[PATCH net] chelsio/chtls: prevent potential integer overflow on 32bit

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net] chelsio/chtls: prevent potential integer overflow on 32bit
@ 2024-12-13  9:47 Dan Carpenter
  2024-12-13 19:34 ` Simon Horman
  2024-12-17  2:20 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2024-12-13  9:47 UTC (permalink / raw)
  To: Atul Gupta
  Cc: Ayush Sawal, Andrew Lunn, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, Alexander Zubkov, Simon Horman,
	Michael Werner, Casey Leedom, netdev, linux-kernel,
	kernel-janitors, Jason Gunthorpe

The "gl->tot_len" variable is controlled by the user.  It comes from
process_responses().  On 32bit systems, the "gl->tot_len +
sizeof(struct cpl_pass_accept_req) + sizeof(struct rss_header)" addition
could have an integer wrapping bug.  Use size_add() to prevent this.

Fixes: a08943947873 ("crypto: chtls - Register chtls with net tls")
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
I fixed a similar bug earlier:
https://lore.kernel.org/all/86b404e1-4a75-4a35-a34e-e3054fa554c7@stanley.mountain

 .../net/ethernet/chelsio/inline_crypto/chtls/chtls_main.c    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_main.c b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_main.c
index 96fd31d75dfd..daa1ebaef511 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_main.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_main.c
@@ -346,8 +346,9 @@ static struct sk_buff *copy_gl_to_skb_pkt(const struct pkt_gl *gl,
 	 * driver. Once driver synthesizes cpl_pass_accept_req the skb will go
 	 * through the regular cpl_pass_accept_req processing in TOM.
 	 */
-	skb = alloc_skb(gl->tot_len + sizeof(struct cpl_pass_accept_req)
-			- pktshift, GFP_ATOMIC);
+	skb = alloc_skb(size_add(gl->tot_len,
+				 sizeof(struct cpl_pass_accept_req)) -
+			pktshift, GFP_ATOMIC);
 	if (unlikely(!skb))
 		return NULL;
 	__skb_put(skb, gl->tot_len + sizeof(struct cpl_pass_accept_req)
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH net] chelsio/chtls: prevent potential integer overflow on 32bit
  2024-12-13  9:47 [PATCH net] chelsio/chtls: prevent potential integer overflow on 32bit Dan Carpenter
@ 2024-12-13 19:34 ` Simon Horman
  2024-12-17  2:20 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: Simon Horman @ 2024-12-13 19:34 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Atul Gupta, Ayush Sawal, Andrew Lunn, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, Alexander Zubkov,
	Michael Werner, Casey Leedom, netdev, linux-kernel,
	kernel-janitors, Jason Gunthorpe

On Fri, Dec 13, 2024 at 12:47:27PM +0300, Dan Carpenter wrote:
> The "gl->tot_len" variable is controlled by the user.  It comes from
> process_responses().  On 32bit systems, the "gl->tot_len +
> sizeof(struct cpl_pass_accept_req) + sizeof(struct rss_header)" addition
> could have an integer wrapping bug.  Use size_add() to prevent this.
> 
> Fixes: a08943947873 ("crypto: chtls - Register chtls with net tls")
> Cc: stable@vger.kernel.org
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
> I fixed a similar bug earlier:
> https://lore.kernel.org/all/86b404e1-4a75-4a35-a34e-e3054fa554c7@stanley.mountain

Thanks Dan,

Reviewed-by: Simon Horman <horms@kernel.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH net] chelsio/chtls: prevent potential integer overflow on 32bit
  2024-12-13  9:47 [PATCH net] chelsio/chtls: prevent potential integer overflow on 32bit Dan Carpenter
  2024-12-13 19:34 ` Simon Horman
@ 2024-12-17  2:20 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-12-17  2:20 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: atul.gupta, ayush.sawal, andrew+netdev, davem, edumazet, kuba,
	pabeni, green, horms, werner, leedom, netdev, linux-kernel,
	kernel-janitors, jgg

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Fri, 13 Dec 2024 12:47:27 +0300 you wrote:
> The "gl->tot_len" variable is controlled by the user.  It comes from
> process_responses().  On 32bit systems, the "gl->tot_len +
> sizeof(struct cpl_pass_accept_req) + sizeof(struct rss_header)" addition
> could have an integer wrapping bug.  Use size_add() to prevent this.
> 
> Fixes: a08943947873 ("crypto: chtls - Register chtls with net tls")
> Cc: stable@vger.kernel.org
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> 
> [...]

Here is the summary with links:
  - [net] chelsio/chtls: prevent potential integer overflow on 32bit
    https://git.kernel.org/netdev/net/c/fbbd84af6ba7

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-12-17  2:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-13  9:47 [PATCH net] chelsio/chtls: prevent potential integer overflow on 32bit Dan Carpenter
2024-12-13 19:34 ` Simon Horman
2024-12-17  2:20 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).