ACK/Cmnt: [SRU][J:linux-bluefield][PATCH v1 0/1] UBUNTU: SAUCE: mlxbf-bootctl: Fix kernel panic due to buffer overflow

Tim Gardner tim.gardner at canonical.com
Fri Jul 21 15:30:57 UTC 2023


On 7/20/23 2:37 PM, Asmaa Mnebhi wrote:
> BugLink: https://bugs.launchpad.net/bugs/2028309
> 
> SRU Justification:
> 
> [Impact]
> 
> Running the following LTP (linux-test-project) script, causes
> a kernel panic and a reboot of the DPU:
> ltp/testcases/bin/read_all -d /sys -q -r 10
> 
> The above test reads all directory and files under /sys.
> Reading the sysfs entry "large_icm" causes the kernel panic
> due to a garbage value returned via i2c read. That garbage
> value causes a buffer overflow in sprintf.
> 
> [Fix]
> 
> * Replace sprintf with snprintf. And also add missing lock and
> increase the buffer size to PAGE_SIZE.
> 
> [Test Case]
> 
> * Run from linux:
> ltp/testcases/bin/read_all -d /sys -q -r 10
> 
> [Regression Potential]
> 
> * no known regression
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>

This really ought to be 2 patches. Protecting the call to 
arm_smccc_smc() has little to do with an snprintf() buffer overflow.

-- 
-----------
Tim Gardner
Canonical, Inc




More information about the kernel-team mailing list