Re: [PATCH v2 net] net: qed: fix buffer overflow on ethtool -d

From: David Miller
Date: Tue Jul 07 2020 - 18:42:53 EST


From: Alexander Lobakin <alobakin@xxxxxxxxxxx>
Date: Mon, 6 Jul 2020 12:25:53 +0300

> When generating debug dump, driver firstly collects all data in binary
> form, and then performs per-feature formatting to human-readable if it
> is supported.
>
> For ethtool -d, this is roughly incorrect for two reasons. First of all,
> drivers should always provide only original raw dumps to Ethtool without
> any changes.
> The second, and more critical, is that Ethtool's output buffer size is
> strictly determined by ethtool_ops::get_regs_len(), and all data *must*
> fit in it. The current version of driver always returns the size of raw
> data, but the size of the formatted buffer exceeds it in most cases.
> This leads to out-of-bound writes and memory corruption.
>
> Address both issues by adding an option to return original, non-formatted
> debug data, and using it for Ethtool case.
>
> v2:
> - Expand commit message to make it more clear;
> - No functional changes.
>
> Fixes: c965db444629 ("qed: Add support for debug data collection")
> Signed-off-by: Alexander Lobakin <alobakin@xxxxxxxxxxx>
> Signed-off-by: Igor Russkikh <irusskikh@xxxxxxxxxxx>

Applied, thank you.