Message ID | 20230720203737.30469-1-asmaa@nvidia.com |
---|---|
Headers | show |
Series | UBUNTU: SAUCE: mlxbf-bootctl: Fix kernel panic due to buffer overflow | expand |
Acked-by: Bartlomiej Zolnierkiewicz <bartlomiej.zolnierkiewicz@canonical.com> On Thu, Jul 20, 2023 at 10:38 PM Asmaa Mnebhi <asmaa@nvidia.com> wrote: > > BugLink: https://bugs.launchpad.net/bugs/2028309 > > SRU Justification: > > [Impact] > > Running the following LTP (linux-test-project) script, causes > a kernel panic and a reboot of the DPU: > ltp/testcases/bin/read_all -d /sys -q -r 10 > > The above test reads all directory and files under /sys. > Reading the sysfs entry "large_icm" causes the kernel panic > due to a garbage value returned via i2c read. That garbage > value causes a buffer overflow in sprintf. > > [Fix] > > * Replace sprintf with snprintf. And also add missing lock and > increase the buffer size to PAGE_SIZE. > > [Test Case] > > * Run from linux: > ltp/testcases/bin/read_all -d /sys -q -r 10 > > [Regression Potential] > > * no known regression >
On 7/20/23 2:37 PM, Asmaa Mnebhi wrote: > BugLink: https://bugs.launchpad.net/bugs/2028309 > > SRU Justification: > > [Impact] > > Running the following LTP (linux-test-project) script, causes > a kernel panic and a reboot of the DPU: > ltp/testcases/bin/read_all -d /sys -q -r 10 > > The above test reads all directory and files under /sys. > Reading the sysfs entry "large_icm" causes the kernel panic > due to a garbage value returned via i2c read. That garbage > value causes a buffer overflow in sprintf. > > [Fix] > > * Replace sprintf with snprintf. And also add missing lock and > increase the buffer size to PAGE_SIZE. > > [Test Case] > > * Run from linux: > ltp/testcases/bin/read_all -d /sys -q -r 10 > > [Regression Potential] > > * no known regression > Acked-by: Tim Gardner <tim.gardner@canonical.com> This really ought to be 2 patches. Protecting the call to arm_smccc_smc() has little to do with an snprintf() buffer overflow.
Applied to jammy:linux-bluefield/master-next. Thanks. -- Best regards, Bartlomiej On Thu, Jul 20, 2023 at 10:38 PM Asmaa Mnebhi <asmaa@nvidia.com> wrote: > > BugLink: https://bugs.launchpad.net/bugs/2028309 > > SRU Justification: > > [Impact] > > Running the following LTP (linux-test-project) script, causes > a kernel panic and a reboot of the DPU: > ltp/testcases/bin/read_all -d /sys -q -r 10 > > The above test reads all directory and files under /sys. > Reading the sysfs entry "large_icm" causes the kernel panic > due to a garbage value returned via i2c read. That garbage > value causes a buffer overflow in sprintf. > > [Fix] > > * Replace sprintf with snprintf. And also add missing lock and > increase the buffer size to PAGE_SIZE. > > [Test Case] > > * Run from linux: > ltp/testcases/bin/read_all -d /sys -q -r 10 > > [Regression Potential] > > * no known regression >