michael/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
linux-6.14.y
linux/net/ethtool
History
Damodharam Ammepalli 7eb0a0072f ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() 
[ Upstream commit f3fdd4fba1 ]

rpl is passed as a pointer to ethtool_cmis_module_poll(), so the correct
size of rpl is sizeof(*rpl) which should be just 1 byte.  Using the
pointer size instead can cause stack corruption:

Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ethtool_cmis_wait_for_cond+0xf4/0x100
CPU: 72 UID: 0 PID: 4440 Comm: kworker/72:2 Kdump: loaded Tainted: G           OE      6.11.0 #24
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: Dell Inc. PowerEdge R760/04GWWM, BIOS 1.6.6 09/20/2023
Workqueue: events module_flash_fw_work
Call Trace:
 <TASK>
 panic+0x339/0x360
 ? ethtool_cmis_wait_for_cond+0xf4/0x100
 ? __pfx_status_success+0x10/0x10
 ? __pfx_status_fail+0x10/0x10
 __stack_chk_fail+0x10/0x10
 ethtool_cmis_wait_for_cond+0xf4/0x100
 ethtool_cmis_cdb_execute_cmd+0x1fc/0x330
 ? __pfx_status_fail+0x10/0x10
 cmis_cdb_module_features_get+0x6d/0xd0
 ethtool_cmis_cdb_init+0x8a/0xd0
 ethtool_cmis_fw_update+0x46/0x1d0
 module_flash_fw_work+0x17/0xa0
 process_one_work+0x179/0x390
 worker_thread+0x239/0x340
 ? __pfx_worker_thread+0x10/0x10
 kthread+0xcc/0x100
 ? __pfx_kthread+0x10/0x10
 ret_from_fork+0x2d/0x50
 ? __pfx_kthread+0x10/0x10
 ret_from_fork_asm+0x1a/0x30
 </TASK>

Fixes: a39c84d796 ("ethtool: cmis_cdb: Add a layer for supporting CDB commands")
Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Damodharam Ammepalli <damodharam.ammepalli@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Link: https://patch.msgid.link/20250409173312.733012-1-michael.chan@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-04-25 10:50:52 +02:00
..
bitset.c
ethtool: Fix wrong mod state in case of verbose and no_mask bitset
2024-12-04 18:54:43 -08:00
bitset.h
ethtool: add ethnl_parse_bitset() helper
2020-03-12 15:32:32 -07:00
cabletest.c
net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
2025-03-04 17:12:01 -08:00
channels.c
ethtool: refactor checking max channels
2024-08-09 21:52:13 -07:00
cmis_cdb.c
ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
2025-04-25 10:50:52 +02:00
cmis_fw_update.c
net: ethtool: Add support for writing firmware blocks using EPL payload
2024-10-13 18:02:50 +01:00
cmis.h
ethtool: cmis_cdb: Fix incorrect read / write length extension
2025-04-20 10:22:21 +02:00
coalesce.c
net: ethtool: Fix the panic caused by dev being null when dumping coalesce
2024-07-01 13:43:50 +01:00
common.c
net: ethtool: fix ethtool_ringparam_get_cfg() returns a hds_thresh value always as 0.
2025-04-20 10:22:17 +02:00
common.h
net: ethtool: fix ioctl confusing drivers about desired HDS user config
2025-02-24 14:15:42 -08:00
debug.c
ethtool: netlink: always pass genl_info to .prepare_data
2023-08-15 15:01:03 -07:00
eee.c
net: ethtool: eee: Remove legacy _u32 from keee
2024-02-28 12:18:05 +00:00
eeprom.c
ethtool: move firmware flashing flag to struct ethtool_netdev_state
2024-07-04 15:45:15 -07:00
features.c
ethtool: netlink: Add missing ethnl_ops_begin/complete
2024-01-18 13:21:06 +01:00
fec.c
ethtool: netlink: always pass genl_info to .prepare_data
2023-08-15 15:01:03 -07:00
ioctl.c
net: ethtool: fix ioctl confusing drivers about desired HDS user config
2025-02-24 14:15:42 -08:00
linkinfo.c
Revert "net: ethtool: Avoid thousands of -Wflex-array-member-not-at-end warnings"
2024-11-18 18:52:11 -08:00
linkmodes.c
Revert "net: ethtool: Avoid thousands of -Wflex-array-member-not-at-end warnings"
2024-11-18 18:52:11 -08:00
linkstate.c
net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
2025-03-04 17:12:01 -08:00
Makefile
net: ethtool: Add support for tsconfig command to get/set hwtstamp config
2024-12-16 12:51:41 +00:00
mm.c
ethtool: netlink: always pass genl_info to .prepare_data
2023-08-15 15:01:03 -07:00
module_fw.h
ethtool: Add ability to flash transceiver modules' firmware
2024-06-28 10:48:23 +01:00
module.c
net: ethtool: Monotonically increase the message sequence number
2024-07-13 15:37:36 -07:00
netlink.c
net: ethtool: Don't call .cleanup_data when prepare_data fails
2025-04-20 10:22:18 +02:00
netlink.h
net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
2025-03-04 17:12:01 -08:00
pause.c
ethtool: netlink: always pass genl_info to .prepare_data
2023-08-15 15:01:03 -07:00
phc_vclocks.c
ethtool: netlink: always pass genl_info to .prepare_data
2023-08-15 15:01:03 -07:00
phy.c
net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
2025-03-04 17:12:01 -08:00
plca.c
net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
2025-03-04 17:12:01 -08:00
privflags.c
ethtool: netlink: always pass genl_info to .prepare_data
2023-08-15 15:01:03 -07:00
pse-pd.c
net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
2025-03-04 17:12:01 -08:00
rings.c
net: ethtool: fix ioctl confusing drivers about desired HDS user config
2025-02-24 14:15:42 -08:00
rss.c
ethtool: rss: fix hiding unsupported fields in dumps
2025-02-03 18:38:52 -08:00
stats.c
net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
2025-03-04 17:12:01 -08:00
strset.c
net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
2025-03-04 17:12:01 -08:00
ts.h
net: ethtool: tsinfo: Enhance tsinfo to support several hwtstamp by net topology
2024-12-16 12:51:41 +00:00
tsconfig.c
net: ethtool: tsconfig: Fix netlink type of hwtstamp flags
2025-02-06 16:35:21 -08:00
tsinfo.c
net: ethtool: tsinfo: Fix dump command
2025-03-10 13:14:25 -07:00
tunnels.c
genetlink: use attrs from struct genl_info
2023-08-15 15:00:45 -07:00
wol.c
net: move ethtool-related netdev state into its own struct
2024-06-28 18:53:17 -07:00