Commit e19e5be8 authored by Julian Wiedmann's avatar Julian Wiedmann Committed by David S. Miller

s390/qeth: sanitize strings in debug messages

As Documentation/s390/s390dbf.txt states quite clearly, using any
pointer in sprinf-formatted s390dbf debug entries is dangerous.
The pointers are dereferenced whenever the trace file is read from.
So if the referenced data has a shorter life-time than the trace file,
any read operation can result in a use-after-free.

So rip out all hazardous use of indirect data, and replace any usage of
dev_name() and such by the Bus ID number.
Signed-off-by: default avatarJulian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 265ad063
...@@ -87,6 +87,18 @@ struct qeth_dbf_info { ...@@ -87,6 +87,18 @@ struct qeth_dbf_info {
#define SENSE_RESETTING_EVENT_BYTE 1 #define SENSE_RESETTING_EVENT_BYTE 1
#define SENSE_RESETTING_EVENT_FLAG 0x80 #define SENSE_RESETTING_EVENT_FLAG 0x80
static inline u32 qeth_get_device_id(struct ccw_device *cdev)
{
struct ccw_dev_id dev_id;
u32 id;
ccw_device_get_id(cdev, &dev_id);
id = dev_id.devno;
id |= (u32) (dev_id.ssid << 16);
return id;
}
/* /*
* Common IO related definitions * Common IO related definitions
*/ */
...@@ -97,7 +109,8 @@ struct qeth_dbf_info { ...@@ -97,7 +109,8 @@ struct qeth_dbf_info {
#define CARD_RDEV_ID(card) dev_name(&card->read.ccwdev->dev) #define CARD_RDEV_ID(card) dev_name(&card->read.ccwdev->dev)
#define CARD_WDEV_ID(card) dev_name(&card->write.ccwdev->dev) #define CARD_WDEV_ID(card) dev_name(&card->write.ccwdev->dev)
#define CARD_DDEV_ID(card) dev_name(&card->data.ccwdev->dev) #define CARD_DDEV_ID(card) dev_name(&card->data.ccwdev->dev)
#define CHANNEL_ID(channel) dev_name(&channel->ccwdev->dev) #define CCW_DEVID(cdev) (qeth_get_device_id(cdev))
#define CARD_DEVID(card) (CCW_DEVID(CARD_RDEV(card)))
/** /**
* card stuff * card stuff
......
This diff is collapsed.
...@@ -146,11 +146,11 @@ static int qeth_l2_write_mac(struct qeth_card *card, u8 *mac) ...@@ -146,11 +146,11 @@ static int qeth_l2_write_mac(struct qeth_card *card, u8 *mac)
QETH_CARD_TEXT(card, 2, "L2Wmac"); QETH_CARD_TEXT(card, 2, "L2Wmac");
rc = qeth_l2_send_setdelmac(card, mac, cmd); rc = qeth_l2_send_setdelmac(card, mac, cmd);
if (rc == -EEXIST) if (rc == -EEXIST)
QETH_DBF_MESSAGE(2, "MAC %pM already registered on %s\n", QETH_DBF_MESSAGE(2, "MAC already registered on device %x\n",
mac, QETH_CARD_IFNAME(card)); CARD_DEVID(card));
else if (rc) else if (rc)
QETH_DBF_MESSAGE(2, "Failed to register MAC %pM on %s: %d\n", QETH_DBF_MESSAGE(2, "Failed to register MAC on device %x: %d\n",
mac, QETH_CARD_IFNAME(card), rc); CARD_DEVID(card), rc);
return rc; return rc;
} }
...@@ -163,8 +163,8 @@ static int qeth_l2_remove_mac(struct qeth_card *card, u8 *mac) ...@@ -163,8 +163,8 @@ static int qeth_l2_remove_mac(struct qeth_card *card, u8 *mac)
QETH_CARD_TEXT(card, 2, "L2Rmac"); QETH_CARD_TEXT(card, 2, "L2Rmac");
rc = qeth_l2_send_setdelmac(card, mac, cmd); rc = qeth_l2_send_setdelmac(card, mac, cmd);
if (rc) if (rc)
QETH_DBF_MESSAGE(2, "Failed to delete MAC %pM on %s: %d\n", QETH_DBF_MESSAGE(2, "Failed to delete MAC on device %u: %d\n",
mac, QETH_CARD_IFNAME(card), rc); CARD_DEVID(card), rc);
return rc; return rc;
} }
...@@ -260,9 +260,9 @@ static int qeth_l2_send_setdelvlan_cb(struct qeth_card *card, ...@@ -260,9 +260,9 @@ static int qeth_l2_send_setdelvlan_cb(struct qeth_card *card,
QETH_CARD_TEXT(card, 2, "L2sdvcb"); QETH_CARD_TEXT(card, 2, "L2sdvcb");
if (cmd->hdr.return_code) { if (cmd->hdr.return_code) {
QETH_DBF_MESSAGE(2, "Error in processing VLAN %i on %s: 0x%x.\n", QETH_DBF_MESSAGE(2, "Error in processing VLAN %u on device %x: %#x.\n",
cmd->data.setdelvlan.vlan_id, cmd->data.setdelvlan.vlan_id,
QETH_CARD_IFNAME(card), cmd->hdr.return_code); CARD_DEVID(card), cmd->hdr.return_code);
QETH_CARD_TEXT_(card, 2, "L2VL%4x", cmd->hdr.command); QETH_CARD_TEXT_(card, 2, "L2VL%4x", cmd->hdr.command);
QETH_CARD_TEXT_(card, 2, "err%d", cmd->hdr.return_code); QETH_CARD_TEXT_(card, 2, "err%d", cmd->hdr.return_code);
} }
...@@ -455,8 +455,8 @@ static int qeth_l2_request_initial_mac(struct qeth_card *card) ...@@ -455,8 +455,8 @@ static int qeth_l2_request_initial_mac(struct qeth_card *card)
rc = qeth_vm_request_mac(card); rc = qeth_vm_request_mac(card);
if (!rc) if (!rc)
goto out; goto out;
QETH_DBF_MESSAGE(2, "z/VM MAC Service failed on device %s: x%x\n", QETH_DBF_MESSAGE(2, "z/VM MAC Service failed on device %x: %#x\n",
CARD_BUS_ID(card), rc); CARD_DEVID(card), rc);
QETH_DBF_TEXT_(SETUP, 2, "err%04x", rc); QETH_DBF_TEXT_(SETUP, 2, "err%04x", rc);
/* fall back to alternative mechanism: */ /* fall back to alternative mechanism: */
} }
...@@ -468,8 +468,8 @@ static int qeth_l2_request_initial_mac(struct qeth_card *card) ...@@ -468,8 +468,8 @@ static int qeth_l2_request_initial_mac(struct qeth_card *card)
rc = qeth_setadpparms_change_macaddr(card); rc = qeth_setadpparms_change_macaddr(card);
if (!rc) if (!rc)
goto out; goto out;
QETH_DBF_MESSAGE(2, "READ_MAC Assist failed on device %s: x%x\n", QETH_DBF_MESSAGE(2, "READ_MAC Assist failed on device %x: %#x\n",
CARD_BUS_ID(card), rc); CARD_DEVID(card), rc);
QETH_DBF_TEXT_(SETUP, 2, "1err%04x", rc); QETH_DBF_TEXT_(SETUP, 2, "1err%04x", rc);
/* fall back once more: */ /* fall back once more: */
} }
......
