LinuxLists.cc - [PATCH v2 1/3] crypto: hisilicon/qm - increase the memory of local variables

2022-10-14 10:13:34

Subject: [PATCH v2 1/3] crypto: hisilicon/qm - increase the memory of local variables

Increase the buffer to prevent stack overflow by fuzz test.

Signed-off-by: Kai Ye <[email protected]>
---
drivers/crypto/hisilicon/qm.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
index e3edb176d976..5d79e9f0e7e1 100644
--- a/drivers/crypto/hisilicon/qm.c
+++ b/drivers/crypto/hisilicon/qm.c
@@ -250,7 +250,6 @@
#define QM_QOS_MIN_CIR_B 100
#define QM_QOS_MAX_CIR_U 6
#define QM_QOS_MAX_CIR_S 11
-#define QM_QOS_VAL_MAX_LEN 32
#define QM_DFX_BASE 0x0100000
#define QM_DFX_STATE1 0x0104000
#define QM_DFX_STATE2 0x01040C8
@@ -4612,7 +4611,7 @@ static ssize_t qm_get_qos_value(struct hisi_qm *qm, const char *buf,
unsigned int *fun_index)
{
char tbuf_bdf[QM_DBG_READ_LEN] = {0};
- char val_buf[QM_QOS_VAL_MAX_LEN] = {0};
+ char val_buf[QM_DBG_READ_LEN] = {0};
u32 tmp1, device, function;
int ret, bus;

--
2.17.1

2022-10-21 10:58:41

by Herbert Xu

[permalink] [raw]

Subject: Re: [PATCH v2 1/3] crypto: hisilicon/qm - increase the memory of local variables

On Fri, Oct 14, 2022 at 10:03:17AM +0000, Kai Ye wrote:
> Increase the buffer to prevent stack overflow by fuzz test.
>
> Signed-off-by: Kai Ye <[email protected]>
> ---
> drivers/crypto/hisilicon/qm.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
> index e3edb176d976..5d79e9f0e7e1 100644
> --- a/drivers/crypto/hisilicon/qm.c
> +++ b/drivers/crypto/hisilicon/qm.c
> @@ -250,7 +250,6 @@
> #define QM_QOS_MIN_CIR_B 100
> #define QM_QOS_MAX_CIR_U 6
> #define QM_QOS_MAX_CIR_S 11
> -#define QM_QOS_VAL_MAX_LEN 32
> #define QM_DFX_BASE 0x0100000
> #define QM_DFX_STATE1 0x0104000
> #define QM_DFX_STATE2 0x01040C8
> @@ -4612,7 +4611,7 @@ static ssize_t qm_get_qos_value(struct hisi_qm *qm, const char *buf,
> unsigned int *fun_index)
> {
> char tbuf_bdf[QM_DBG_READ_LEN] = {0};
> - char val_buf[QM_QOS_VAL_MAX_LEN] = {0};
> + char val_buf[QM_DBG_READ_LEN] = {0};

Please document how this value was derived in the patch log.

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt