Message ID | 20221122122901.22294-1-korotkov.maxim.s@gmail.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2177300wrr; Tue, 22 Nov 2022 04:44:31 -0800 (PST) X-Google-Smtp-Source: AA0mqf4iUpfTS3iMzVfaP5v1EBamToS3hMQ1gBTTJhKcgsQfTp1jRoe9OftX01aDdtCg1olJCLfm X-Received: by 2002:a05:6a00:1696:b0:573:52e5:3c8a with SMTP id k22-20020a056a00169600b0057352e53c8amr14160344pfc.31.1669121071333; Tue, 22 Nov 2022 04:44:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669121071; cv=none; d=google.com; s=arc-20160816; b=yw7uxRcNDDQekML4jRLNa5ywm7WxKWJexyuMgy6N0p5Airpd1eS4YNUc7P21LsM9uS +JX/KblvrIizV7hd/ITOtWbtsX35uSY2znLzsLsqcJE0UPOFE3fbhrbhlO7fm+hVCs1T zE41XpxHclekQy8mJWf+SALlrNEHjNG0/qli4LnWXK3Ip0irVtEyk8T+puXkCqm+0bV3 jl2k2jvu72jZ6SSLLDqOh+nM4itLC1fclMmujgv6zbnz9wxsrJ9Vohl04I4Vt97xjqv/ useIYaMUgxrCO+SrIMN3q1UdgH7YbYyt2cDPHbPGwPxuSHNuSJfDmbVgx8XrtnzxaVuZ 6M/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature; bh=qG9k0HLJtBKzDnSY86wVSnvV+i9S7/oBKCID23f+3EQ=; b=wyyOh2ueW5tyjBIg0RKH9Yhu4T8ZMges1yyWOXYh7fkTi+t+JJ8yCWf2PLor2trZqK VzF31kSre9Ly7g8SFpyeplBVO/mKMcWi8cY+7AV4d6Uxr7iJf+dbPMPa641n3Wr8+bkA YkPFM01SkdkQP4eAsGk8YZxuUggjbcJFdIAeqM9hZuFMdGhOi8mljRhbN5EP777d0yao 8bIFINp5u4WJxyQ9XQvuYMJXtfQlTL7QvWUnSqAQjE/5yemYr0YhYRrHUJvmne09eKxr /VllibuPGcqCQ22BnpIE9+zgiWmYheQ6plHLMV2OV2Nf/kkIhqs6fB/dMA4tLgaVUz9g F6hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ZfERH2OQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k188-20020a6324c5000000b004769f0fd662si15297509pgk.362.2022.11.22.04.44.15; Tue, 22 Nov 2022 04:44:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ZfERH2OQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233147AbiKVM3t (ORCPT <rfc822;cjcooper78@gmail.com> + 99 others); Tue, 22 Nov 2022 07:29:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229628AbiKVM3q (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 22 Nov 2022 07:29:46 -0500 Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36343450BF; Tue, 22 Nov 2022 04:29:45 -0800 (PST) Received: by mail-lf1-x12d.google.com with SMTP id f13so1818958lfa.6; Tue, 22 Nov 2022 04:29:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qG9k0HLJtBKzDnSY86wVSnvV+i9S7/oBKCID23f+3EQ=; b=ZfERH2OQIOYLGULfO5tULnn8BtI9Fxe1ZQdtKpjLnpoasPcc5Dd0xOcUnXDO7AJkFQ OZz+/9xuK8faMsN9dDPK+6vuxhwAHyXVW8D7tasLXUzhs4oZoAAkzfBwOZEQ0FN5KRAl qopbsX2DVWqApQozSK48JzE36zHBhb7ImQTSBvx5iONwTGWGQgfrqEiFbxsfML/NFl/b DmLlzoeqbqiID72ASK5EacsK4ZuP322rOi4XN2NgO99PL/zQxje0ACpGrnM3+IwrCg+m SkH0t5wwS0m5mS1/mQuJQ4s6Ghf0cn2/bi4IS0QaE2ST3O6EUYgmxCEZf/165VhB8iNV wYEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qG9k0HLJtBKzDnSY86wVSnvV+i9S7/oBKCID23f+3EQ=; b=OsD9v6n7jau+O08bzO9wWqXEgXgMIsgSiJajeHibqT0HjlOf9Bsyc7zzjCTvBHBL77 FRP8c2HiWkYSYATWb6heeZzm6qGdKsW/jQtKtJka1pDLDe3NvbQcQ9RFlW6Qx7gbJXso Si1RrhDK7TWQF2AZ2GbBG8u+Z7aojFzj9aIdTxtgDWIQSTrFQkwVoJGkb7ZASAzGu7VK K9gtJ6c+hdrpPh1y7T0kZU9x3axS7ywvJsF07zGq8+hJs/JPREWTXEu46IxlPh14OC4t IcsgP7lx0r/ll4O1dtGCIK2LpN1kN+yrMIHB+XYvcUHxDJoQ7hvA/sFctrWxM3ZqVsRM 2WWw== X-Gm-Message-State: ANoB5pnILMwjBFVbK2o9ARzDKljuO8l90i568WBY744wUadwQCt7df6H mmV4SF6rxEqkJo07xvzuoB8= X-Received: by 2002:a05:6512:489:b0:4b4:9193:1caf with SMTP id v9-20020a056512048900b004b491931cafmr1422091lfq.300.1669120181759; Tue, 22 Nov 2022 04:29:41 -0800 (PST) Received: from mkor.rasu.local ([212.22.67.162]) by smtp.gmail.com with ESMTPSA id c16-20020a056512075000b0049462af8614sm2462897lfs.145.2022.11.22.04.29.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Nov 2022 04:29:41 -0800 (PST) From: Maxim Korotkov <korotkov.maxim.s@gmail.com> To: "David S. Miller" <davem@davemloft.net> Cc: Maxim Korotkov <korotkov.maxim.s@gmail.com>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Guangbin Huang <huangguangbin2@huawei.com>, Andrew Lunn <andrew@lunn.ch>, Alexander Lobakin <alexandr.lobakin@intel.com>, "Keller, Jacob E" <jacob.e.keller@intel.com>, Tom Rix <trix@redhat.com>, Marco Bonelli <marco@mebeim.net>, Edward Cree <ecree@solarflare.com>, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Subject: [PATCH v3] ethtool: avoiding integer overflow in ethtool_phys_id() Date: Tue, 22 Nov 2022 15:29:01 +0300 Message-Id: <20221122122901.22294-1-korotkov.maxim.s@gmail.com> X-Mailer: git-send-email 2.17.1 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750200296312986999?= X-GMAIL-MSGID: =?utf-8?q?1750200296312986999?= |