...@@ -494,9 +494,8 @@ int qeth_l3_setrouting_v4(struct qeth_card *card) ...@@ -494,9 +494,8 @@ int qeth_l3_setrouting_v4(struct qeth_card *card)
QETH_PROT_IPV4); QETH_PROT_IPV4);
if (rc) { if (rc) {
card->options.route4.type = NO_ROUTER; card->options.route4.type = NO_ROUTER;
QETH_DBF_MESSAGE(2, "Error (0x%04x) while setting routing type" QETH_DBF_MESSAGE(2, "Error (%#06x) while setting routing type on device %x. Type set to 'no router'.\n",
" on %s. Type set to 'no router'.\n", rc, rc, CARD_DEVID(card));
QETH_CARD_IFNAME(card));
} }
return rc; return rc;
} }
...@@ -518,9 +517,8 @@ int qeth_l3_setrouting_v6(struct qeth_card *card) ...@@ -518,9 +517,8 @@ int qeth_l3_setrouting_v6(struct qeth_card *card)
QETH_PROT_IPV6); QETH_PROT_IPV6);
if (rc) { if (rc) {
card->options.route6.type = NO_ROUTER; card->options.route6.type = NO_ROUTER;
QETH_DBF_MESSAGE(2, "Error (0x%04x) while setting routing type" QETH_DBF_MESSAGE(2, "Error (%#06x) while setting routing type on device %x. Type set to 'no router'.\n",
" on %s. Type set to 'no router'.\n", rc, rc, CARD_DEVID(card));
QETH_CARD_IFNAME(card));
} }
return rc; return rc;
} }
...@@ -1070,8 +1068,8 @@ qeth_diags_trace_cb(struct qeth_card *card, struct qeth_reply *reply, ...@@ -1070,8 +1068,8 @@ qeth_diags_trace_cb(struct qeth_card *card, struct qeth_reply *reply,
} }
break; break;
default: default:
QETH_DBF_MESSAGE(2, "Unknown sniffer action (0x%04x) on %s\n", QETH_DBF_MESSAGE(2, "Unknown sniffer action (%#06x) on device %x\n",
cmd->data.diagass.action, QETH_CARD_IFNAME(card)); cmd->data.diagass.action, CARD_DEVID(card));
} }
return 0; return 0;
...@@ -1517,32 +1515,25 @@ static void qeth_l3_set_rx_mode(struct net_device *dev) ...@@ -1517,32 +1515,25 @@ static void qeth_l3_set_rx_mode(struct net_device *dev)
qeth_l3_handle_promisc_mode(card); qeth_l3_handle_promisc_mode(card);
} }
static const char *qeth_l3_arp_get_error_cause(int *rc) static int qeth_l3_arp_makerc(int rc)
{ {
switch (*rc) { switch (rc) {
case QETH_IPA_ARP_RC_FAILED: case IPA_RC_SUCCESS:
*rc = -EIO; return 0;
return "operation failed";
case QETH_IPA_ARP_RC_NOTSUPP: case QETH_IPA_ARP_RC_NOTSUPP:
*rc = -EOPNOTSUPP;
return "operation not supported";
case QETH_IPA_ARP_RC_OUT_OF_RANGE:
*rc = -EINVAL;
return "argument out of range";
case QETH_IPA_ARP_RC_Q_NOTSUPP: case QETH_IPA_ARP_RC_Q_NOTSUPP:
*rc = -EOPNOTSUPP; return -EOPNOTSUPP;
return "query operation not supported"; case QETH_IPA_ARP_RC_OUT_OF_RANGE:
return -EINVAL;
case QETH_IPA_ARP_RC_Q_NO_DATA: case QETH_IPA_ARP_RC_Q_NO_DATA:
*rc = -ENOENT; return -ENOENT;
return "no query data available";
default: default:
return "unknown error"; return -EIO;
} }
} }
static int qeth_l3_arp_set_no_entries(struct qeth_card *card, int no_entries) static int qeth_l3_arp_set_no_entries(struct qeth_card *card, int no_entries)
{ {
int tmp;
int rc; int rc;
QETH_CARD_TEXT(card, 3, "arpstnoe"); QETH_CARD_TEXT(card, 3, "arpstnoe");
...@@ -1560,13 +1551,10 @@ static int qeth_l3_arp_set_no_entries(struct qeth_card *card, int no_entries) ...@@ -1560,13 +1551,10 @@ static int qeth_l3_arp_set_no_entries(struct qeth_card *card, int no_entries)
rc = qeth_send_simple_setassparms(card, IPA_ARP_PROCESSING, rc = qeth_send_simple_setassparms(card, IPA_ARP_PROCESSING,
IPA_CMD_ASS_ARP_SET_NO_ENTRIES, IPA_CMD_ASS_ARP_SET_NO_ENTRIES,
no_entries); no_entries);
if (rc) { if (rc)
tmp = rc; QETH_DBF_MESSAGE(2, "Could not set number of ARP entries on device %x: %#x\n",
QETH_DBF_MESSAGE(2, "Could not set number of ARP entries on " CARD_DEVID(card), rc);
"%s: %s (0x%x/%d)\n", QETH_CARD_IFNAME(card), return qeth_l3_arp_makerc(rc);
qeth_l3_arp_get_error_cause(&rc), tmp, tmp);
}
return rc;
} }
static __u32 get_arp_entry_size(struct qeth_card *card, static __u32 get_arp_entry_size(struct qeth_card *card,
...@@ -1716,7 +1704,6 @@ static int qeth_l3_query_arp_cache_info(struct qeth_card *card, ...@@ -1716,7 +1704,6 @@ static int qeth_l3_query_arp_cache_info(struct qeth_card *card,
{ {
struct qeth_cmd_buffer *iob; struct qeth_cmd_buffer *iob;
struct qeth_ipa_cmd *cmd; struct qeth_ipa_cmd *cmd;
int tmp;
int rc; int rc;
QETH_CARD_TEXT_(card, 3, "qarpipv%i", prot); QETH_CARD_TEXT_(card, 3, "qarpipv%i", prot);
...@@ -1735,15 +1722,10 @@ static int qeth_l3_query_arp_cache_info(struct qeth_card *card, ...@@ -1735,15 +1722,10 @@ static int qeth_l3_query_arp_cache_info(struct qeth_card *card,
rc = qeth_l3_send_ipa_arp_cmd(card, iob, rc = qeth_l3_send_ipa_arp_cmd(card, iob,
QETH_SETASS_BASE_LEN+QETH_ARP_CMD_LEN, QETH_SETASS_BASE_LEN+QETH_ARP_CMD_LEN,
qeth_l3_arp_query_cb, (void *)qinfo); qeth_l3_arp_query_cb, (void *)qinfo);
if (rc) { if (rc)
tmp = rc; QETH_DBF_MESSAGE(2, "Error while querying ARP cache on device %x: %#x\n",
QETH_DBF_MESSAGE(2, CARD_DEVID(card), rc);
"Error while querying ARP cache on %s: %s " return qeth_l3_arp_makerc(rc);
"(0x%x/%d)\n", QETH_CARD_IFNAME(card),
qeth_l3_arp_get_error_cause(&rc), tmp, tmp);
}
return rc;
} }
static int qeth_l3_arp_query(struct qeth_card *card, char __user *udata) static int qeth_l3_arp_query(struct qeth_card *card, char __user *udata)
...@@ -1797,8 +1779,6 @@ static int qeth_l3_arp_add_entry(struct qeth_card *card, ...@@ -1797,8 +1779,6 @@ static int qeth_l3_arp_add_entry(struct qeth_card *card,
struct qeth_arp_cache_entry *entry) struct qeth_arp_cache_entry *entry)
{ {
struct qeth_cmd_buffer *iob; struct qeth_cmd_buffer *iob;
char buf[16];
int tmp;
int rc; int rc;
QETH_CARD_TEXT(card, 3, "arpadent"); QETH_CARD_TEXT(card, 3, "arpadent");
...@@ -1824,14 +1804,10 @@ static int qeth_l3_arp_add_entry(struct qeth_card *card, ...@@ -1824,14 +1804,10 @@ static int qeth_l3_arp_add_entry(struct qeth_card *card,
sizeof(struct qeth_arp_cache_entry), sizeof(struct qeth_arp_cache_entry),
(unsigned long) entry, (unsigned long) entry,
qeth_setassparms_cb, NULL); qeth_setassparms_cb, NULL);
if (rc) { if (rc)
tmp = rc; QETH_DBF_MESSAGE(2, "Could not add ARP entry on device %x: %#x\n",
qeth_l3_ipaddr4_to_string((u8 *)entry->ipaddr, buf); CARD_DEVID(card), rc);
QETH_DBF_MESSAGE(2, "Could not add ARP entry for address %s " return qeth_l3_arp_makerc(rc);
"on %s: %s (0x%x/%d)\n", buf, QETH_CARD_IFNAME(card),
qeth_l3_arp_get_error_cause(&rc), tmp, tmp);
}
return rc;
} }
static int qeth_l3_arp_remove_entry(struct qeth_card *card, static int qeth_l3_arp_remove_entry(struct qeth_card *card,
...@@ -1839,7 +1815,6 @@ static int qeth_l3_arp_remove_entry(struct qeth_card *card, ...@@ -1839,7 +1815,6 @@ static int qeth_l3_arp_remove_entry(struct qeth_card *card,
{ {
struct qeth_cmd_buffer *iob; struct qeth_cmd_buffer *iob;
char buf[16] = {0, }; char buf[16] = {0, };
int tmp;
int rc; int rc;
QETH_CARD_TEXT(card, 3, "arprment"); QETH_CARD_TEXT(card, 3, "arprment");
...@@ -1864,21 +1839,15 @@ static int qeth_l3_arp_remove_entry(struct qeth_card *card, ...@@ -1864,21 +1839,15 @@ static int qeth_l3_arp_remove_entry(struct qeth_card *card,
rc = qeth_send_setassparms(card, iob, rc = qeth_send_setassparms(card, iob,
12, (unsigned long)buf, 12, (unsigned long)buf,
qeth_setassparms_cb, NULL); qeth_setassparms_cb, NULL);
if (rc) { if (rc)
tmp = rc; QETH_DBF_MESSAGE(2, "Could not delete ARP entry on device %x: %#x\n",
memset(buf, 0, 16); CARD_DEVID(card), rc);
qeth_l3_ipaddr4_to_string((u8 *)entry->ipaddr, buf); return qeth_l3_arp_makerc(rc);
QETH_DBF_MESSAGE(2, "Could not delete ARP entry for address %s"
" on %s: %s (0x%x/%d)\n", buf, QETH_CARD_IFNAME(card),
qeth_l3_arp_get_error_cause(&rc), tmp, tmp);
}
return rc;
} }
static int qeth_l3_arp_flush_cache(struct qeth_card *card) static int qeth_l3_arp_flush_cache(struct qeth_card *card)
{ {
int rc; int rc;
int tmp;
QETH_CARD_TEXT(card, 3, "arpflush"); QETH_CARD_TEXT(card, 3, "arpflush");
...@@ -1894,13 +1863,10 @@ static int qeth_l3_arp_flush_cache(struct qeth_card *card) ...@@ -1894,13 +1863,10 @@ static int qeth_l3_arp_flush_cache(struct qeth_card *card)
} }
rc = qeth_send_simple_setassparms(card, IPA_ARP_PROCESSING, rc = qeth_send_simple_setassparms(card, IPA_ARP_PROCESSING,
IPA_CMD_ASS_ARP_FLUSH_CACHE, 0); IPA_CMD_ASS_ARP_FLUSH_CACHE, 0);
if (rc) { if (rc)
tmp = rc; QETH_DBF_MESSAGE(2, "Could not flush ARP cache on device %x: %#x\n",
QETH_DBF_MESSAGE(2, "Could not flush ARP cache on %s: %s " CARD_DEVID(card), rc);
"(0x%x/%d)\n", QETH_CARD_IFNAME(card), return qeth_l3_arp_makerc(rc);
qeth_l3_arp_get_error_cause(&rc), tmp, tmp);
}
return rc;
} }
static int qeth_l3_do_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) static int qeth_l3_do_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment