| Message ID | 20221122122901.22294-1-korotkov.maxim.s@gmail.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2177300wrr;
Tue, 22 Nov 2022 04:44:31 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf4iUpfTS3iMzVfaP5v1EBamToS3hMQ1gBTTJhKcgsQfTp1jRoe9OftX01aDdtCg1olJCLfm
X-Received: by 2002:a05:6a00:1696:b0:573:52e5:3c8a with SMTP id
k22-20020a056a00169600b0057352e53c8amr14160344pfc.31.1669121071333;
Tue, 22 Nov 2022 04:44:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669121071; cv=none;
d=google.com; s=arc-20160816;
b=yw7uxRcNDDQekML4jRLNa5ywm7WxKWJexyuMgy6N0p5Airpd1eS4YNUc7P21LsM9uS
+JX/KblvrIizV7hd/ITOtWbtsX35uSY2znLzsLsqcJE0UPOFE3fbhrbhlO7fm+hVCs1T
zE41XpxHclekQy8mJWf+SALlrNEHjNG0/qli4LnWXK3Ip0irVtEyk8T+puXkCqm+0bV3
jl2k2jvu72jZ6SSLLDqOh+nM4itLC1fclMmujgv6zbnz9wxsrJ9Vohl04I4Vt97xjqv/
useIYaMUgxrCO+SrIMN3q1UdgH7YbYyt2cDPHbPGwPxuSHNuSJfDmbVgx8XrtnzxaVuZ
6M/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:message-id:date:subject:cc:to:from
:dkim-signature;
bh=qG9k0HLJtBKzDnSY86wVSnvV+i9S7/oBKCID23f+3EQ=;
b=wyyOh2ueW5tyjBIg0RKH9Yhu4T8ZMges1yyWOXYh7fkTi+t+JJ8yCWf2PLor2trZqK
VzF31kSre9Ly7g8SFpyeplBVO/mKMcWi8cY+7AV4d6Uxr7iJf+dbPMPa641n3Wr8+bkA
YkPFM01SkdkQP4eAsGk8YZxuUggjbcJFdIAeqM9hZuFMdGhOi8mljRhbN5EP777d0yao
8bIFINp5u4WJxyQ9XQvuYMJXtfQlTL7QvWUnSqAQjE/5yemYr0YhYRrHUJvmne09eKxr
/VllibuPGcqCQ22BnpIE9+zgiWmYheQ6plHLMV2OV2Nf/kkIhqs6fB/dMA4tLgaVUz9g
F6hw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@gmail.com header.s=20210112 header.b=ZfERH2OQ;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
k188-20020a6324c5000000b004769f0fd662si15297509pgk.362.2022.11.22.04.44.15;
Tue, 22 Nov 2022 04:44:31 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@gmail.com header.s=20210112 header.b=ZfERH2OQ;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233147AbiKVM3t (ORCPT <rfc822;cjcooper78@gmail.com> + 99 others);
Tue, 22 Nov 2022 07:29:49 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40706 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229628AbiKVM3q (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 22 Nov 2022 07:29:46 -0500
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com
[IPv6:2a00:1450:4864:20::12d])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36343450BF;
Tue, 22 Nov 2022 04:29:45 -0800 (PST)
Received: by mail-lf1-x12d.google.com with SMTP id f13so1818958lfa.6;
Tue, 22 Nov 2022 04:29:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=qG9k0HLJtBKzDnSY86wVSnvV+i9S7/oBKCID23f+3EQ=;
b=ZfERH2OQIOYLGULfO5tULnn8BtI9Fxe1ZQdtKpjLnpoasPcc5Dd0xOcUnXDO7AJkFQ
OZz+/9xuK8faMsN9dDPK+6vuxhwAHyXVW8D7tasLXUzhs4oZoAAkzfBwOZEQ0FN5KRAl
qopbsX2DVWqApQozSK48JzE36zHBhb7ImQTSBvx5iONwTGWGQgfrqEiFbxsfML/NFl/b
DmLlzoeqbqiID72ASK5EacsK4ZuP322rOi4XN2NgO99PL/zQxje0ACpGrnM3+IwrCg+m
SkH0t5wwS0m5mS1/mQuJQ4s6Ghf0cn2/bi4IS0QaE2ST3O6EUYgmxCEZf/165VhB8iNV
wYEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=qG9k0HLJtBKzDnSY86wVSnvV+i9S7/oBKCID23f+3EQ=;
b=OsD9v6n7jau+O08bzO9wWqXEgXgMIsgSiJajeHibqT0HjlOf9Bsyc7zzjCTvBHBL77
FRP8c2HiWkYSYATWb6heeZzm6qGdKsW/jQtKtJka1pDLDe3NvbQcQ9RFlW6Qx7gbJXso
Si1RrhDK7TWQF2AZ2GbBG8u+Z7aojFzj9aIdTxtgDWIQSTrFQkwVoJGkb7ZASAzGu7VK
K9gtJ6c+hdrpPh1y7T0kZU9x3axS7ywvJsF07zGq8+hJs/JPREWTXEu46IxlPh14OC4t
IcsgP7lx0r/ll4O1dtGCIK2LpN1kN+yrMIHB+XYvcUHxDJoQ7hvA/sFctrWxM3ZqVsRM
2WWw==
X-Gm-Message-State: ANoB5pnILMwjBFVbK2o9ARzDKljuO8l90i568WBY744wUadwQCt7df6H
mmV4SF6rxEqkJo07xvzuoB8=
X-Received: by 2002:a05:6512:489:b0:4b4:9193:1caf with SMTP id
v9-20020a056512048900b004b491931cafmr1422091lfq.300.1669120181759;
Tue, 22 Nov 2022 04:29:41 -0800 (PST)
Received: from mkor.rasu.local ([212.22.67.162])
by smtp.gmail.com with ESMTPSA id
c16-20020a056512075000b0049462af8614sm2462897lfs.145.2022.11.22.04.29.40
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 22 Nov 2022 04:29:41 -0800 (PST)
From: Maxim Korotkov <korotkov.maxim.s@gmail.com>
To: "David S. Miller" <davem@davemloft.net>
Cc: Maxim Korotkov <korotkov.maxim.s@gmail.com>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
Guangbin Huang <huangguangbin2@huawei.com>,
Andrew Lunn <andrew@lunn.ch>,
Alexander Lobakin <alexandr.lobakin@intel.com>,
"Keller, Jacob E" <jacob.e.keller@intel.com>,
Tom Rix <trix@redhat.com>, Marco Bonelli <marco@mebeim.net>,
Edward Cree <ecree@solarflare.com>, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