Series |
[v3] ethtool: avoiding integer overflow in ethtool_phys_id()
|
|
Commit Message
Maxim Korotkov
Nov. 22, 2022, 12:29 p.m. UTC
The value of an arithmetic expression "n * id.data" is subject
to possible overflow due to a failure to cast operands to a larger data
type before performing arithmetic. Used macro for multiplication instead
operator for avoiding overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Maxim Korotkov <korotkov.maxim.s@gmail.com>
---
net/ethtool/ioctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
From: Maxim Korotkov <korotkov.maxim.s@gmail.com> Date: Tue, 22 Nov 2022 15:29:01 +0300 > The value of an arithmetic expression "n * id.data" is subject > to possible overflow due to a failure to cast operands to a larger data > type before performing arithmetic. Used macro for multiplication instead > operator for avoiding overflow. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Maxim Korotkov <korotkov.maxim.s@gmail.com> Reviewed-by: Alexander Lobakin <alexandr.lobakin@intel.com> > --- > net/ethtool/ioctl.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c > index 6a7308de192d..6b59e7a1c906 100644 > --- a/net/ethtool/ioctl.c > +++ b/net/ethtool/ioctl.c > @@ -2007,7 +2007,8 @@ static int ethtool_phys_id(struct net_device *dev, void __user *useraddr) > } else { > /* Driver expects to be called at twice the frequency in rc */ > int n = rc * 2, interval = HZ / n; > - u64 count = n * id.data, i = 0; > + u64 count = mul_u32_u32(n, id.data); > + u64 i = 0; > > do { > rtnl_lock(); > -- > 2.17.1 Some notes to the process, not the code: 1) I asked to add my Reviewed-by to v3 in the previous thread, it's mandatory for authors to pick-up all the tags before publishing a new revision; 2) when sending v2, v3, ... vN, please have a changelog in the commit message or right below those '---' after your SoB, that makes it easier to review. Thanks, Olek
On Tue, Nov 22, 2022 at 03:29:01PM +0300, Maxim Korotkov wrote: > The value of an arithmetic expression "n * id.data" is subject > to possible overflow due to a failure to cast operands to a larger data > type before performing arithmetic. Used macro for multiplication instead > operator for avoiding overflow. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Maxim Korotkov <korotkov.maxim.s@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Andrew
On Tue, 22 Nov 2022 15:29:01 +0300 Maxim Korotkov wrote: > The value of an arithmetic expression "n * id.data" is subject > to possible overflow due to a failure to cast operands to a larger data > type before performing arithmetic. Used macro for multiplication instead > operator for avoiding overflow. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Maxim Korotkov <korotkov.maxim.s@gmail.com> Applying to net-next, pretty sure nobody expects us to support blinking an LED 4 billion times, at a rate low enough for a human eye to see... But let's watch the stable bots pick it up anyway.
Hello: This patch was applied to netdev/net-next.git (master) by Jakub Kicinski <kuba@kernel.org>: On Tue, 22 Nov 2022 15:29:01 +0300 you wrote: > The value of an arithmetic expression "n * id.data" is subject > to possible overflow due to a failure to cast operands to a larger data > type before performing arithmetic. Used macro for multiplication instead > operator for avoiding overflow. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > [...] Here is the summary with links: - [v3] ethtool: avoiding integer overflow in ethtool_phys_id() https://git.kernel.org/netdev/net-next/c/64a8f8f7127d You are awesome, thank you!
diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c index 6a7308de192d..6b59e7a1c906 100644 --- a/net/ethtool/ioctl.c +++ b/net/ethtool/ioctl.c @@ -2007,7 +2007,8 @@ static int ethtool_phys_id(struct net_device *dev, void __user *useraddr) } else { /* Driver expects to be called at twice the frequency in rc */ int n = rc * 2, interval = HZ / n; - u64 count = n * id.data, i = 0; + u64 count = mul_u32_u32(n, id.data); + u64 i = 0; do { rtnl_lock();