From patchwork Sat Oct 22 01:17:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "yekai (A)" X-Patchwork-Id: 7058 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4242:0:0:0:0:0 with SMTP id s2csp985427wrr; Fri, 21 Oct 2022 18:29:00 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7ADQonjdJu2L0BPqo49g2Fdv4kcnx1w/8sjz/O0Y0QhN5HxnIVuBB+kzqpPnSIDoUG7rAg X-Received: by 2002:a17:907:2cf1:b0:78d:c7a1:172d with SMTP id hz17-20020a1709072cf100b0078dc7a1172dmr17670603ejc.51.1666402140430; Fri, 21 Oct 2022 18:29:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666402140; cv=none; d=google.com; s=arc-20160816; b=afPhsvPzCI+eeqCxjw0FCoCBB+s/uLt3JNlbz4zyQ5rpeecfECMamW7unyyg0rcc4c iU7G3j7Y+TAolTk85Xoj9yehWwWox75EHIfnHPLiOX8COVOP7RNhIRVt3cY9th1Y2sOB pM+b2AED0FRjF4FXgygvdvaKlMLsMg9J+7rBkZSw+HfLTMzLMU55ie+yd8TV1W5EFoqP XPcQB3euLITLKIQvX64yq4E+aqxqMW+01p6ZEao2txXcJLLKspbYaCz+499j4QNpSuJo PrL5kjRB2C1mSUwQ1U0MSSjAUvhlSR6sAfi2uIQb104BXgwG0AbgtCHYbdeD1glm1HT7 mH7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from; bh=tZefhSa6h6/2FyZRC24yBQDBKDQ8PvrvDoOubmvzYns=; b=CSxVETDN3D1G5FY5qvSdqjGtk6mIpzTOJf/Fr97BxngcrjfhnkntfspJ1HXdTqIfId V2OcSnTLQmMocwFlM02C/Fvd8FvtpMOe5M+dHsg+qLXW7OrDXt6ErWu/Af8CKy8TQk5V dQ46X8fdFCA0ORAtqOsMvtN48SDnfMfJWHQjEgZ5KhcX67cMBeHEzksscSIG85cB954W P7rdkeFeR4RcCXv8v5O8AkryXSDub0OI3TyX2JxtB9RLTu55JR4Wam64WrWVXpTimRWV wLk69TY+j1gC+LE7Fo8vl4t/fiZVNVYTSMprf0cGIb1FYdZIQdsINBWDxTl33fAiN9ga bzuA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z11-20020a056402274b00b0044711ea363esi24938148edd.21.2022.10.21.18.28.35; Fri, 21 Oct 2022 18:29:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229919AbiJVBXs (ORCPT + 99 others); Fri, 21 Oct 2022 21:23:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35494 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229608AbiJVBXj (ORCPT ); Fri, 21 Oct 2022 21:23:39 -0400 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 809152B2E3D; Fri, 21 Oct 2022 18:23:38 -0700 (PDT) Received: from dggpeml500026.china.huawei.com (unknown [172.30.72.53]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4MvNnd2YPdzJn6v; Sat, 22 Oct 2022 09:20:53 +0800 (CST) Received: from dggpeml100012.china.huawei.com (7.185.36.121) by dggpeml500026.china.huawei.com (7.185.36.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sat, 22 Oct 2022 09:23:35 +0800 Received: from huawei.com (10.67.165.24) by dggpeml100012.china.huawei.com (7.185.36.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sat, 22 Oct 2022 09:23:35 +0800 From: Kai Ye To: CC: , , Subject: [PATCH v3 1/3] crypto: hisilicon/qm - increase the memory of local variables Date: Sat, 22 Oct 2022 01:17:44 +0000 Message-ID: <20221022011746.27197-2-yekai13@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221022011746.27197-1-yekai13@huawei.com> References: <20221022011746.27197-1-yekai13@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.67.165.24] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To dggpeml100012.china.huawei.com (7.185.36.121) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747349290922785653?= X-GMAIL-MSGID: =?utf-8?q?1747349290922785653?= Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' is only 32 bytes. The sscanf does not check the dest memory length. So the 'val buffer' may stack overflow. Signed-off-by: Kai Ye --- drivers/crypto/hisilicon/qm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c index e3edb176d976..5d79e9f0e7e1 100644 --- a/drivers/crypto/hisilicon/qm.c +++ b/drivers/crypto/hisilicon/qm.c @@ -250,7 +250,6 @@ #define QM_QOS_MIN_CIR_B 100 #define QM_QOS_MAX_CIR_U 6 #define QM_QOS_MAX_CIR_S 11 -#define QM_QOS_VAL_MAX_LEN 32 #define QM_DFX_BASE 0x0100000 #define QM_DFX_STATE1 0x0104000 #define QM_DFX_STATE2 0x01040C8 @@ -4612,7 +4611,7 @@ static ssize_t qm_get_qos_value(struct hisi_qm *qm, const char *buf, unsigned int *fun_index) { char tbuf_bdf[QM_DBG_READ_LEN] = {0}; - char val_buf[QM_QOS_VAL_MAX_LEN] = {0}; + char val_buf[QM_DBG_READ_LEN] = {0}; u32 tmp1, device, function; int ret, bus;