2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-10 22:54:11 +08:00
linux-next/drivers/net/netdevsim
Taehee Yoo 6fb8852b12 netdevsim: fix stack-out-of-bounds in nsim_dev_debugfs_init()
When netdevsim dev is being created, a debugfs directory is created.
The variable "dev_ddir_name" is 16bytes device name pointer and device
name is "netdevsim<dev id>".
The maximum dev id length is 10.
So, 16bytes for device name isn't enough.

Test commands:
    modprobe netdevsim
    echo "1000000000 0" > /sys/bus/netdevsim/new_device

Splat looks like:
[  249.622710][  T900] BUG: KASAN: stack-out-of-bounds in number+0x824/0x880
[  249.623658][  T900] Write of size 1 at addr ffff88804c527988 by task bash/900
[  249.624521][  T900]
[  249.624830][  T900] CPU: 1 PID: 900 Comm: bash Not tainted 5.5.0+ #322
[  249.625691][  T900] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[  249.626712][  T900] Call Trace:
[  249.627103][  T900]  dump_stack+0x96/0xdb
[  249.627639][  T900]  ? number+0x824/0x880
[  249.628173][  T900]  print_address_description.constprop.5+0x1be/0x360
[  249.629022][  T900]  ? number+0x824/0x880
[  249.629569][  T900]  ? number+0x824/0x880
[  249.630105][  T900]  __kasan_report+0x12a/0x170
[  249.630717][  T900]  ? number+0x824/0x880
[  249.631201][  T900]  kasan_report+0xe/0x20
[  249.631723][  T900]  number+0x824/0x880
[  249.632235][  T900]  ? put_dec+0xa0/0xa0
[  249.632716][  T900]  ? rcu_read_lock_sched_held+0x90/0xc0
[  249.633392][  T900]  vsnprintf+0x63c/0x10b0
[  249.633983][  T900]  ? pointer+0x5b0/0x5b0
[  249.634543][  T900]  ? mark_lock+0x11d/0xc40
[  249.635200][  T900]  sprintf+0x9b/0xd0
[  249.635750][  T900]  ? scnprintf+0xe0/0xe0
[  249.636370][  T900]  nsim_dev_probe+0x63c/0xbf0 [netdevsim]
[ ... ]

Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Fixes: ab1d0cc004 ("netdevsim: change debugfs tree topology")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2020-02-03 15:32:20 -08:00
..
bpf.c netdevsim: move netdev creation/destruction to dev probe 2019-04-26 01:52:03 -04:00
bus.c netdevsim: disable devlink reload when resources are being used 2020-02-03 15:32:20 -08:00
dev.c netdevsim: fix stack-out-of-bounds in nsim_dev_debugfs_init() 2020-02-03 15:32:20 -08:00
fib.c netdevsim: fix nsim_fib6_rt_create() error path 2020-01-17 11:00:57 +01:00
health.c netdevsim: Update dummy reporter's devlink binary interface 2019-11-12 11:25:44 -08:00
ipsec.c netdevsim: move netdev creation/destruction to dev probe 2019-04-26 01:52:03 -04:00
Makefile netdevsim: implement couple of testing devlink health reporters 2019-10-11 21:02:30 -07:00
netdev.c netdevsim: register port netdevices into net of device 2019-10-04 11:10:56 -07:00
netdevsim.h netdevsim: fix panic in nsim_dev_take_snapshot_write() 2020-02-03 15:32:20 -08:00
sdev.c netdevsim: move shared dev creation and destruction into separate file 2019-04-12 16:49:54 -07:00