ACK/Cmnt: [SRU][J:linux-bluefield][PATCH v1 0/1] UBUNTU: SAUCE: mlxbf-bootctl: Fix kernel panic due to buffer overflow
Tim Gardner
tim.gardner at canonical.com
Fri Jul 21 15:30:57 UTC 2023
On 7/20/23 2:37 PM, Asmaa Mnebhi wrote:
> BugLink: https://bugs.launchpad.net/bugs/2028309
>
> SRU Justification:
>
> [Impact]
>
> Running the following LTP (linux-test-project) script, causes
> a kernel panic and a reboot of the DPU:
> ltp/testcases/bin/read_all -d /sys -q -r 10
>
> The above test reads all directory and files under /sys.
> Reading the sysfs entry "large_icm" causes the kernel panic
> due to a garbage value returned via i2c read. That garbage
> value causes a buffer overflow in sprintf.
>
> [Fix]
>
> * Replace sprintf with snprintf. And also add missing lock and
> increase the buffer size to PAGE_SIZE.
>
> [Test Case]
>
> * Run from linux:
> ltp/testcases/bin/read_all -d /sys -q -r 10
>
> [Regression Potential]
>
> * no known regression
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
This really ought to be 2 patches. Protecting the call to
arm_smccc_smc() has little to do with an snprintf() buffer overflow.
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list