[PATCH AUTOSEL 6.1 04/16] crypto: hisilicon/qm - increase the memory of local variables

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Kai Ye <yekai13@huawei.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Sasha Levin <sashal@kernel.org>,
	qianweili@huawei.com, wangzhou1@hisilicon.com,
	davem@davemloft.net, linux-crypto@vger.kernel.org
Subject: [PATCH AUTOSEL 6.1 04/16] crypto: hisilicon/qm - increase the memory of local variables
Date: Mon, 19 Dec 2022 20:20:41 -0500	[thread overview]
Message-ID: <20221220012053.1222101-4-sashal@kernel.org> (raw)
In-Reply-To: <20221220012053.1222101-1-sashal@kernel.org>

From: Kai Ye <yekai13@huawei.com>

[ Upstream commit 3efe90af4c0c46c58dba1b306de142827153d9c0 ]

Increase the buffer to prevent stack overflow by fuzz test. The maximum
length of the qos configuration buffer is 256 bytes. Currently, the value
of the 'val buffer' is only 32 bytes. The sscanf does not check the dest
memory length. So the 'val buffer' may stack overflow.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/crypto/hisilicon/qm.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
index 8b387de69d22..335e58018a31 100644
--- a/drivers/crypto/hisilicon/qm.c
+++ b/drivers/crypto/hisilicon/qm.c
@@ -250,7 +250,6 @@
 #define QM_QOS_MIN_CIR_B		100
 #define QM_QOS_MAX_CIR_U		6
 #define QM_QOS_MAX_CIR_S		11
-#define QM_QOS_VAL_MAX_LEN		32
 #define QM_DFX_BASE		0x0100000
 #define QM_DFX_STATE1		0x0104000
 #define QM_DFX_STATE2		0x01040C8
@@ -4614,7 +4613,7 @@ static ssize_t qm_get_qos_value(struct hisi_qm *qm, const char *buf,
 			       unsigned int *fun_index)
 {
 	char tbuf_bdf[QM_DBG_READ_LEN] = {0};
-	char val_buf[QM_QOS_VAL_MAX_LEN] = {0};
+	char val_buf[QM_DBG_READ_LEN] = {0};
 	u32 tmp1, device, function;
 	int ret, bus;
 
-- 
2.35.1

next prev parent reply	other threads:[~2022-12-20  1:21 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-20  1:20 [PATCH AUTOSEL 6.1 01/16] crypto: hisilicon/hpre - fix resource leak in remove process Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 02/16] scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 03/16] scsi: ufs: Reduce the START STOP UNIT timeout Sasha Levin
2022-12-20  1:20 ` Sasha Levin [this message]
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 05/16] Revert "PCI: Clear PCI_STATUS when setting up device" Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 06/16] scsi: elx: libefc: Fix second parameter type in state callbacks Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 07/16] hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 08/16] scsi: smartpqi: Add new controller PCI IDs Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 09/16] scsi: smartpqi: Correct device removal for multi-actuator devices Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 10/16] drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 11/16] drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 12/16] scsi: target: iscsi: Fix a race condition between login_work and the login thread Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 13/16] iomap: write iomap validity checks Sasha Levin
2022-12-20  4:01   ` Dave Chinner
2022-12-21 12:19     ` Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 14/16] orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 15/16] orangefs: Fix kmemleak in orangefs_sysfs_init() Sasha Levin
2022-12-20  1:20 ` [PATCH AUTOSEL 6.1 16/16] orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8b387de69d2 dfblob:335e58018a3 )
 OR (
bs:"[PATCH AUTOSEL 6.1 04/16] crypto: hisilicon/qm - increase the memory of local variables" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221220012053.1222101-4-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=qianweili@huawei.com \
    --cc=stable@vger.kernel.org \
    --cc=wangzhou1@hisilicon.com \
    --cc=yekai13@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox