From patchwork Fri Feb 5 14:38:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Elder X-Patchwork-Id: 376938 Delivered-To: patch@linaro.org Received: by 2002:a02:b18a:0:0:0:0:0 with SMTP id t10csp2399645jah; Fri, 5 Feb 2021 08:27:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJxUU9ET2DZriFNwkEc1gBZx3RwgFCyWu2F/LSKv5T2uIEGQRukumBpbdTu40D2cjMDUZwcn X-Received: by 2002:a50:fe02:: with SMTP id f2mr4152198edt.195.1612542462321; Fri, 05 Feb 2021 08:27:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612542462; cv=none; d=google.com; s=arc-20160816; b=DFwqkVgzZE9eLh6ZYGJkPSc/B3p16Xln6tyUHtfmqdfCQC18HanM27idZr0eOZQE49 TUx6dcqLFm84yE6WCroA1HQecU2MD9KyFWXINu/s/DMRdzzIAbkEAOsrI9wV/SfKoZD1 Yyue5HdNwRss024gaA3fjygQ+bV1tH/pcAOjYWCODLdr5PIXdcHF7QeviZFm4xqhUCKG gmBh55Pfm95mAfm8dOc5rhThkaHYEp9h7nxobOZ0SknqY8DeMdCui1sjIjvqc23wmLWB l8YTAbn5QqKKkffbjkRWoP5/BGjO1rgziiRE8R2B7AGcTXVkI7sG+Xb8cfbMhQAZrIQY AIyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=8+ck2H8Pw6wgSCqXl5lp8F6E+5zNs1S9ypztUefo5vE=; b=ovl57HgfY4Qy9o42EeJpcghuFOrkEaHwBiJCTvNzI/0cfxHF/Ef/DFuY43XVvGOVYN 9357dLoLc7Kn0zOuD7R5oDz6rHI4Neq4w3rb1hbDpvcOopMriNYXdJp6bbxgkmhW1QDl ZkKgaEbD7S/i4BD+4N3bHZSSQHmUHM+fmTSEBxhGGfPOpDJRQlxQsaFSoP6srzcHnhDD 9wakYluf8kcY9x9dVZHafj0xZMXKlVHa4F0106kUYnsl/lubnIy5hH1IKp+fqA0/BO8g s8wUeMRaBsWau69Q8xiYQIR2+QaBgFGKm9TA1V8AYtvW60lMV7kFxfN95I8owaebnGo8 8Tlw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=uRg8k3Yj; spf=pass (google.com: domain of netdev-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m12si5520518ejx.144.2021.02.05.08.27.41; Fri, 05 Feb 2021 08:27:42 -0800 (PST) Received-SPF: pass (google.com: domain of netdev-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=uRg8k3Yj; spf=pass (google.com: domain of netdev-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231245AbhBEOrq (ORCPT + 7 others); Fri, 5 Feb 2021 09:47:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45606 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231261AbhBEOlY (ORCPT ); Fri, 5 Feb 2021 09:41:24 -0500 Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 54C89C0617AB for ; Fri, 5 Feb 2021 08:19:29 -0800 (PST) Received: by mail-pf1-x42f.google.com with SMTP id j12so4629731pfj.12 for ; Fri, 05 Feb 2021 08:19:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8+ck2H8Pw6wgSCqXl5lp8F6E+5zNs1S9ypztUefo5vE=; b=uRg8k3YjUU6IsLiiIhlzn9AWCPcV4/IAp/ZEAfeGG+ImCWMygj0IZBfQ7gVH70CLSH 97ff0J7fH6wSURs2K965ZD6sWg1r4c5xVlMhWrDaAgJjON6Xb+1mK0m9hDi+LId4DfvW aInXRjPS/iCQusA4QlP7fzT/hcKqUrfXNq2O2geCzmCbg6h9XpjkdBu/TH6oxmTeW3E6 vsztOYoSdXZumasBlAH/6/TFmVsyvBrxCsoDWJO56ItgtXo8z3BaDFtVrpBvZIE7vLrs oBGKZGLb6jgjEmtxr8bxia0AhrARBVDRtjkgAWwS43xSeddxvq+tBk5CrHCV4KAyTpiA q7yQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8+ck2H8Pw6wgSCqXl5lp8F6E+5zNs1S9ypztUefo5vE=; b=oHn8+/iy3B4EIOTuU7d+aRhULzazzzoIb6c40p33/grWi12j7+rYcOjPnzGeb6sKac dz/2HCkh8VjlZZFY/TA6rVvnwsshIFa//4oxBE1Dwl9LbocUc39cGpVIeWX9oVbnfGXG 3419DGEIDzchDQMsFXTJbIulmgR7L+AOB5NgDyjBk9Sdp+L/qnVzSmWLPJvWf1tVadWs Rzl2RT5mM8IjYFLguHzN1lmsUo+g+lfCh+gmJ5qAazZhiTHyhZiuPlo3ltBn+4A36FH0 rYgj26TO5szGaUk43Mp254WdO8vUB6x5SzLb4KPSR4ISOE2Jsv/enjleDVagXzVI7+F+ Hv1A== X-Gm-Message-State: AOAM531K/3LW2VDi52HH/iHKpRT0A8cfYZSBY5n6imK1I7jwrOaU3KTU Grfk6aFifpu0q0D/SKPYcqDEXnWB6hRfJw== X-Received: by 2002:a05:6602:154e:: with SMTP id h14mr4291585iow.1.1612535921035; Fri, 05 Feb 2021 06:38:41 -0800 (PST) Received: from beast.localdomain (c-73-185-129-58.hsd1.mn.comcast.net. [73.185.129.58]) by smtp.gmail.com with ESMTPSA id h9sm4136882ili.43.2021.02.05.06.38.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Feb 2021 06:38:40 -0800 (PST) From: Alex Elder To: davem@davemloft.net, kuba@kernel.org Cc: elder@kernel.org, evgreen@chromium.org, bjorn.andersson@linaro.org, cpratapa@codeaurora.org, subashab@codeaurora.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH net-next v2 7/7] net: ipa: avoid field overflow Date: Fri, 5 Feb 2021 08:38:29 -0600 Message-Id: <20210205143829.16271-8-elder@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210205143829.16271-1-elder@linaro.org> References: <20210205143829.16271-1-elder@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org It's possible that the length passed to ipa_header_size_encoded() is larger than what can be represented by the HDR_LEN field alone (starting with IPA v4.5). If we attempted that, u32_encode_bits() would trigger a build-time error. Avoid this problem by masking off high-order bits of the value encoded as the lower portion of the header length. The same sort of problem exists in ipa_metadata_offset_encoded(), so implement the same fix there. Signed-off-by: Alex Elder --- drivers/net/ipa/ipa_reg.h | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) -- 2.20.1 diff --git a/drivers/net/ipa/ipa_reg.h b/drivers/net/ipa/ipa_reg.h index e6b0827a244ec..732e691e9aa62 100644 --- a/drivers/net/ipa/ipa_reg.h +++ b/drivers/net/ipa/ipa_reg.h @@ -408,15 +408,18 @@ enum ipa_cs_offload_en { static inline u32 ipa_header_size_encoded(enum ipa_version version, u32 header_size) { + u32 size = header_size & field_mask(HDR_LEN_FMASK); u32 val; - val = u32_encode_bits(header_size, HDR_LEN_FMASK); - if (version < IPA_VERSION_4_5) + val = u32_encode_bits(size, HDR_LEN_FMASK); + if (version < IPA_VERSION_4_5) { + /* ipa_assert(header_size == size); */ return val; + } /* IPA v4.5 adds a few more most-significant bits */ - header_size >>= hweight32(HDR_LEN_FMASK); - val |= u32_encode_bits(header_size, HDR_LEN_MSB_FMASK); + size = header_size >> hweight32(HDR_LEN_FMASK); + val |= u32_encode_bits(size, HDR_LEN_MSB_FMASK); return val; } @@ -425,15 +428,18 @@ static inline u32 ipa_header_size_encoded(enum ipa_version version, static inline u32 ipa_metadata_offset_encoded(enum ipa_version version, u32 offset) { + u32 off = offset & field_mask(HDR_OFST_METADATA_FMASK); u32 val; - val = u32_encode_bits(offset, HDR_OFST_METADATA_FMASK); - if (version < IPA_VERSION_4_5) + val = u32_encode_bits(off, HDR_OFST_METADATA_FMASK); + if (version < IPA_VERSION_4_5) { + /* ipa_assert(offset == off); */ return val; + } /* IPA v4.5 adds a few more most-significant bits */ - offset >>= hweight32(HDR_OFST_METADATA_FMASK); - val |= u32_encode_bits(offset, HDR_OFST_METADATA_MSB_FMASK); + off = offset >> hweight32(HDR_OFST_METADATA_FMASK); + val |= u32_encode_bits(off, HDR_OFST_METADATA_MSB_FMASK); return val; }