From: Alex Elder <elder@linaro.org>
To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com
Cc: mka@chromium.org, evgreen@chromium.org, andersson@kernel.org,
quic_cpratapa@quicinc.com, quic_avuyyuru@quicinc.com,
quic_jponduru@quicinc.com, quic_subashab@quicinc.com,
elder@kernel.org, netdev@vger.kernel.org,
linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH net-next 4/7] net: ipa: verify table sizes fit in commands early
Date: Fri, 21 Oct 2022 14:13:37 -0500 [thread overview]
Message-ID: <20221021191340.4187935-5-elder@linaro.org> (raw)
In-Reply-To: <20221021191340.4187935-1-elder@linaro.org>
We currently verify the table size and offset fit in the immediate
command fields that must encode them in ipa_table_valid_one(). We
can now make this check earlier, in ipa_table_mem_valid().
The non-hashed IPv4 filter and route tables will always exist, and
their sizes will match the IPv6 tables, as well as the hashed tables
(if supported). So it's sufficient to verify the offset and size of
the IPv4 non-hashed tables fit into these fields.
Rename the function ipa_cmd_table_init_valid(), to reinforce that
it is the TABLE_INIT immediate command fields we're checking.
Signed-off-by: Alex Elder <elder@linaro.org>
---
drivers/net/ipa/ipa_cmd.c | 3 ++-
drivers/net/ipa/ipa_cmd.h | 6 +++---
drivers/net/ipa/ipa_table.c | 8 ++++----
3 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ipa/ipa_cmd.c b/drivers/net/ipa/ipa_cmd.c
index e46e8f80b1743..abee6cc018a27 100644
--- a/drivers/net/ipa/ipa_cmd.c
+++ b/drivers/net/ipa/ipa_cmd.c
@@ -171,7 +171,8 @@ static void ipa_cmd_validate_build(void)
}
/* Validate a memory region holding a table */
-bool ipa_cmd_table_valid(struct ipa *ipa, const struct ipa_mem *mem, bool route)
+bool ipa_cmd_table_init_valid(struct ipa *ipa, const struct ipa_mem *mem,
+ bool route)
{
u32 offset_max = field_max(IP_FLTRT_FLAGS_NHASH_ADDR_FMASK);
u32 size_max = field_max(IP_FLTRT_FLAGS_NHASH_SIZE_FMASK);
diff --git a/drivers/net/ipa/ipa_cmd.h b/drivers/net/ipa/ipa_cmd.h
index 8e4243c1f0bbe..d03cc619e2c31 100644
--- a/drivers/net/ipa/ipa_cmd.h
+++ b/drivers/net/ipa/ipa_cmd.h
@@ -47,15 +47,15 @@ enum ipa_cmd_opcode {
};
/**
- * ipa_cmd_table_valid() - Validate a memory region holding a table
+ * ipa_cmd_table_init_valid() - Validate a memory region holding a table
* @ipa: - IPA pointer
* @mem: - IPA memory region descriptor
* @route: - Whether the region holds a route or filter table
*
* Return: true if region is valid, false otherwise
*/
-bool ipa_cmd_table_valid(struct ipa *ipa, const struct ipa_mem *mem,
- bool route);
+bool ipa_cmd_table_init_valid(struct ipa *ipa, const struct ipa_mem *mem,
+ bool route);
/**
* ipa_cmd_data_valid() - Validate command-realted configuration is valid
diff --git a/drivers/net/ipa/ipa_table.c b/drivers/net/ipa/ipa_table.c
index 222362a7a2a8c..9822b18d9ed39 100644
--- a/drivers/net/ipa/ipa_table.c
+++ b/drivers/net/ipa/ipa_table.c
@@ -166,10 +166,6 @@ ipa_table_valid_one(struct ipa *ipa, enum ipa_mem_id mem_id, bool route)
size = IPA_ROUTE_COUNT_MAX * sizeof(__le64);
else
size = (1 + IPA_FILTER_COUNT_MAX) * sizeof(__le64);
-
- if (!ipa_cmd_table_valid(ipa, mem, route))
- return false;
-
/* mem->size >= size is sufficient, but we'll demand more */
if (mem->size == size)
return true;
@@ -645,6 +641,10 @@ static bool ipa_table_mem_valid(struct ipa *ipa, bool modem_route_count)
if (mem_ipv4->size != mem_ipv6->size)
return false;
+ /* Table offset and size must fit in TABLE_INIT command fields */
+ if (!ipa_cmd_table_init_valid(ipa, mem_ipv4, !filter))
+ return false;
+
/* Make sure the regions are big enough */
count = mem_ipv4->size / sizeof(__le64);
if (count < 2)
--
2.34.1
next prev parent reply other threads:[~2022-10-21 19:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-21 19:13 [PATCH net-next 0/7] net: ipa: validation cleanup Alex Elder
2022-10-21 19:13 ` [PATCH net-next 1/7] net: ipa: kill two constant symbols Alex Elder
2022-10-21 19:13 ` [PATCH net-next 2/7] net: ipa: remove two memory region checks Alex Elder
2022-10-21 19:13 ` [PATCH net-next 3/7] net: ipa: validate IPA table memory earlier Alex Elder
2022-10-21 19:13 ` Alex Elder [this message]
2022-10-21 19:13 ` [PATCH net-next 5/7] net: ipa: introduce ipa_cmd_init() Alex Elder
2022-10-21 19:13 ` [PATCH net-next 6/7] net: ipa: kill ipa_table_valid() Alex Elder
2022-10-21 19:13 ` [PATCH net-next 7/7] net: ipa: check table memory regions earlier Alex Elder
2022-10-25 9:40 ` [PATCH net-next 0/7] net: ipa: validation cleanup patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221021191340.4187935-5-elder@linaro.org \
--to=elder@linaro.org \
--cc=andersson@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=elder@kernel.org \
--cc=evgreen@chromium.org \
--cc=kuba@kernel.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mka@chromium.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=quic_avuyyuru@quicinc.com \
--cc=quic_cpratapa@quicinc.com \
--cc=quic_jponduru@quicinc.com \
--cc=quic_subashab@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox