[CBR 7.9] net: atlantic: fix aq_vec index out of range error

[jainanmol84]

• Commit Message Requirements
• Built against Vault/LTS Environment
• kABI Check Passed, where Valid (Pre 9.4 RT does not have kABI stability)
• Boot Test
• Kernel SelfTest results
• Additional Tests as determined relevant

Commit message

jira VULN-71367
cve CVE-2022-50066
commit-author Chia-Lin Kao (AceLan) <acelan.kao@canonical.com> commit 2ba5e47fb75fbb8fab45f5c1bc8d5c33d8834bd3

upstream-diff There was a merge conflict due to the CentOS 7 tree being
    old but it was minor.

The final update statement of the for loop exceeds the array range, the dereference of self->aq_vec[i] is not checked and then leads to the index out of range error. Also fixed this kind of coding style in other for loop.

[   97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48
[   97.937607] index 8 is out of range for type 'aq_vec_s *[8]'
[   97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2
[   97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022
[   97.937611] Workqueue: events_unbound async_run_entry_fn
[   97.937616] Call Trace:
[   97.937617]  <TASK>
[   97.937619]  dump_stack_lvl+0x49/0x63
[   97.937624]  dump_stack+0x10/0x16
[   97.937626]  ubsan_epilogue+0x9/0x3f
[   97.937627]  __ubsan_handle_out_of_bounds.cold+0x44/0x49
[   97.937629]  ? __scm_send+0x348/0x440
[   97.937632]  ? aq_vec_stop+0x72/0x80 [atlantic]
[   97.937639]  aq_nic_stop+0x1b6/0x1c0 [atlantic]
[   97.937644]  aq_suspend_common+0x88/0x90 [atlantic]
[   97.937648]  aq_pm_suspend_poweroff+0xe/0x20 [atlantic]
[   97.937653]  pci_pm_suspend+0x7e/0x1a0
[   97.937655]  ? pci_pm_suspend_noirq+0x2b0/0x2b0
[   97.937657]  dpm_run_callback+0x54/0x190
[   97.937660]  __device_suspend+0x14c/0x4d0
[   97.937661]  async_suspend+0x23/0x70
[   97.937663]  async_run_entry_fn+0x33/0x120
[   97.937664]  process_one_work+0x21f/0x3f0
[   97.937666]  worker_thread+0x4a/0x3c0
[   97.937668]  ? process_one_work+0x3f0/0x3f0
[   97.937669]  kthread+0xf0/0x120
[   97.937671]  ? kthread_complete_and_exit+0x20/0x20
[   97.937672]  ret_from_fork+0x22/0x30
[   97.937676]  </TASK>

v2. fixed "warning: variable 'aq_vec' set but not used"

v3. simplified a for loop

Fixes: 97bde5c4f909 ("net: ethernet: aquantia: Support for NIC-specific code")
	Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com>
	Acked-by: Sudarsana Reddy Kalluru <skalluru@marvell.com>
Link: https://lore.kernel.org/r/20220808081845.42005-1-acelan.kao@canonical.com
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit 2ba5e47fb75fbb8fab45f5c1bc8d5c33d8834bd3)
	Signed-off-by: Anmol Jain <ajain@ciq.com>
	Resolve merge conflicts
        Kept upstream logic and adjusted local error accordingly

Kernel build logs

/home/anmol/kernel-src-tree
no .config file found, moving on
[TIMER]{MRPROPER}: 0s
x86_64 architecture detected, copying config
‘configs/kernel-3.10.0-x86_64.config’ -> ‘.config’
Setting Local Version for build
CONFIG_LOCALVERSION="-ajain__ciqcbr7_9-7477050"
Making olddefconfig
  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/kconfig/conf.o
  SHIPPED scripts/kconfig/zconf.tab.c
  SHIPPED scripts/kconfig/zconf.lex.c
  SHIPPED scripts/kconfig/zconf.hash.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf --olddefconfig Kconfig
#
# configuration written to .config
#
Starting Build
scripts/kconfig/conf --silentoldconfig Kconfig
  SYSHDR  arch/x86/syscalls/../include/generated/uapi/asm/unistd_32.h
  SYSHDR  arch/x86/syscalls/../include/generated/uapi/asm/unistd_64.h
  HOSTCC  scripts/basic/bin2c
  SYSHDR  arch/x86/syscalls/../include/generated/uapi/asm/unistd_x32.h
  SYSTBL  arch/x86/syscalls/../include/generated/asm/syscalls_32.h
  WRAP    arch/x86/include/generated/asm/clkdev.h
  WRAP    arch/x86/include/generated/asm/mm-arch-hooks.h
  WRAP    arch/x86/include/generated/uapi/asm/bpf_perf_event.h
  CHK     include/generated/uapi/linux/version.h
  UPD     include/generated/uapi/linux/version.h
  CHK     include/generated/utsrelease.h
  UPD     include/generated/utsrelease.h
  CHK     include/generated/qrwlock.h
  UPD     include/generated/qrwlock.h
  CHK     include/generated/qrwlock_api_smp.h
  UPD     include/generated/qrwlock_api_smp.h
  CHK     include/generated/qrwlock_types.h
  UPD     include/generated/qrwlock_types.h
  CHK     kernel/qrwlock_gen.c
  CHK     lib/qrwlock_debug.c
[--snip--]
  INSTALL /lib/firmware/edgeport/boot.fw
  INSTALL /lib/firmware/edgeport/boot2.fw
  INSTALL /lib/firmware/edgeport/down.fw
  INSTALL /lib/firmware/edgeport/down2.fw
  INSTALL /lib/firmware/edgeport/down3.bin
  INSTALL /lib/firmware/whiteheat_loader.fw
  INSTALL /lib/firmware/whiteheat.fw
  INSTALL /lib/firmware/keyspan_pda/keyspan_pda.fw
  INSTALL /lib/firmware/keyspan_pda/xircom_pgs.fw
  DEPMOD  3.10.0-ajain__ciqcbr7_9-7477050+
[TIMER]{MODULES}: 33s
Making Install
sh ./arch/x86/boot/install.sh 3.10.0-ajain__ciqcbr7_9-7477050+ arch/x86/boot/bzImage \
	System.map "/boot"
[TIMER]{INSTALL}: 13s
Checking kABI
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-3.10.0-_ajain__ciqcbr7_9-ccfd614+.old and Index to 7
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-1160.119.1.el7_9.ciqcbr.4.1.x86_64
Found initrd image: /boot/initramfs-3.10.0-1160.119.1.el7_9.ciqcbr.4.1.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-1160.80.1.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-1160.80.1.el7.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-ajain__ciqcbr7_9-7477050+
Found initrd image: /boot/initramfs-3.10.0-ajain__ciqcbr7_9-7477050+.img
Found linux image: /boot/vmlinuz-3.10.0-_ajain_ciqcbr7_9-2565f95+
Found initrd image: /boot/initramfs-3.10.0-_ajain_ciqcbr7_9-2565f95+.img
Found linux image: /boot/vmlinuz-3.10.0-_ajain__ciqcbr7_9-5b00565+
Found initrd image: /boot/initramfs-3.10.0-_ajain__ciqcbr7_9-5b00565+.img
Found linux image: /boot/vmlinuz-3.10.0-ajain__ciqcbr7_9-f8e4717+
Found initrd image: /boot/initramfs-3.10.0-ajain__ciqcbr7_9-f8e4717+.img
Found linux image: /boot/vmlinuz-3.10.0-_ajain__ciqcbr7_9-ccfd614+
Found initrd image: /boot/initramfs-3.10.0-_ajain__ciqcbr7_9-ccfd614+.img
Found linux image: /boot/vmlinuz-3.10.0-_ajain__ciqcbr7_9-ccfd614+.old
Found initrd image: /boot/initramfs-3.10.0-_ajain__ciqcbr7_9-ccfd614+.img
Found linux image: /boot/vmlinuz-3.10.0-_ajain_ciqcbr7_9-ccfd614+
Found initrd image: /boot/initramfs-3.10.0-_ajain_ciqcbr7_9-ccfd614+.img
Found linux image: /boot/vmlinuz-0-rescue-9e065f0961d84ecf8bec2457d927e012
Found initrd image: /boot/initramfs-0-rescue-9e065f0961d84ecf8bec2457d927e012.img
done
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 0s
[TIMER]{BUILD}: 1636s
[TIMER]{MODULES}: 33s
[TIMER]{INSTALL}: 13s
[TIMER]{TOTAL} 1684s
Rebooting in 10 seconds

kernel-build.log

Kselftests

$ grep '^ok ' kselftest-before.log | wc -l && grep '^ok ' kselftest-after.log | wc -l
2
2
$ grep '^not ok ' kselftest-before.log | wc -l && grep '^not ok ' kselftest-after.log | wc -l
1
1

kselftest-before.log

kselftest-after.log

[PlaidCat]

This VULN is for fips-9.2
VULN-69391

[jainanmol84]

This VULN is for fips-9.2 VULN-69391

Oops, my bad! I had copied the wrong vuln number. Fixed it now!

[thefossguy-ciq]

🚤

[bmastbergen]

Two minor things:

1. Can we lose the blank line between the commit line and upstream-diff line in the commit message? Right now I don't think that will cause any tooling issues, but I think it would be good if we could keep our ciq header contiguous.

2. This is kind of a nit, but did we add a newline to the end of aq_nic.c?

[PlaidCat]

Two minor things:

1. Can we lose the blank line between the `commit` line and `upstream-diff` line in the commit message?  Right now I don't think that will cause any tooling issues, but I think it would be good if we could keep our ciq header contiguous.

2. This is kind of a nit, but did we add a newline to the end of aq_nic.c?

Yes, please address these.

I would like to make sure all of our header is contiguous for the conditions of this specific commit I do not think it will break anything but some other things would break / abort early if that blank line were earlier.