From patchwork Tue Feb 25 09:08:45 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martyna Szapar-Mudlaw
 <martyna.szapar-mudlaw@linux.intel.com>
X-Patchwork-Id: 13989578
X-Patchwork-Delegate: kuba@kernel.org
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F789261599
	for <netdev@vger.kernel.org>; Tue, 25 Feb 2025 09:09:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.8
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1740474567; cv=none;
 b=dphS8ZTFYEAfN+hN7PoLYFCBjBh4ekbMjY6T4OI1JkCh81KEnEn4Tqoh7mk0l2LOF9QgSqIIByBlcaDP/Zsl7DYfiuSreszHjlDYyTU/WcOGvfPgb9CYkAT5cpw0HcXHxTE6oaCSDiPCeZDoaRy6euyzu6NZ9RLtItHFhCPurCE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1740474567; c=relaxed/simple;
	bh=nm9PO0xirdN+TRm0KZX+8xHVA8RL/ClQeLBsteWTTUQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=aDZKvuk7uv+FyqEUlBd/RUsemUjUzUrJ6h9wa3bCBhK0KXeInV7UI2UVTDSwuOFT6kpXWFy+55akCn7viKVvseGYyzRs03W1z4WOE6guK5vU/H/nYPyK7RpEBd+QgNZ0WGX4SJoFgX3GYGGBAa3PoLhF7UWpFjuWInO2Rz5/QWs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=RzQbsG80; arc=none smtp.client-ip=192.198.163.8
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="RzQbsG80"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1740474565; x=1772010565;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=nm9PO0xirdN+TRm0KZX+8xHVA8RL/ClQeLBsteWTTUQ=;
  b=RzQbsG80lu0R+ydIpvJt4Aj2NM4z0JE4apTsVkC7quaYCj4kgMgd32uw
   8t7IEdS0c19zQR4I7Z6ZHlDo9/WhqE/4rBRUUxqLqxw/9sWHk+NXbyQqQ
   n2ouOYSDuIsodkZ1jKUy16Z1A/Lw7yr5sqCkpFRXbel47nDpzz8Ciemoq
   /ldGv6a6ZVbzCD0h0XlWT0jLSuBm9Kp3kwb5hYBrccrxjIbWwu278bUjP
   6Bf0pvrrlcZX6TGju1alaZTkvyjDQuEpghz96hyB+bAvOJSDwoHx8bSWp
   iRwnCKSxcaiVPK3xsbIIs0NSlA13MGz4QD+MtZcp1YIr9hZSAZrQsbcxS
   Q==;
X-CSE-ConnectionGUID: 0YiX9LKQTdW1iNHCIQNtFg==
X-CSE-MsgGUID: P4wH6jO5R+Oxh/xHuc8fOA==
X-IronPort-AV: E=McAfee;i="6700,10204,11355"; a="58810329"
X-IronPort-AV: E=Sophos;i="6.13,313,1732608000";
   d="scan'208";a="58810329"
Received: from orviesa003.jf.intel.com ([10.64.159.143])
  by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 25 Feb 2025 01:09:25 -0800
X-CSE-ConnectionGUID: gelLJujlQuuSx/Sc7/D8jw==
X-CSE-MsgGUID: UrmrT27xSFOOVP0ct2c23A==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.13,313,1732608000";
   d="scan'208";a="121275617"
Received: from enterprise.igk.intel.com ([10.102.20.175])
  by orviesa003.jf.intel.com with ESMTP; 25 Feb 2025 01:09:23 -0800
From: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
To: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org,
	Jan Glaza <jan.glaza@intel.com>,
	Jedrzej Jagielski <jedrzej.jagielski@intel.com>,
	Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
Subject: [iwl-net v2 1/5] virtchnl: make proto and filter action count
 unsigned
Date: Tue, 25 Feb 2025 10:08:45 +0100
Message-ID: <20250225090847.513849-4-martyna.szapar-mudlaw@linux.intel.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20250225090847.513849-2-martyna.szapar-mudlaw@linux.intel.com>
References: <20250225090847.513849-2-martyna.szapar-mudlaw@linux.intel.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: kuba@kernel.org

From: Jan Glaza <jan.glaza@intel.com>

The count field in virtchnl_proto_hdrs and virtchnl_filter_action_set
should never be negative while still being valid. Changing it from
int to u32 ensures proper handling of values in virtchnl messages in
driverrs and prevents unintended behavior.
In its current signed form, a negative count does not trigger
an error in ice driver but instead results in it being treated as 0.
This can lead to unexpected outcomes when processing messages.
By using u32, any invalid values will correctly trigger -EINVAL,
making error detection more robust.

Fixes: 1f7ea1cd6a374 ("ice: Enable FDIR Configure for AVF")
Reviewed-by: Jedrzej Jagielski <jedrzej.jagielski@intel.com>
Signed-off-by: Jan Glaza <jan.glaza@intel.com>
Signed-off-by: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
---
 include/linux/avf/virtchnl.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/avf/virtchnl.h b/include/linux/avf/virtchnl.h
index 4811b9a14604..cf0afa60e4a7 100644
--- a/include/linux/avf/virtchnl.h
+++ b/include/linux/avf/virtchnl.h
@@ -1343,7 +1343,7 @@ struct virtchnl_proto_hdrs {
 	 * 2 - from the second inner layer
 	 * ....
 	 **/
-	int count; /* the proto layers must < VIRTCHNL_MAX_NUM_PROTO_HDRS */
+	u32 count; /* the proto layers must < VIRTCHNL_MAX_NUM_PROTO_HDRS */
 	union {
 		struct virtchnl_proto_hdr
 			proto_hdr[VIRTCHNL_MAX_NUM_PROTO_HDRS];
@@ -1395,7 +1395,7 @@ VIRTCHNL_CHECK_STRUCT_LEN(36, virtchnl_filter_action);
 
 struct virtchnl_filter_action_set {
 	/* action number must be less then VIRTCHNL_MAX_NUM_ACTIONS */
-	int count;
+	u32 count;
 	struct virtchnl_filter_action actions[VIRTCHNL_MAX_NUM_ACTIONS];
 };
 

From patchwork Tue Feb 25 09:08:46 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martyna Szapar-Mudlaw
 <martyna.szapar-mudlaw@linux.intel.com>
X-Patchwork-Id: 13989579
X-Patchwork-Delegate: kuba@kernel.org
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E637262819
	for <netdev@vger.kernel.org>; Tue, 25 Feb 2025 09:09:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.8
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1740474569; cv=none;
 b=C27Z+pNE7vQr3EUWrBjOtTJwMpB+fRdrrA534jD/iknMJAUqMjXesTuQCAfTbtljQFia8CHWBWzbtNjyQXG93W4JAorFj6x0ynX7Dw1deeIeJaxwVOMBhyTMmoVvU8ig/AwNm/g2CkfHu2XddN5QSzzW5pgkLsMe0mEzdORq1RE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1740474569; c=relaxed/simple;
	bh=67Gu1RmjPR1JY++tARVEZch0cjxi0tgthD21eX8Tu5U=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=g9jdpLXsZwa7SNd3tlQ8HMMRWBEvfgBHk/zpw3yCetZiRjkF+a1vS+ajmZxUBA9XoBQOiheZ4et3lDbDr32xMj5ZfRw7navbXkgnuK3zg6rF+RMvX0KXnNWZ1HrtulpqO+N5co9Xdi9OUklHBRa+q9Gmj/UfUbdrBgbf4t7aoAU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=YjrG206e; arc=none smtp.client-ip=192.198.163.8
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="YjrG206e"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1740474567; x=1772010567;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=67Gu1RmjPR1JY++tARVEZch0cjxi0tgthD21eX8Tu5U=;
  b=YjrG206eEAlZj3352pTBywXcwQU0ASfxDPjTawjJhIBxZInCIGSGwMqi
   wd0cWw8l1OsOPnmCUVxQoyhRfIdJotTDo/jX71byQ3/1jKxPmHQrJ8mfg
   M1ECWwSrm+1OiYWpY5dJNco5iTxoihqwKqEjOjIjwOxHg1YocYyZesOeG
   FGW7O5uzp7pq5A7/oucLD4jtxsX+OgS4UFCJkImHbLarsMv4NX7Hce/jS
   FKyTYXrmjy/Xu1udHZrQoh+POBvFbiHCVarVMAz+jvuB9hOMVRaEceQgs
   DDlRjrcvuZWzGGpWUbfzSTiXXECB3jym6Zfb8RPm5sOJe2azLP453Fui3
   w==;
X-CSE-ConnectionGUID: K5dBJ+cnSSmobwzJz+Oazg==
X-CSE-MsgGUID: M0/muae6TTqozgAiAdlDXg==
X-IronPort-AV: E=McAfee;i="6700,10204,11355"; a="58810337"
X-IronPort-AV: E=Sophos;i="6.13,313,1732608000";
   d="scan'208";a="58810337"
Received: from orviesa003.jf.intel.com ([10.64.159.143])
  by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 25 Feb 2025 01:09:27 -0800
X-CSE-ConnectionGUID: P0tmYXlQSvaWoPO4+gfNRA==
X-CSE-MsgGUID: /QTdNHudQZ6SfJ9Mtb3TFw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.13,313,1732608000";
   d="scan'208";a="121275634"
Received: from enterprise.igk.intel.com ([10.102.20.175])
  by orviesa003.jf.intel.com with ESMTP; 25 Feb 2025 01:09:26 -0800
From: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
To: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org,
	Jan Glaza <jan.glaza@intel.com>,
	Aleksandr Loktionov <aleksandr.loktionov@intel.com>,
	Jedrzej Jagielski <jedrzej.jagielski@intel.com>,
	Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
Subject: [iwl-net v2 2/5] ice: stop truncating queue ids when checking
Date: Tue, 25 Feb 2025 10:08:46 +0100
Message-ID: <20250225090847.513849-5-martyna.szapar-mudlaw@linux.intel.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20250225090847.513849-2-martyna.szapar-mudlaw@linux.intel.com>
References: <20250225090847.513849-2-martyna.szapar-mudlaw@linux.intel.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: kuba@kernel.org

From: Jan Glaza <jan.glaza@intel.com>

Queue IDs can be up to 4096, fix invalid check to stop
truncating IDs to 8 bits.

Fixes: bf93bf791cec8 ("ice: introduce ice_virtchnl.c and ice_virtchnl.h")
Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
Reviewed-by: Jedrzej Jagielski <jedrzej.jagielski@intel.com>
Signed-off-by: Jan Glaza <jan.glaza@intel.com>
Signed-off-by: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
---
 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl.c b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
index b6285433307c..343f2b4b0dc5 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
@@ -565,7 +565,7 @@ bool ice_vc_isvalid_vsi_id(struct ice_vf *vf, u16 vsi_id)
  *
  * check for the valid queue ID
  */
-static bool ice_vc_isvalid_q_id(struct ice_vsi *vsi, u8 qid)
+static bool ice_vc_isvalid_q_id(struct ice_vsi *vsi, u16 qid)
 {
 	/* allocated Tx and Rx queues should be always equal for VF VSI */
 	return qid < vsi->alloc_txq;

From patchwork Tue Feb 25 09:08:47 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martyna Szapar-Mudlaw
 <martyna.szapar-mudlaw@linux.intel.com>
X-Patchwork-Id: 13989580
X-Patchwork-Delegate: kuba@kernel.org
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8CB25262D3B
	for <netdev@vger.kernel.org>; Tue, 25 Feb 2025 09:09:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.8
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1740474571; cv=none;
 b=JknFJBH8UXn3l3G68LGmAPoGsMp1Jleq6nO46rSlvXWbr0mefj6H+PKwg29vgpCsJUFfPXYMbYmB3O/MEVpXwK0ICRSBYEDUl9/GA1Z9mpRCyT0XQmFeHXVOCjbwaF+JMNfIUtZTMafPza2bKbJmf3rnP0YDy+x6qhvUdUMSKIw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1740474571; c=relaxed/simple;
	bh=qvH744x9n/EIaRK81PRkt4ItVtZ4IA+MhzAIe0c3AxQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=HYBoE+p+ZJQJm1KoZniQeuKPP0VVEpP8xcj6CjleeQOY0ALvEVHuFUkerZPwO15cFrzQdWBlcP/R+tRV7HnSkDmnTRJ4xmmGVMzSJDKInB0U0lRUNF6YqI4iIwWtLaXlsr+MsWDMNcX/++Cx0Y7K0n66NEELeDcyDn1+3IrGEQs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=Cz+80rHl; arc=none smtp.client-ip=192.198.163.8
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="Cz+80rHl"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1740474569; x=1772010569;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=qvH744x9n/EIaRK81PRkt4ItVtZ4IA+MhzAIe0c3AxQ=;
  b=Cz+80rHlJBZB47NT+xlm6zXG5k7ZFeWNqFgGIQLyHY+tHEJXN5bE8Yd6
   KMFkPYvCbvrw1MWSHMCFudRE++rQtcNbu9docf0gPtSiRK5H7hPu2t+tR
   kRugsdG6h7AqkkoDVymoMFYPDL+A+W3L6GDWxUNX5dNVFf3ziEB29TwDO
   ZMhRLaa+9KSB2PXNEf/lrpHMm2+VNDVkpWJIghiGuiZXC0BYkZ8JqgPVB
   mExZXfY4jT0BXsYJ6TAm/dkgdGTwYwPt11xRDW1iYQb7v4+1tOGMtNFGB
   h4X6TcwuCwcjp2QAFWM06C5S9zBBtBr4uMUrVPfMDtalgTYRF1sA/2uo4
   w==;
X-CSE-ConnectionGUID: R3QMEkEYRGemOM7TzNtd4Q==
X-CSE-MsgGUID: wXi05FxOQvaaeMac2o5XHw==
X-IronPort-AV: E=McAfee;i="6700,10204,11355"; a="58810340"
X-IronPort-AV: E=Sophos;i="6.13,313,1732608000";
   d="scan'208";a="58810340"
Received: from orviesa003.jf.intel.com ([10.64.159.143])
  by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 25 Feb 2025 01:09:29 -0800
X-CSE-ConnectionGUID: HxS2/pS1Tqm2YBs5XkgZLA==
X-CSE-MsgGUID: Gs5F6aekTIGmUa9YBhzKxA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.13,313,1732608000";
   d="scan'208";a="121275661"
Received: from enterprise.igk.intel.com ([10.102.20.175])
  by orviesa003.jf.intel.com with ESMTP; 25 Feb 2025 01:09:28 -0800
From: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
To: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org,
	Jan Glaza <jan.glaza@intel.com>,
	Jedrzej Jagielski <jedrzej.jagielski@intel.com>,
	Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
Subject: [iwl-net v2 3/5] ice: validate queue quanta parameters to prevent OOB
 access
Date: Tue, 25 Feb 2025 10:08:47 +0100
Message-ID: <20250225090847.513849-6-martyna.szapar-mudlaw@linux.intel.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20250225090847.513849-2-martyna.szapar-mudlaw@linux.intel.com>
References: <20250225090847.513849-2-martyna.szapar-mudlaw@linux.intel.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: kuba@kernel.org

From: Jan Glaza <jan.glaza@intel.com>

Add queue wraparound prevention in quanta configuration.
Ensure end_qid does not overflow by validating start_qid and num_queues.

Fixes: 015307754a19 ("ice: Support VF queue rate limit and quanta size configuration")
Reviewed-by: Jedrzej Jagielski <jedrzej.jagielski@intel.com>
Signed-off-by: Jan Glaza <jan.glaza@intel.com>
Signed-off-by: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
---
 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl.c b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
index 343f2b4b0dc5..adb1bf12542f 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
@@ -1903,13 +1903,21 @@ static int ice_vc_cfg_q_bw(struct ice_vf *vf, u8 *msg)
  */
 static int ice_vc_cfg_q_quanta(struct ice_vf *vf, u8 *msg)
 {
+	u16 quanta_prof_id, quanta_size, start_qid, num_queues, end_qid, i;
 	enum virtchnl_status_code v_ret = VIRTCHNL_STATUS_SUCCESS;
-	u16 quanta_prof_id, quanta_size, start_qid, end_qid, i;
 	struct virtchnl_quanta_cfg *qquanta =
 		(struct virtchnl_quanta_cfg *)msg;
 	struct ice_vsi *vsi;
 	int ret;
 
