From: Simon Horman <horms@kernel.org>
To: Kyungwook Boo <bookyungwook@gmail.com>
Cc: "Loktionov, Aleksandr" <aleksandr.loktionov@intel.com>,
Przemek Kitszel <przemyslaw.kitszel@intel.com>,
Tony Nguyen <anthony.l.nguyen@intel.com>,
intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org
Subject: Re: [Intel-wired-lan] [PATCH iwl-next v2] i40e: fix MMIO write access to an invalid page in i40e_clear_hw
Date: Tue, 11 Mar 2025 12:04:18 +0100 [thread overview]
Message-ID: <20250311110418.GK4159220@kernel.org> (raw)
In-Reply-To: <e7e4e5d5-931d-4506-9d75-b87783011379@gmail.com>
On Tue, Mar 11, 2025 at 02:16:02PM +0900, Kyungwook Boo wrote:
> When the device sends a specific input, an integer underflow can occur, leading
> to MMIO write access to an invalid page.
>
> Prevent the integer underflow by changing the type of related variables.
>
> Signed-off-by: Kyungwook Boo <bookyungwook@gmail.com>
> Link: https://lore.kernel.org/lkml/ffc91764-1142-4ba2-91b6-8c773f6f7095@gmail.com/T/
> ---
> Changes in v2:
> - Formatting properly
> - Fix variable shadowing
> - Link to v1: https://lore.kernel.org/netdev/55acc5dc-8d5a-45bc-a59c-9304071e4579@gmail.com/
> ---
> drivers/net/ethernet/intel/i40e/i40e_common.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_common.c b/drivers/net/ethernet/intel/i40e/i40e_common.c
> index 370b4bddee44..b11c35e307ca 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_common.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_common.c
> @@ -817,10 +817,11 @@ int i40e_pf_reset(struct i40e_hw *hw)
> void i40e_clear_hw(struct i40e_hw *hw)
> {
> u32 num_queues, base_queue;
> - u32 num_pf_int;
> - u32 num_vf_int;
> + s32 num_pf_int;
> + s32 num_vf_int;
> u32 num_vfs;
> - u32 i, j;
> + s32 i;
> + u32 j;
> u32 val;
> u32 eol = 0x7ff;
>
> ---
> base-commit: 4d872d51bc9d7b899c1f61534e3dbde72613f627
I see that this addresses the problem at the first link above.
And I'd happy to see it accepted as-is.
Reviewed-by: Simon Horman <horms@kernel.org>
But, as an aside, wouldn't it be more appropriate to use generic
types like int and unsigned int for most of the above variables?
Perhaps this could be addressed by a follow-up. Or perhaps that
would just be churn, IDK.
next prev parent reply other threads:[~2025-03-11 11:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-11 5:16 [Intel-wired-lan] [PATCH iwl-next v2] i40e: fix MMIO write access to an invalid page in i40e_clear_hw Kyungwook Boo
2025-03-11 9:15 ` Przemek Kitszel
2025-03-12 13:22 ` Loktionov, Aleksandr
2025-03-11 11:04 ` Simon Horman [this message]
2025-03-21 4:46 ` Rinitha, SX
2025-03-24 9:27 ` Loktionov, Aleksandr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250311110418.GK4159220@kernel.org \
--to=horms@kernel.org \
--cc=aleksandr.loktionov@intel.com \
--cc=anthony.l.nguyen@intel.com \
--cc=bookyungwook@gmail.com \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=netdev@vger.kernel.org \
--cc=przemyslaw.kitszel@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox