diff mbox series

[net-next,01/10] lib: packing: refuse operating on bit indices which exceed size of buffer

Message ID 20240930-packing-kunit-tests-and-split-pack-unpack-v1-1-94b1f04aca85@intel.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series packing: various improvements and KUnit tests | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 9 this patch: 9
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 3 of 3 maintainers
netdev/build_clang success Errors and warnings before: 9 this patch: 9
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn fail Errors and warnings before: 12 this patch: 12
netdev/checkpatch warning WARNING: line length of 81 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Jacob Keller Sept. 30, 2024, 11:19 p.m. UTC 
From: Vladimir Oltean <vladimir.oltean@nxp.com>

While reworking the implementation, it became apparent that this check
does not exist.

There is no functional issue yet, because at call sites, "startbit" and
"endbit" are always hardcoded to correct values, and never come from the
user.

Even with the upcoming support of arbitrary buffer lengths, the
"startbit >= 8 * pbuflen" check will remain correct. This is because
we intend to always interpret the packed buffer in a way that avoids
discontinuities in the available bit indices.

Fixes: 554aae35007e ("lib: Add support for generic packing operations")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Tested-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
---
 lib/packing.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Vladimir Oltean Oct. 2, 2024, 1:44 p.m. UTC | #1 
On Mon, Sep 30, 2024 at 04:19:34PM -0700, Jacob Keller wrote:
> From: Vladimir Oltean <vladimir.oltean@nxp.com>
> 
> While reworking the implementation, it became apparent that this check
> does not exist.
> 
> There is no functional issue yet, because at call sites, "startbit" and
> "endbit" are always hardcoded to correct values, and never come from the
> user.
> 
> Even with the upcoming support of arbitrary buffer lengths, the
> "startbit >= 8 * pbuflen" check will remain correct. This is because
> we intend to always interpret the packed buffer in a way that avoids
> discontinuities in the available bit indices.
> 
> Fixes: 554aae35007e ("lib: Add support for generic packing operations")
> Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
> Tested-by: Jacob Keller <jacob.e.keller@intel.com>
> Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
> ---

I thought that Fixes: tags are not in order for patches which are not
intended to be backported, and that is also clear from the commit message?
Jacob Keller Oct. 2, 2024, 9:28 p.m. UTC | #2 
On 10/2/2024 6:44 AM, Vladimir Oltean wrote:
> On Mon, Sep 30, 2024 at 04:19:34PM -0700, Jacob Keller wrote:
>> From: Vladimir Oltean <vladimir.oltean@nxp.com>
>>
>> While reworking the implementation, it became apparent that this check
>> does not exist.
>>
>> There is no functional issue yet, because at call sites, "startbit" and
>> "endbit" are always hardcoded to correct values, and never come from the
>> user.
>>
>> Even with the upcoming support of arbitrary buffer lengths, the
>> "startbit >= 8 * pbuflen" check will remain correct. This is because
>> we intend to always interpret the packed buffer in a way that avoids
>> discontinuities in the available bit indices.
>>
>> Fixes: 554aae35007e ("lib: Add support for generic packing operations")
>> Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
>> Tested-by: Jacob Keller <jacob.e.keller@intel.com>
>> Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
>> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
>> ---
> 
> I thought that Fixes: tags are not in order for patches which are not
> intended to be backported, and that is also clear from the commit message?

Ah, yea. I had intended to drop those, but forgot.

Thanks,
Jake
diff mbox series

Patch

diff --git a/lib/packing.c b/lib/packing.c
index 3f656167c17e..439125286d2b 100644
--- a/lib/packing.c
+++ b/lib/packing.c
@@ -86,8 +86,10 @@  int packing(void *pbuf, u64 *uval, int startbit, int endbit, size_t pbuflen,
 	 */
 	int plogical_first_u8, plogical_last_u8, box;
 
-	/* startbit is expected to be larger than endbit */
-	if (startbit < endbit)
+	/* startbit is expected to be larger than endbit, and both are
+	 * expected to be within the logically addressable range of the buffer.
+	 */
+	if (unlikely(startbit < endbit || startbit >= 8 * pbuflen || endbit < 0))
 		/* Invalid function call */
 		return -EINVAL;