+	start_qid = qquanta->queue_select.start_queue_id;
+	num_queues = qquanta->queue_select.num_queues;
+
+	if (check_add_overflow(start_qid, num_queues, &end_qid)) {
+		v_ret = VIRTCHNL_STATUS_ERR_PARAM;
+		goto err;
+	}
+
 	if (!test_bit(ICE_VF_STATE_ACTIVE, vf->vf_states)) {
 		v_ret = VIRTCHNL_STATUS_ERR_PARAM;
 		goto err;
@@ -1921,8 +1929,6 @@ static int ice_vc_cfg_q_quanta(struct ice_vf *vf, u8 *msg)
 		goto err;
 	}
 
-	end_qid = qquanta->queue_select.start_queue_id +
-		  qquanta->queue_select.num_queues;
 	if (end_qid > ICE_MAX_RSS_QS_PER_VF ||
 	    end_qid > min_t(u16, vsi->alloc_txq, vsi->alloc_rxq)) {
 		dev_err(ice_pf_to_dev(vf->pf), "VF-%d trying to configure more than allocated number of queues: %d\n",
@@ -1951,7 +1957,6 @@ static int ice_vc_cfg_q_quanta(struct ice_vf *vf, u8 *msg)
 		goto err;
 	}
 
-	start_qid = qquanta->queue_select.start_queue_id;
 	for (i = start_qid; i < end_qid; i++)
 		vsi->tx_rings[i]->quanta_prof_id = quanta_prof_id;
 

From patchwork Tue Feb 25 09:08:48 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martyna Szapar-Mudlaw
 <martyna.szapar-mudlaw@linux.intel.com>
X-Patchwork-Id: 13989581
X-Patchwork-Delegate: kuba@kernel.org
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 42948263C80
	for <netdev@vger.kernel.org>; Tue, 25 Feb 2025 09:09:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.8
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1740474573; cv=none;
 b=VrtVGZIRhTyc0A+nbtDWHF2T+3RfBtEsue1WWEv9eYpcchh5FIza1KJPQdX6/u+9pmkWV4CgQermBSIVLeZEL8uuVvGF9Hs2TKpRbuMlKydmks6FtXxR13CkZCyXgFb5Y3nAW7MVSDi2CojEf1i4tJwoyck8ARQxZl3z5nKRmVI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1740474573; c=relaxed/simple;
	bh=3SyF92afDOn91GOA4VLtpi+hktql8pF4fEirFHsgAHk=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=P8XeG9BDOfntT4M+iMFi3MlojaiOreNsbseaazO6M14GLQQpqK3VLDs78L9r7GgTkDWuqt5V2+dQi41+sdzg6np7rCpH3Y18lUBZGJh+TzADgjelcVA98MwhJa9siE/R70jCsk/TiA+P6yo/ZDWM5cSLZrGNIF6zuwn9n1y/yyE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=fekiE170; arc=none smtp.client-ip=192.198.163.8
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="fekiE170"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1740474572; x=1772010572;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=3SyF92afDOn91GOA4VLtpi+hktql8pF4fEirFHsgAHk=;
  b=fekiE170yRLz8xugvxyIK3KPqZKD/aPhNd8TxEPrfOtt/FKC66orFzLS
   haeOwJ6TEGJl2E09F3zBpmOIHQ8bcTACfhDEXudSThGpFJzvrlS0x1Lbn
   0+NfC6HRuW4v3mylfSqkuz7GVLKCWEfS1Xsu1YTWODYM2Tov4nuHTK0xF
   KObY5BAeOxbhIccTXVb3JxgQVFZkhkmFmYwl1mcZn1gsCkivQFSbujvxY
   WawezPEVHBpVI7vTfB3fFSIvWm2enBW2dpb6rurTdwD0rh2u/7NsqXtAJ
   MMd6nXBCrUWfLhsZWOb9v/DSV//eQew4sVghjPqglNPmWaGvd/MRVZn98
   Q==;
X-CSE-ConnectionGUID: BghO6v1/Roe22nVpc/KIAg==
X-CSE-MsgGUID: OpFaxZPEQ7miir3FTY0xIA==
X-IronPort-AV: E=McAfee;i="6700,10204,11355"; a="58810344"
X-IronPort-AV: E=Sophos;i="6.13,313,1732608000";
   d="scan'208";a="58810344"
Received: from orviesa003.jf.intel.com ([10.64.159.143])
  by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 25 Feb 2025 01:09:32 -0800
X-CSE-ConnectionGUID: JM7sHMX5TJCt7JwJyi1paw==
X-CSE-MsgGUID: aPU30UIzQ8K6hHdTzEw2sQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.13,313,1732608000";
   d="scan'208";a="121275685"
Received: from enterprise.igk.intel.com ([10.102.20.175])
  by orviesa003.jf.intel.com with ESMTP; 25 Feb 2025 01:09:30 -0800
From: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
To: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org,
	Lukasz Czapnik <lukasz.czapnik@intel.com>,
	Jedrzej Jagielski <jedrzej.jagielski@intel.com>,
	Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
Subject: [iwl-net v2 4/5] ice: fix input validation for virtchnl BW
Date: Tue, 25 Feb 2025 10:08:48 +0100
Message-ID: <20250225090847.513849-7-martyna.szapar-mudlaw@linux.intel.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20250225090847.513849-2-martyna.szapar-mudlaw@linux.intel.com>
References: <20250225090847.513849-2-martyna.szapar-mudlaw@linux.intel.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: kuba@kernel.org

