[Intel-wired-lan] [PATCH net v1] i40e: fix PTP pins verification
Staikov, Andrii
andrii.staikov at intel.com
Thu Mar 30 09:25:05 UTC 2023
Hello Paul!
Thank you for reviewing my patch.
>> Please use the full line width of 75 characters per line.
Okay, will do.
>> Also, how did you test this?
As it was written in the commit message, the values of a new pin configuration are provided by a user. These values are defined in i40e_ptp_gpio_pin_state enum, however nothing prevents a user to provide malicious values that are out of the bounds for the given values of the enum. That can be exploited. My patch adds a check for the provided values to be inside the given range.
>> Would it be better to tell the user the wrong argument?
I am not sure this is correct to tell a user what of the provided values are incorrect due the reasons above.
Regards,
Staikov Andrii
-----Original Message-----
From: Paul Menzel <pmenzel at molgen.mpg.de>
Sent: Thursday, March 30, 2023 9:29 AM
To: Staikov, Andrii <andrii.staikov at intel.com>
Cc: intel-wired-lan at lists.osuosl.org
Subject: Re: [Intel-wired-lan] [PATCH net v1] i40e: fix PTP pins verification
Dear Andrii,
Am 30.03.23 um 09:17 schrieb Andrii Staikov:
> Fix PTP pins verification not to contain tainted arguments.
> As a new PTP pins configuration is provided by a user, it may contain
> tainted arguments that are out of bounds for the list of possible
> values that can lead to a potential security threat.
> Change pin's state name from 'invalid' to 'empty' for more
> clarification.
Please use the full line width of 75 characters per line.
Also, how did you test this?
> Fixes: 1050713026a0 ("i40e: add support for PTP external
> synchronization clock")
> Signed-off-by: Andrii Staikov <andrii.staikov at intel.com>
> ---
> drivers/net/ethernet/intel/i40e/i40e_ptp.c | 16 ++++++++++++----
> 1 file changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/ethernet/intel/i40e/i40e_ptp.c
> b/drivers/net/ethernet/intel/i40e/i40e_ptp.c
> index c37abbb3cd06..78e7c705cd89 100644
> --- a/drivers/net/ethernet/intel/i40e/i40e_ptp.c
> +++ b/drivers/net/ethernet/intel/i40e/i40e_ptp.c
> @@ -49,7 +49,7 @@ static struct ptp_pin_desc sdp_desc[] = {
>
> enum i40e_ptp_gpio_pin_state {
> end = -2,
> - invalid,
> + empty,
> off,
> in_A,
> in_B,
> @@ -1078,11 +1078,19 @@ static int i40e_ptp_set_pins(struct i40e_pf *pf,
> else if (pin_caps == CAN_DO_PINS)
> return 0;
>
> - if (pins->sdp3_2 == invalid)
> + if ((pins->sdp3_2 < empty || pins->sdp3_2 > out_B) ||
> + (pins->sdp3_3 < empty || pins->sdp3_3 > out_B) ||
> + (pins->gpio_4 < empty || pins->gpio_4 > out_B)) {
> + dev_warn(&pf->pdev->dev,
> + "The provided PTP configuration set contains meaningless values
> +that may potentially pose a safety threat.\n");
Would it be better to tell the user the wrong argument?
> + return -EPERM;
> + }
> +
> + if (pins->sdp3_2 == empty)
> pins->sdp3_2 = pf->ptp_pins->sdp3_2;
> - if (pins->sdp3_3 == invalid)
> + if (pins->sdp3_3 == empty)
> pins->sdp3_3 = pf->ptp_pins->sdp3_3;
> - if (pins->gpio_4 == invalid)
> + if (pins->gpio_4 == empty)
> pins->gpio_4 = pf->ptp_pins->gpio_4;
> while (i40e_ptp_pin_led_allowed_states[i].sdp3_2 != end) {
> if (pins->sdp3_2 == i40e_ptp_pin_led_allowed_states[i].sdp3_2 &&
Kind regards,
Paul
More information about the Intel-wired-lan
mailing list