| Message ID | f6b5c29f-ca07-a6a0-6e94-6b52dc56407b@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | b9bbc4c1debc837ba56872fb3b2499ba6459ca8b |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net-next] ethtool: prevent endless loop if eeprom size is smaller than announced | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net-next |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | warning | 6 maintainers not CCed: austindh.kim@gmail.com arnd@arndb.de andrew@lunn.ch irusskikh@marvell.com danieller@nvidia.com alexanderduyck@fb.com |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 3 this patch: 3 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 10 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 3 this patch: 3 |
| netdev/header_inline | success | Link |
Hello: This patch was applied to netdev/net-next.git (refs/heads/master): On Mon, 13 Sep 2021 21:58:26 +0200 you wrote: > It shouldn't happen, but can happen that readable eeprom size is smaller > than announced. Then we would be stuck in an endless loop here because > after reaching the actual end reads return eeprom.len = 0. I faced this > issue when making a mistake in driver development. Detect this scenario > and return an error. > > Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> > > [...] Here is the summary with links: - [net-next] ethtool: prevent endless loop if eeprom size is smaller than announced https://git.kernel.org/netdev/net-next/c/b9bbc4c1debc You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c index f2abc3152..999e2a6be 100644 --- a/net/ethtool/ioctl.c +++ b/net/ethtool/ioctl.c @@ -1537,6 +1537,10 @@ static int ethtool_get_any_eeprom(struct net_device *dev, void __user *useraddr, ret = getter(dev, &eeprom, data); if (ret) break; + if (!eeprom.len) { + ret = -EIO; + break; + } if (copy_to_user(userbuf, data, eeprom.len)) { ret = -EFAULT; break;
It shouldn't happen, but can happen that readable eeprom size is smaller than announced. Then we would be stuck in an endless loop here because after reaching the actual end reads return eeprom.len = 0. I faced this issue when making a mistake in driver development. Detect this scenario and return an error. Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> --- net/ethtool/ioctl.c | 4 ++++ 1 file changed, 4 insertions(+)