From: Lukasz Czapnik <lukasz.czapnik@intel.com>

Add missing validation of tc and queue id values sent by a VF in
ice_vc_cfg_q_bw().
Additionally fixed logged value in the warning message,
where max_tx_rate was incorrectly referenced instead of min_tx_rate.
Also correct error handling in this function by properly exiting
when invalid configuration is detected.

Fixes: 015307754a19 ("ice: Support VF queue rate limit and quanta size configuration")
Reviewed-by: Jedrzej Jagielski <jedrzej.jagielski@intel.com>
Signed-off-by: Lukasz Czapnik <lukasz.czapnik@intel.com>
Co-developed-by: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
Signed-off-by: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
---
 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 24 ++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl.c b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
index adb1bf12542f..824ef849b0ea 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
@@ -1865,15 +1865,33 @@ static int ice_vc_cfg_q_bw(struct ice_vf *vf, u8 *msg)
 
 	for (i = 0; i < qbw->num_queues; i++) {
 		if (qbw->cfg[i].shaper.peak != 0 && vf->max_tx_rate != 0 &&
-		    qbw->cfg[i].shaper.peak > vf->max_tx_rate)
+		    qbw->cfg[i].shaper.peak > vf->max_tx_rate) {
 			dev_warn(ice_pf_to_dev(vf->pf), "The maximum queue %d rate limit configuration may not take effect because the maximum TX rate for VF-%d is %d\n",
 				 qbw->cfg[i].queue_id, vf->vf_id,
 				 vf->max_tx_rate);
+			v_ret = VIRTCHNL_STATUS_ERR_PARAM;
+			goto err;
+		}
 		if (qbw->cfg[i].shaper.committed != 0 && vf->min_tx_rate != 0 &&
-		    qbw->cfg[i].shaper.committed < vf->min_tx_rate)
+		    qbw->cfg[i].shaper.committed < vf->min_tx_rate) {
 			dev_warn(ice_pf_to_dev(vf->pf), "The minimum queue %d rate limit configuration may not take effect because the minimum TX rate for VF-%d is %d\n",
 				 qbw->cfg[i].queue_id, vf->vf_id,
-				 vf->max_tx_rate);
+				 vf->min_tx_rate);
+			v_ret = VIRTCHNL_STATUS_ERR_PARAM;
+			goto err;
+		}
+		if (qbw->cfg[i].queue_id > vf->num_vf_qs) {
+			dev_warn(ice_pf_to_dev(vf->pf), "VF-%d trying to configure invalid queue_id\n",
+				 vf->vf_id);
+			v_ret = VIRTCHNL_STATUS_ERR_PARAM;
+			goto err;
+		}
+		if (qbw->cfg[i].tc >= ICE_MAX_TRAFFIC_CLASS) {
+			dev_warn(ice_pf_to_dev(vf->pf), "VF-%d trying to configure a traffic class higher than allowed\n",
+				 vf->vf_id);
+			v_ret = VIRTCHNL_STATUS_ERR_PARAM;
+			goto err;
+		}
 	}
 
 	for (i = 0; i < qbw->num_queues; i++) {

From patchwork Tue Feb 25 09:08:49 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martyna Szapar-Mudlaw
 <martyna.szapar-mudlaw@linux.intel.com>
X-Patchwork-Id: 13989582
X-Patchwork-Delegate: kuba@kernel.org
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A9664263F42
	for <netdev@vger.kernel.org>; Tue, 25 Feb 2025 09:09:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=192.198.163.8
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1740474576; cv=none;
 b=myyGGbsqwonYauVAmiBFzynRhfqGNsQby6r4zulzg5eBWAej595msizyUrAFgQSNDAYnHqnCqwrgXappwXPjABXBvt5hp6smSWYOmfM/o/ec5oZS/wsef0oMqHYvBcehwcPKSWg6UZUCuvZAzFaZstwTOzaOhxmWzmDkyIT/gf8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1740474576; c=relaxed/simple;
	bh=p2lHx+ivZdf+2bsYoUoyEQpLiHAsgUf1x6J7T9tfMH4=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=mzRkUQvpPNmHVwovSRTOEsllBQL3JHnrRid+XuvcZq5lvvIaOyffQwoD6bALhAgvCq9DqWU5jCjJlT6lq/EKu6FdWPyxcWSEvODHK4jkkJxj7NlFbuKSvP+lh2viPROQz7Tr1QR4OWS4grjOMLUjRRCm9BsVsIBR1nOOqbtKP+k=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=H1VM7+M0; arc=none smtp.client-ip=192.198.163.8
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="H1VM7+M0"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1740474574; x=1772010574;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=p2lHx+ivZdf+2bsYoUoyEQpLiHAsgUf1x6J7T9tfMH4=;
  b=H1VM7+M08zUEp6M74/zfBhCXK+ys3Qewz/gRkXAjGvVsEuj+GQrFhDxI
   JpsnG4nykUwQIxv0S4xVOOOtmAFWxVRz0pO8jqBcrJNzRbV+Mw87N5Lwb
   8rXiQXjihVP2OAqGR8yPI8hqKW/XOFWqggMNzUKGDQosnqZlwP/ddrk+r
   dR5dlE57qSH/7JaYRXFpuqWMphUxN2t2wK3DSxop42YXgrxjesJRE+NCX
   MmmK7K6KKbEzgFdB2gDYQ3RjoLBX4N2mmgzuSdXtZE8pSPBPbro3nZ4P5
   +9lrWjWBIOVvDNFbZtASafPFghAbtRRai9ScjnP+5iC1XWPSlokwtwajW
   g==;
X-CSE-ConnectionGUID: ZTsAbjazScGHntF9qzPLgg==
X-CSE-MsgGUID: 7vNHmrLiQEawesF4vA1POQ==
X-IronPort-AV: E=McAfee;i="6700,10204,11355"; a="58810348"
X-IronPort-AV: E=Sophos;i="6.13,313,1732608000";
   d="scan'208";a="58810348"
Received: from orviesa003.jf.intel.com ([10.64.159.143])
  by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 25 Feb 2025 01:09:34 -0800
X-CSE-ConnectionGUID: o+9dFX3gRHGoJ6Rd1FpILg==
X-CSE-MsgGUID: E+rWjXQ0T22J4soRLBBOew==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.13,313,1732608000";
   d="scan'208";a="121275700"
Received: from enterprise.igk.intel.com ([10.102.20.175])
  by orviesa003.jf.intel.com with ESMTP; 25 Feb 2025 01:09:33 -0800
From: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
To: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org,
	Mateusz Polchlopek <mateusz.polchlopek@intel.com>,
	Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
Subject: [iwl-net v2 5/5] ice: fix using untrusted value of pkt_len in
 ice_vc_fdir_parse_raw()
Date: Tue, 25 Feb 2025 10:08:49 +0100
Message-ID: <20250225090847.513849-8-martyna.szapar-mudlaw@linux.intel.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20250225090847.513849-2-martyna.szapar-mudlaw@linux.intel.com>
References: <20250225090847.513849-2-martyna.szapar-mudlaw@linux.intel.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: kuba@kernel.org

