• Samuel Mendoza-Jonas's avatar
    net/ncsi: Refactor MAC, VLAN filters · 062b3e1b
    Samuel Mendoza-Jonas authored
    The NCSI driver defines a generic ncsi_channel_filter struct that can be
    used to store arbitrarily formatted filters, and several generic methods
    of accessing data stored in such a filter.
    However in both the driver and as defined in the NCSI specification
    there are only two actual filters: VLAN ID filters and MAC address
    filters. The splitting of the MAC filter into unicast, multicast, and
    mixed is also technically not necessary as these are stored in the same
    location in hardware.
    
    To save complexity, particularly in the set up and accessing of these
    generic filters, remove them in favour of two specific structs. These
    can be acted on directly and do not need several generic helper
    functions to use.
    
    This also fixes a memory error found by KASAN on ARM32 (which is not
    upstream yet), where response handlers accessing a filter's data field
    could write past allocated memory.
    
    [  114.926512] ==================================================================
    [  114.933861] BUG: KASAN: slab-out-of-bounds in ncsi_configure_channel+0x4b8/0xc58
    [  114.941304] Read of size 2 at addr 94888558 by task kworker/0:2/546
    [  114.947593]
    [  114.949146] CPU: 0 PID: 546 Comm: kworker/0:2 Not tainted 4.16.0-rc6-00119-ge156398bfcad #13
    ...
    [  115.170233] The buggy address belongs to the object at 94888540
    [  115.170233]  which belongs to the cache kmalloc-32 of size 32
    [  115.181917] The buggy address is located 24 bytes inside of
    [  115.181917]  32-byte region [94888540, 94888560)
    [  115.192115] The buggy address belongs to the page:
    [  115.196943] page:9eeac100 count:1 mapcount:0 mapping:94888000 index:0x94888fc1
    [  115.204200] flags: 0x100(slab)
    [  115.207330] raw: 00000100 94888000 94888fc1 0000003f 00000001 9eea2014 9eecaa74 96c003e0
    [  115.215444] page dumped because: kasan: bad access detected
    [  115.221036]
    [  115.222544] Memory state around the buggy address:
    [  115.227384]  94888400: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
    [  115.233959]  94888480: 00 00 00 fc fc fc fc fc 00 04 fc fc fc fc fc fc
    [  115.240529] >94888500: 00 00 04 fc fc fc fc fc 00 00 04 fc fc fc fc fc
    [  115.247077]                                             ^
    [  115.252523]  94888580: 00 04 fc fc fc fc fc fc 06 fc fc fc fc fc fc fc
    [  115.259093]  94888600: 00 00 06 fc fc fc fc fc 00 00 04 fc fc fc fc fc
    [  115.265639] ==================================================================
    Reported-by: default avatarJoel Stanley <joel@jms.id.au>
    Signed-off-by: default avatarSamuel Mendoza-Jonas <sam@mendozajonas.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    062b3e1b
ncsi-manage.c 37.7 KB