> deliberately malformed debugfs writes.
>
> Add a reg <= IXGBE_HFDR guard to both the read and write paths in
> ixgbe_dbg_reg_ops_write(), and a WARN_ON_ONCE + early-return guard to
> ixgbe_read_reg().
>
> Signed-off-by: Paul Greenwalt <paul.greenwalt@intel.com>
> Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
This feels like a bug fix to me, assuming users can
cause out of range access using the debugfs 'reg_ops' interface,
If so I think it should have a Fixes tag and go via iwl-net.
...
next prev parent reply other threads:[~2026-04-03 13:36 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-27 7:30 [Intel-wired-lan] [PATCH iwl-next] ixgbe: increase SWFW semaphore timeout for X550 FW updates Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: add bounds check for debugfs register access Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 13:36 ` Simon Horman [this message]
2026-04-03 13:36 ` Simon Horman
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: clean up adaptive interrupt moderation algorithm Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 13:31 ` [Intel-wired-lan] " Simon Horman
2026-04-03 13:31 ` Simon Horman
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: remove ixgbe_ping_all_vfs() from watchdog link-up handler Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 13:25 ` [Intel-wired-lan] " Simon Horman
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: use ktime_get_real_ns() in ixgbe_ptp_reset() Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 13:10 ` [Intel-wired-lan] " Simon Horman
2026-04-03 13:10 ` Simon Horman
2026-04-03 13:11 ` [Intel-wired-lan] " Simon Horman
2026-04-03 13:11 ` Simon Horman
2026-04-03 20:26 ` [Intel-wired-lan] " Keller, Jacob E
2026-04-03 20:26 ` Keller, Jacob E
2026-04-06 14:07 ` [Intel-wired-lan] " Simon Horman
2026-04-06 14:07 ` Simon Horman
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: call ixgbe_setup_fc() before fc_enable() after NVM update Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 13:38 ` [Intel-wired-lan] " Simon Horman
2026-04-03 13:38 ` Simon Horman
2026-04-03 13:39 ` [Intel-wired-lan] " Simon Horman
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: replace GFP_ATOMIC with GFP_KERNEL in ixgbe_fcoe_ddp_setup() Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 13:21 ` [Intel-wired-lan] " Simon Horman
2026-04-03 13:38 ` Kohei Enju
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: fix cls_u32 nexthdr path returning success when no entry installed Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 13:46 ` [Intel-wired-lan] " Simon Horman
2026-04-03 13:46 ` Simon Horman
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: use int instead of u32 for error code variables Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 13:41 ` [Intel-wired-lan] " Simon Horman
2026-04-03 13:41 ` Simon Horman
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: fix integer overflow and wrong bit position in ixgbe_validate_rtr() Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 8:41 ` [Intel-wired-lan] " Simon Horman
2026-04-03 8:41 ` Simon Horman
2026-04-03 10:00 ` [Intel-wired-lan] " David Laight
2026-04-03 10:00 ` David Laight
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: fix ITR value overflow in adaptive interrupt throttling Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 13:18 ` [Intel-wired-lan] " Simon Horman
2026-04-03 13:18 ` Simon Horman
2026-04-03 16:12 ` [Intel-wired-lan] " Loktionov, Aleksandr
2026-04-03 16:12 ` Loktionov, Aleksandr
2026-04-06 14:06 ` [Intel-wired-lan] " Simon Horman
2026-04-06 14:06 ` Simon Horman
2026-03-27 7:30 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: extend 5 s SWFW semaphore timeout to all X550EM variants Aleksandr Loktionov
2026-03-27 7:30 ` Aleksandr Loktionov
2026-04-03 20:55 ` [Intel-wired-lan] " Tony Nguyen
2026-04-03 20:55 ` Tony Nguyen
2026-04-03 12:49 ` [Intel-wired-lan] [PATCH iwl-next] ixgbe: increase SWFW semaphore timeout for X550 FW updates Simon Horman
2026-04-03 12:49 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260403133630.GD113102@horms.kernel.org \
--to=horms@kernel.org \
--cc=aleksandr.loktionov@intel.com \
--cc=anthony.l.nguyen@intel.com \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=netdev@vger.kernel.org \
--cc=paul.greenwalt@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.