From: Mateusz Polchlopek <mateusz.polchlopek@intel.com>

Fix using the untrusted value of proto->raw.pkt_len in function
ice_vc_fdir_parse_raw() by verifying if it does not exceed the
VIRTCHNL_MAX_SIZE_RAW_PACKET value.

Fixes: 99f419df8a5c ("ice: enable FDIR filters from raw binary patterns for VFs")
Signed-off-by: Mateusz Polchlopek <mateusz.polchlopek@intel.com>
Signed-off-by: Martyna Szapar-Mudlaw <martyna.szapar-mudlaw@linux.intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
---
 .../ethernet/intel/ice/ice_virtchnl_fdir.c    | 25 +++++++++++++------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c
index 14e3f0f89c78..6250629ee8f9 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c
@@ -835,18 +835,27 @@ ice_vc_fdir_parse_raw(struct ice_vf *vf,
 	u8 *pkt_buf, *msk_buf __free(kfree);
 	struct ice_parser_result rslt;
 	struct ice_pf *pf = vf->pf;
+	u16 pkt_len, udp_port = 0;
 	struct ice_parser *psr;
 	int status = -ENOMEM;
 	struct ice_hw *hw;
-	u16 udp_port = 0;
 
-	pkt_buf = kzalloc(proto->raw.pkt_len, GFP_KERNEL);
-	msk_buf = kzalloc(proto->raw.pkt_len, GFP_KERNEL);
+	if (!proto->raw.pkt_len)
+		return -EINVAL;
+
+	pkt_len = proto->raw.pkt_len;
+
+	if (!pkt_len || pkt_len > VIRTCHNL_MAX_SIZE_RAW_PACKET)
+		return -EINVAL;
+
+	pkt_buf = kzalloc(pkt_len, GFP_KERNEL);
+	msk_buf = kzalloc(pkt_len, GFP_KERNEL);
+
 	if (!pkt_buf || !msk_buf)
 		goto err_mem_alloc;
 
-	memcpy(pkt_buf, proto->raw.spec, proto->raw.pkt_len);
-	memcpy(msk_buf, proto->raw.mask, proto->raw.pkt_len);
+	memcpy(pkt_buf, proto->raw.spec, pkt_len);
+	memcpy(msk_buf, proto->raw.mask, pkt_len);
 
 	hw = &pf->hw;
 
@@ -862,7 +871,7 @@ ice_vc_fdir_parse_raw(struct ice_vf *vf,
 	if (ice_get_open_tunnel_port(hw, &udp_port, TNL_VXLAN))
 		ice_parser_vxlan_tunnel_set(psr, udp_port, true);
 
-	status = ice_parser_run(psr, pkt_buf, proto->raw.pkt_len, &rslt);
+	status = ice_parser_run(psr, pkt_buf, pkt_len, &rslt);
 	if (status)
 		goto err_parser_destroy;
 
@@ -876,7 +885,7 @@ ice_vc_fdir_parse_raw(struct ice_vf *vf,
 	}
 
 	status = ice_parser_profile_init(&rslt, pkt_buf, msk_buf,
-					 proto->raw.pkt_len, ICE_BLK_FD,
+					 pkt_len, ICE_BLK_FD,
 					 conf->prof);
 	if (status)
 		goto err_parser_profile_init;
@@ -885,7 +894,7 @@ ice_vc_fdir_parse_raw(struct ice_vf *vf,
 		ice_parser_profile_dump(hw, conf->prof);
 
 	/* Store raw flow info into @conf */
-	conf->pkt_len = proto->raw.pkt_len;
+	conf->pkt_len = pkt_len;
 	conf->pkt_buf = pkt_buf;
 	conf->parser_ena = true;