Subject: [PATCH v3] ethtool: avoiding integer overflow in ethtool_phys_id()
Date: Tue, 22 Nov 2022 15:29:01 +0300
Message-Id: <20221122122901.22294-1-korotkov.maxim.s@gmail.com>
X-Mailer: git-send-email 2.17.1
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1750200296312986999?=
X-GMAIL-MSGID: =?utf-8?q?1750200296312986999?=
|
| Series |
[v3] ethtool: avoiding integer overflow in ethtool_phys_id()
|
|
Commit Message
Maxim Korotkov
Nov. 22, 2022, 12:29 p.m. UTC
The value of an arithmetic expression "n * id.data" is subject
to possible overflow due to a failure to cast operands to a larger data
type before performing arithmetic. Used macro for multiplication instead
operator for avoiding overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Maxim Korotkov <korotkov.maxim.s@gmail.com>
---
net/ethtool/ioctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
From: Maxim Korotkov <korotkov.maxim.s@gmail.com> Date: Tue, 22 Nov 2022 15:29:01 +0300 > The value of an arithmetic expression "n * id.data" is subject > to possible overflow due to a failure to cast operands to a larger data > type before performing arithmetic. Used macro for multiplication instead > operator for avoiding overflow. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Maxim Korotkov <korotkov.maxim.s@gmail.com> Reviewed-by: Alexander Lobakin <alexandr.lobakin@intel.com> > --- > net/ethtool/ioctl.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c > index 6a7308de192d..6b59e7a1c906 100644 > --- a/net/ethtool/ioctl.c > +++ b/net/ethtool/ioctl.c > @@ -2007,7 +2007,8 @@ static int ethtool_phys_id(struct net_device *dev, void __user *useraddr) > } else { > /* Driver expects to be called at twice the frequency in rc */ > int n = rc * 2, interval = HZ / n; > - u64 count = n * id.data, i = 0; > + u64 count = mul_u32_u32(n, id.data); > + u64 i = 0; > > do { > rtnl_lock(); > -- > 2.17.1 Some notes to the process, not the code: 1) I asked to add my Reviewed-by to v3 in the previous thread, it's mandatory for authors to pick-up all the tags before publishing a new revision; 2) when sending v2, v3, ... vN, please have a changelog in the commit message or right below those '---' after your SoB, that makes it easier to review. Thanks, Olek
On Tue, Nov 22, 2022 at 03:29:01PM +0300, Maxim Korotkov wrote: > The value of an arithmetic expression "n * id.data" is subject > to possible overflow due to a failure to cast operands to a larger data > type before performing arithmetic. Used macro for multiplication instead > operator for avoiding overflow. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Maxim Korotkov <korotkov.maxim.s@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Andrew
On Tue, 22 Nov 2022 15:29:01 +0300 Maxim Korotkov wrote: > The value of an arithmetic expression "n * id.data" is subject > to possible overflow due to a failure to cast operands to a larger data > type before performing arithmetic. Used macro for multiplication instead > operator for avoiding overflow. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Maxim Korotkov <korotkov.maxim.s@gmail.com> Applying to net-next, pretty sure nobody expects us to support blinking an LED 4 billion times, at a rate low enough for a human eye to see... But let's watch the stable bots pick it up anyway.
Hello: This patch was applied to netdev/net-next.git (master) by Jakub Kicinski <kuba@kernel.org>: On Tue, 22 Nov 2022 15:29:01 +0300 you wrote: > The value of an arithmetic expression "n * id.data" is subject > to possible overflow due to a failure to cast operands to a larger data > type before performing arithmetic. Used macro for multiplication instead > operator for avoiding overflow. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > [...] Here is the summary with links: - [v3] ethtool: avoiding integer overflow in ethtool_phys_id() https://git.kernel.org/netdev/net-next/c/64a8f8f7127d You are awesome, thank you!
diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c index 6a7308de192d..6b59e7a1c906 100644 --- a/net/ethtool/ioctl.c +++ b/net/ethtool/ioctl.c @@ -2007,7 +2007,8 @@ static int ethtool_phys_id(struct net_device *dev, void __user *useraddr) } else { /* Driver expects to be called at twice the frequency in rc */ int n = rc * 2, interval = HZ / n; - u64 count = n * id.data, i = 0; + u64 count = mul_u32_u32(n, id.data); + u64 i = 0; do { rtnl_lock();