Re: [PATCH] PCI/IOV: "virtfn4294967295\0" requires 17 bytes

Bjorn Helgaas <helgaas@xxxxxxxxxx> · Thu, 12 Jan 2023 17:00:18 -0600

On Sun, Dec 18, 2022 at 03:21:39PM +0300, Alexey V. Vissarionov wrote:
> On 2022-12-18 19:57:02 +0900, Krzysztof Wilczyński wrote:
> 
>  > Thank you for sending the patch over! However, if possible,
>  > can you send it as plain text without any multi-part MIME
>  > involved?
> 
> ACK.
> 
>  > If possible, it would be nice to mention that this needed
>  > to make sure that there is enough space to correctly
>  > NULL-terminate the ID string.
> 
> ACK.
> 
> So, here goes the corrected text:
> 
> Although unlikely, the 'id' value may be as big as 4294967295
> (uint32_max) and "virtfn4294967295\0" would require 17 bytes
> instead of 16 to make sure that buffer has enough space to
> properly NULL-terminate the ID string.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: dd7cc44d0 ("PCI: add SR-IOV API for Physical Function driver")
> Signed-off-by: Alexey V. Vissarionov <gremlin@xxxxxxxxxxxx>

I collected this up and applied to pci/iov for v6.3 as below.  I agree
this is probably only a theoretical issue, but it's easier to spend a
byte of stack space than to prove that we don't need to.

Bjorn


commit 58d4c63d0a27 ("PCI/IOV: Enlarge virtfn sysfs name buffer")
parent 1b929c02afd3
Author: Alexey V. Vissarionov <gremlin@xxxxxxxxxxxx>
Date:   Sun Dec 18 06:33:47 2022 +0300

    PCI/IOV: Enlarge virtfn sysfs name buffer
    
    The sysfs link name "virtfn%u" constructed by pci_iov_sysfs_link() requires
    17 bytes to contain the longest possible string.  Increase VIRTFN_ID_LEN to
    accommodate that.
    
    Found by Linux Verification Center (linuxtesting.org) with SVACE.
    
    [bhelgaas: commit log, comment at #define]
    Fixes: dd7cc44d0 ("PCI: add SR-IOV API for Physical Function driver")
    Link: https://lore.kernel.org/r/20221218033347.23743-1-gremlin@xxxxxxxxxxxx
    Signed-off-by: Alexey V. Vissarionov <gremlin@xxxxxxxxxxxx>
    Signed-off-by: Bjorn Helgaas <bhelgaas@xxxxxxxxxx>

diff --git a/drivers/pci/iov.c b/drivers/pci/iov.c
index 952217572113..b2e8322755c1 100644
--- a/drivers/pci/iov.c
+++ b/drivers/pci/iov.c
@@ -14,7 +14,7 @@
 #include <linux/delay.h>
 #include "pci.h"
 
-#define VIRTFN_ID_LEN	16
+#define VIRTFN_ID_LEN	17	/* "virtfn%u\0" for 2^32 - 1 */
 
 int pci_iov_virtfn_bus(struct pci_dev *dev, int vf_id)
 {






