From patchwork Thu Jul 20 20:37:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Asmaa Mnebhi X-Patchwork-Id: 1810619 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=qU9NSHda; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R6Pdv0mMWz20FV for ; Fri, 21 Jul 2023 06:38:11 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1qMaPV-0005GV-Ek; Thu, 20 Jul 2023 20:38:05 +0000 Received: from mail-dm6nam10on2061.outbound.protection.outlook.com ([40.107.93.61] helo=NAM10-DM6-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1qMaPQ-0005EC-Fz for kernel-team@lists.ubuntu.com; Thu, 20 Jul 2023 20:38:00 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eeFALVGYtp6MrfapCBtzNmUH1SEnhDINc+PzXhzERugC3zrJSwIEhDG+6/EEiSiUhw9xdbT3PIRnaAPQwb8gBRv8qAxZTsvgjKAqTWCbjREICoCb9nyf89S6vtBx5G5+VeTz6fOfn86wQKg1LFbqb3N3leSHnjl6+It+ul/q+3RXXoYTMjux9YyhMwylKwgUmkRDd/+MyoxwT++aT9ArCp+TtK5RWz+W3Ue+aXlopq+gqRekPKMj+bSJVk/p8gqcqR9pKSVy2+qkIKc/2ugKKRtXM0itYnDb5YohbMeONIxMe48s/ynUDemteMsAwxAQ50IZDLZw+7ksjFODTyj+YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2pK4qdGTZNrBoxVmwwo2QnAB0Q9yumNbDPB+3f1yUXE=; b=G+fAETg4ehaSNBoblq7Celpzaex0SiktqNtShH5fwvQI0jYGKTIqBbeRiBlmI0HVnRZrUbttj3hE39PbStNDLVGDXHNmGSc1RVjcoGK3OxwVexDgRmtugqvHhX2RKtyrp3NLwp8/RdGX112zHFdr0ww7iI09grZx0D5G3CyVjy5p2cbfjHCMF2pwmI57/Z7QIz+vbEuHv559ZkMO9umPB4TmF1b0BVVjQaTRAzpfG1jKHx/ncUddpaybxmSqNCpGJzpQL1iioErlzAAzHFCkzuwDG/LrZrfhx/PHiGRHmSS5Bge6TX1y1wnV7j+RMgKQ9A/RDimxs89QFNobJTbveg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2pK4qdGTZNrBoxVmwwo2QnAB0Q9yumNbDPB+3f1yUXE=; b=qU9NSHda4RlKiIQTJAz9nD2xbhC275UKn+N3XUEJLwG/7Apm+j+mj2Y+PLikbwxpYzlw2jCJpA3UKfsWQ3xmQndPTBtKVbqCmwUi3buTSrQKHoak4e7HyDuNoabMR6BZSK3bIVzrYaMBRwSN+OCQOhlbtLJaIhKe00ZsT4pTx/MhhDRnQsIFbFsYz6JIPpAnJ716bRP3lQzA6dce2WKMPMHYAr63uugEq8HTrJX/Ow4l/l/sxOhudGywnUuzvJP3Ydc0yRcB1uO9XFPpzRBiI5V6P+XZrcshUipqEriyLlzqvDXaAdUDhLV/qzRn0mNq0rLvNNah4nyDg3zR/IxYfQ== Received: from MW2PR2101CA0006.namprd21.prod.outlook.com (2603:10b6:302:1::19) by CH2PR12MB4229.namprd12.prod.outlook.com (2603:10b6:610:a5::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6588.20; Thu, 20 Jul 2023 20:37:57 +0000 Received: from CO1NAM11FT039.eop-nam11.prod.protection.outlook.com (2603:10b6:302:1:cafe::1e) by MW2PR2101CA0006.outlook.office365.com (2603:10b6:302:1::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6631.12 via Frontend Transport; Thu, 20 Jul 2023 20:37:57 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CO1NAM11FT039.mail.protection.outlook.com (10.13.174.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6609.28 via Frontend Transport; Thu, 20 Jul 2023 20:37:57 +0000 Received: from rnnvmail205.nvidia.com (10.129.68.10) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Thu, 20 Jul 2023 13:37:44 -0700 Received: from rnnvmail204.nvidia.com (10.129.68.6) by rnnvmail205.nvidia.com (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Thu, 20 Jul 2023 13:37:43 -0700 Received: from vdi.nvidia.com (10.127.8.14) by mail.nvidia.com (10.129.68.6) with Microsoft SMTP Server id 15.2.986.37 via Frontend Transport; Thu, 20 Jul 2023 13:37:42 -0700 From: Asmaa Mnebhi To: Subject: [SRU][J:linux-bluefield][PATCH v1 1/1] UBUNTU: SAUCE: mlxbf-bootctl: Fix kernel panic due to buffer overflow Date: Thu, 20 Jul 2023 16:37:37 -0400 Message-ID: <20230720203737.30469-2-asmaa@nvidia.com> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20230720203737.30469-1-asmaa@nvidia.com> References: <20230720203737.30469-1-asmaa@nvidia.com> MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1NAM11FT039:EE_|CH2PR12MB4229:EE_ X-MS-Office365-Filtering-Correlation-Id: bdfc70d4-c66a-414d-fe48-08db8961338b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EC+XzZ3zx5SSk3wGJ9LrgE6ZhzC90BBxpJN313IV+YeCupZIL+ZYyFQNK4VrPd5Wx5rx2j2Cp/UX7Xeu/Ln1WkFljd7sFcYErlL1qR6gvQb3MwVJg8kZ97FoLXmoD9zA45QigZmg1qV/EqgXgZDBlMnnB7neP4DneTI6N8+q7iXOZVUIXISsReLAKp6xnjTXJsZ7Hd18hp5QvH4IZgHKeeeN8VE09kTL/1+PhW19aEFwsVT8K+vpG4CmI6q507yKu9Gqy1H8hIVeu3v4sPWKiwaX8iJe7ldK0J7Qr2Khx1rdh43zFBJABBC1N2LNNQjxb7E9MpNNRynImrhn0oKiZMz902yVZq9LIYI8ydQFxJCQf+a0HzoiHFlr1txfMrUS8DKcuAtCAOzIgRAEFIbGnzQ9PkmKOcuuxKJNFAHMTTMZczJkMzg81YcuAsHof5xddhVFoFLD5uP1i+G+QvbF4f1pyd3OjWNqYF+R5MGA2ORGfat2oARnJYcieldzb+1GcTj6DiHYS8lghO3Z+bX4/3vqEFpY2knNU0dg281bVEEpBU5HdbXYKZlQmNpdWl0qN721syvDGwdVD3+H3MNfKg2WMOkgcldg3YmBktYxDX9hYWmQadRexHkFhebAKz3XwWpsOLNQrlJJnFYDBtQ/OZow0Vv6qXtDb6McIhBovRc+HAwk48vSRjng0Fl8uHNgW2j16Ig5jN2Y/456JDnltGuyRJNWKe8YqQjXAAcgO6ggbfG/TqJlLqwnqGmxoGpS26BOutZVPER73CPD8lflaVmdL8mE/bUedRpm0mDKha0= X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230028)(4636009)(396003)(39860400002)(136003)(376002)(346002)(82310400008)(451199021)(36840700001)(40470700004)(46966006)(8936002)(40460700003)(7696005)(107886003)(6916009)(4326008)(1076003)(26005)(6666004)(478600001)(54906003)(70206006)(70586007)(86362001)(8676002)(36756003)(83380400001)(336012)(186003)(2616005)(426003)(47076005)(316002)(5660300002)(41300700001)(40480700001)(2906002)(966005)(36860700001)(7636003)(82740400003)(356005); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jul 2023 20:37:57.1296 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bdfc70d4-c66a-414d-fe48-08db8961338b X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT039.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4229 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: asmaa@nvidia.com, davthompson@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2028309 Running the following LTP (linux-test-project) script, causes a kernel panic and a reboot of the DPU: ltp/testcases/bin/read_all -d /sys -q -r 10 The above test reads all directory and files under /sys. Reading the sysfs entry "large_icm" causes the kernel panic due to a garbage value returned via i2c read. That garbage value causes a buffer overflow in sprintf. Replace sprintf with snprintf. And also add missing lock and increase the buffer size to PAGE_SIZE. Signed-off-by: Asmaa Mnebhi --- drivers/platform/mellanox/mlxbf-bootctl.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/platform/mellanox/mlxbf-bootctl.c b/drivers/platform/mellanox/mlxbf-bootctl.c index a68bf5b27013..52666ee360b2 100644 --- a/drivers/platform/mellanox/mlxbf-bootctl.c +++ b/drivers/platform/mellanox/mlxbf-bootctl.c @@ -387,17 +387,16 @@ static ssize_t oob_mac_store(struct device_driver *drv, const char *buf, static ssize_t large_icm_show(struct device_driver *drv, char *buf) { - char icm_str[MAX_ICM_BUFFER_SIZE] = { 0 }; struct arm_smccc_res res; + mutex_lock(&icm_ops_lock); arm_smccc_smc(MLNX_HANDLE_GET_ICM_INFO, 0, 0, 0, 0, 0, 0, 0, &res); + mutex_unlock(&icm_ops_lock); if (res.a0) return -EPERM; - sprintf(icm_str, "0x%lx", res.a1); - - return snprintf(buf, sizeof(icm_str), "%s", icm_str); + return snprintf(buf, PAGE_SIZE, "0x%lx", res.a1); } static ssize_t large_icm_store(struct device_driver *drv, const char *buf,