Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp1606072rdb; Mon, 2 Oct 2023 15:15:06 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHO6sASEtIvHamIN88V4TLrJ7jfQp27e/pFWEOT5hSjxjmYxlv399vjB3z9pLxjwihel96d X-Received: by 2002:a05:6358:5924:b0:140:ecf2:4c69 with SMTP id g36-20020a056358592400b00140ecf24c69mr12251755rwf.3.1696284906035; Mon, 02 Oct 2023 15:15:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696284905; cv=none; d=google.com; s=arc-20160816; b=KWBDpy7VVr6JcW8luNdSZRZcB2jPNp69XPmkaUngniZR1DLyGYrEA3XNIprIXaEgZN cl5ePbAIDqG2o7DuKJQ2UFU/dcaCPcgeDDSbY1RJdVTif3aLFUZ0T9fthsGhcMvHbQ+L r0Dht46RYh7V+dWSGHsQAjh++c1q8yCwrzgzLIMXan07SC8aLYW5m7EMapefuGyF3a2q wInUI8US5JhipLlaINRpezV0EZJCKu+FgbmsBs+/HCqW54uwM2EZn0PPRXWyM/CpoENA srTjlokN9nT7Rr7B6d1u4HvT+RVp5fhqSa95nIdpV2xOrUkFPDBswX5IWPuTmJHIPEZk R8Fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:content-transfer-encoding:in-reply-to :from:references:cc:to:content-language:user-agent:mime-version:date :message-id:dkim-signature; bh=pHRwcTMtYqZ00aS53hi/hxRGP9MoFIyEpBDBgDayrDk=; fh=rpJSTHQ6CzRa333j2qcR82yPZ1MiehSsGiJvm2dgufg=; b=HLw7wUaYspdIQoVInz7a3BlJgvQ+hzSJsXJXUU7ryDTRHARoj+Rg9C8ioOb3dowmzZ hdjfE4rWIpjmk71yKnkoazlUxOjwnTrC8hkZOxpIpNHQhoLkIWDyVIejD022Pj+YBhbk QXzQSfatC69wBJKjYG59s/QqdXP0s7sJ41FvP6WLCk5oZLpJQRqrd1fkaUk+y7cFJl59 oOi/NsWX0PylqY/iI7KsodcKgcM5vmhxgGo56FTW4DxpLeR7b3CsAA7QKBaZob5FYLkR Pw1SXIkC4gQ4XgZCHDCvYHKj6tH7WvuL90zPdHG8PVPJbQFhNhwMHfdHgO9TNF6FVBUB J/5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@deltatee.com header.s=20200525 header.b=VAGmYhxZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=deltatee.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id v21-20020a056a00149500b0068e285eaa31si30953077pfu.259.2023.10.02.15.15.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Oct 2023 15:15:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@deltatee.com header.s=20200525 header.b=VAGmYhxZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=deltatee.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 1C2B2808D22B; Mon, 2 Oct 2023 11:46:43 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238850AbjJBSqY (ORCPT + 99 others); Mon, 2 Oct 2023 14:46:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229555AbjJBSqX (ORCPT ); Mon, 2 Oct 2023 14:46:23 -0400 Received: from ale.deltatee.com (ale.deltatee.com [204.191.154.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CDD5E4; Mon, 2 Oct 2023 11:46:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=deltatee.com; s=20200525; h=Subject:In-Reply-To:From:References:Cc:To: MIME-Version:Date:Message-ID:content-disposition; bh=pHRwcTMtYqZ00aS53hi/hxRGP9MoFIyEpBDBgDayrDk=; b=VAGmYhxZgzG/xEQ2bQGpeBFS08 cxrhvs+dLJDiPVQ+ZmKy76VOWIj8NHxJAstgUSb5XSXIRmPs33f6xGSsiPbuzKDuE0f7/3lr2HS9p ThLZKmKqppB1KJxPiwmepTWtNA6eNnAkYHoYLThHE8qy7VBYLe6ba/4Wj7h+tah2JAuWU7JoAbQye EMLGW12ZSc0ZC6jczyztymEp+VweAMQfHK2LMbeXYkEw2LLkxU7/OFrYsgLovGnhIWYEs/7czwKDP x5QM3c5ykhPUKyrnsfNY3Z8AcFioz8hUZKZzlTPACVURHPfaFyaSBUolZNWt0ZAJswuzrZYFk53k6 ux8Q0yGQ==; Received: from guinness.priv.deltatee.com ([172.16.1.162]) by ale.deltatee.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1qnNvh-002n7O-6j; Mon, 02 Oct 2023 12:46:09 -0600 Message-ID: Date: Mon, 2 Oct 2023 12:46:04 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Content-Language: en-CA To: "Gustavo A. R. Silva" , "Gustavo A. R. Silva" , Bjorn Helgaas Cc: linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org References: <29da763d-1570-7197-2d5a-03c5659b8b52@deltatee.com> <734c7fdf-4c41-2890-dbe7-ddb23fd6bcc7@embeddedor.com> From: Logan Gunthorpe In-Reply-To: <734c7fdf-4c41-2890-dbe7-ddb23fd6bcc7@embeddedor.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 172.16.1.162 X-SA-Exim-Rcpt-To: gustavo@embeddedor.com, gustavoars@kernel.org, bhelgaas@google.com, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org X-SA-Exim-Mail-From: logang@deltatee.com X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Subject: Re: [PATCH][next] PCI/P2PDMA: Fix undefined behavior bug in struct pci_p2pdma_pagemap X-SA-Exim-Version: 4.2.1 (built Sat, 13 Feb 2021 17:57:42 +0000) X-SA-Exim-Scanned: Yes (on ale.deltatee.com) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Mon, 02 Oct 2023 11:46:43 -0700 (PDT) On 2023-10-02 12:40, Gustavo A. R. Silva wrote: > > > On 10/2/23 18:07, Logan Gunthorpe wrote: >> >> >> On 2023-10-01 15:08, Gustavo A. R. Silva wrote: >>> `struct dev_pagemap` is a flexible structure, which means that it >>> contains a flexible-array member at the bottom. This could potentially >>> lead to an overwrite of the objects following `pgmap` in `struct >>> pci_p2pdma_pagemap`, when `nr_range > 1`. >>> >>> Fix this by placing the declaration of object `pgmap` at the end of >>> `struct pci_p2pdma_pagemap`. >>> >>> -Wflex-array-member-not-at-end is coming in GCC-14, and we are getting >>> ready to enable it globally. >>> >>> Fixes: 0afea3814358 ("PCI/P2PDMA: Add provider's pci_dev to pci_p2pdma_pagemap struct") >>> Fixes: a6e6fe6549f6 ("PCI/P2PDMA: Introduce private pagemap structure") >>> Cc: stable@vger.kernel.org >>> Signed-off-by: Gustavo A. R. Silva >> >> >> Makes sense to me, thanks. >> >> Although, I'm not sure the fixes tags are appropriate. The >> flexible-array member was introduced in 5.10 (b7b3c01b19) and both the >> "fixed" commits predate that change by a number of releases. > > You're right. I'll remove those tags. > >> >> Also, it's probably worth noting in the commit message that the p2pdma >> code hardcodes nr_ranges to 1 (in pci_p2pdma_add_resource); so there is >> no way to actually hit any bug with the current code. > > Yep. I mention that in this part "This could potentially lead to an > overwrite of the objects following `pgmap` in `struct pci_p2pdma_pagemap`, > when `nr_range > 1`." Yes, but the commit message is not clear that nr_range can never be >1 in the code as it currently is. Logan