summaryrefslogtreecommitdiff
path: root/drivers/infiniband/hw/ionic/ionic_queue.c
diff options
context:
space:
mode:
authorNick Child <nnac123@linux.ibm.com>2025-03-20 16:29:51 -0500
committerJakub Kicinski <kuba@kernel.org>2025-03-25 08:20:08 -0700
commitd93a6caab5d7d9b5ce034d75b1e1e993338e3852 (patch)
tree6dfcabf5fa068b8748987c8d5dbbba06b880e7e9 /drivers/infiniband/hw/ionic/ionic_queue.c
parent094ee6017ea09c11d6af187935a949df32803ce0 (diff)
ibmvnic: Use kernel helpers for hex dumps
Previously, when the driver was printing hex dumps, the buffer was cast to an 8 byte long and printed using string formatters. If the buffer size was not a multiple of 8 then a read buffer overflow was possible. Therefore, create a new ibmvnic function that loops over a buffer and calls hex_dump_to_buffer instead. This patch address KASAN reports like the one below: ibmvnic 30000003 env3: Login Buffer: ibmvnic 30000003 env3: 01000000af000000 <...> ibmvnic 30000003 env3: 2e6d62692e736261 ibmvnic 30000003 env3: 65050003006d6f63 ================================================================== BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic] Read of size 8 at addr c0000001331a9aa8 by task ip/17681 <...> Allocated by task 17681: <...> ibmvnic_login+0x2f0/0xffc [ibmvnic] ibmvnic_open+0x148/0x308 [ibmvnic] __dev_open+0x1ac/0x304 <...> The buggy address is located 168 bytes inside of allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf) <...> ================================================================= ibmvnic 30000003 env3: 000000000033766e Fixes: 032c5e82847a ("Driver for IBM System i/p VNIC protocol") Signed-off-by: Nick Child <nnac123@linux.ibm.com> Reviewed-by: Dave Marquardt <davemarq@linux.ibm.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20250320212951.11142-1-nnac123@linux.ibm.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'drivers/infiniband/hw/ionic/ionic_queue.c')
0 files changed, 0 insertions, 0 deletions