DPDK patches and discussions
 help / color / Atom feed
From: Ajit Khaparde <ajit.khaparde@broadcom.com>
To: dev@dpdk.org
Cc: Kishore Padmanabha <kishore.padmanabha@broadcom.com>,
	Shahaji Bhosle <sbhosle@broadcom.com>,
	Mike Baucom <michael.baucom@broadcom.com>
Subject: [dpdk-dev] [PATCH 20/25] net/bnxt: fix out of bound access in action bit handling
Date: Thu, 10 Sep 2020 18:55:58 -0700
Message-ID: <20200911015603.88359-21-ajit.khaparde@broadcom.com> (raw)
In-Reply-To: <20200911015603.88359-1-ajit.khaparde@broadcom.com>

From: Kishore Padmanabha <kishore.padmanabha@broadcom.com>

The act_val is changed to be array to resolve out of bound access issue

Fixes: 52799debdf1c ("net/bnxt: support action bitmap opcode")

Signed-off-by: Kishore Padmanabha <kishore.padmanabha@broadcom.com>
Reviewed-by: Shahaji Bhosle <sbhosle@broadcom.com>
Reviewed-by: Mike Baucom <michael.baucom@broadcom.com>
---
 drivers/net/bnxt/tf_ulp/ulp_mapper.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/drivers/net/bnxt/tf_ulp/ulp_mapper.c b/drivers/net/bnxt/tf_ulp/ulp_mapper.c
index 15682673d..732141166 100644
--- a/drivers/net/bnxt/tf_ulp/ulp_mapper.c
+++ b/drivers/net/bnxt/tf_ulp/ulp_mapper.c
@@ -782,7 +782,7 @@ ulp_mapper_result_field_process(struct bnxt_ulp_mapper_parms *parms,
 	uint64_t regval;
 	uint32_t val_size = 0, field_size = 0;
 	uint64_t act_bit;
-	uint8_t act_val;
+	uint8_t act_val[16];
 	uint64_t hdr_bit;
 
 	switch (fld->result_opcode) {
@@ -824,19 +824,18 @@ ulp_mapper_result_field_process(struct bnxt_ulp_mapper_parms *parms,
 			return -EINVAL;
 		}
 		act_bit = tfp_be_to_cpu_64(act_bit);
+		memset(act_val, 0, sizeof(act_val));
 		if (ULP_BITMAP_ISSET(parms->act_bitmap->bits, act_bit))
-			act_val = 1;
-		else
-			act_val = 0;
+			act_val[0] = 1;
 		if (fld->field_bit_size > ULP_BYTE_2_BITS(sizeof(act_val))) {
 			BNXT_TF_DBG(ERR, "%s field size is incorrect\n", name);
 			return -EINVAL;
 		}
-		if (!ulp_blob_push(blob, &act_val, fld->field_bit_size)) {
+		if (!ulp_blob_push(blob, act_val, fld->field_bit_size)) {
 			BNXT_TF_DBG(ERR, "%s push field failed\n", name);
 			return -EINVAL;
 		}
-		val = &act_val;
+		val = act_val;
 		break;
 	case BNXT_ULP_MAPPER_OPC_SET_TO_ENCAP_ACT_PROP_SZ:
 		if (!ulp_operand_read(fld->result_operand,
-- 
2.21.1 (Apple Git-122.3)


  parent reply index

Thread overview: 56+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-11  1:55 [dpdk-dev] [PATCH 00/25] patchset for bnxt Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 01/25] net/bnxt: fix port stop process and cleanup resources Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 02/25] net/bnxt: fix the drop action flow to support count action Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 03/25] net/bnxt: reject offload flows with invalid MAC address Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 04/25] net/bnxt: reduce debug log messages Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 05/25] net/bnxt: fix to break the ipv4 and ipv6 ingress rule Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 06/25] net/bnxt: free the em index on failure Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 07/25] net/bnxt: add a null ptr check for the resource manager Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 08/25] net/bnxt: change default flow rule to use 8B encap Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 09/25] net/bnxt: fix the function id used in the flow flush Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 10/25] net/bnxt: vfr port clean up during port stop Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 11/25] net/bnxt: fix crash in VF rep queue selection Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 12/25] net/bnxt: fix to conditionally rollback added VF-rep ports Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 13/25] net/bnxt: update resource allocation settings Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 14/25] net/bnxt: move IF tbl from tunneled to direct HWRM msg Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 15/25] net/bnxt: remove VLAN pop action for egress flows Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 16/25] net/bnxt: increase counter support from 8K to 16K Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 17/25] net/bnxt: fix to explicitly check and set for start cntr ID Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 18/25] net/bnxt: enable support for VXLAN ipv6 encapsulation Ajit Khaparde
2020-09-11  1:55 ` [dpdk-dev] [PATCH 19/25] net/bnxt: enable support for nat action with tagged traffic Ajit Khaparde
2020-09-11  1:55 ` Ajit Khaparde [this message]
2020-09-11  1:55 ` [dpdk-dev] [PATCH 21/25] net/bnxt: provide switch info while VF-Reps are configured Ajit Khaparde
2020-09-11  1:56 ` [dpdk-dev] [PATCH 22/25] net/bnxt: fix bugs in representor data path Ajit Khaparde
2020-09-11  1:56 ` [dpdk-dev] [PATCH 23/25] net/bnxt: add support for locks in flow database Ajit Khaparde
2020-09-11  1:56 ` [dpdk-dev] [PATCH 24/25] net/bnxt: fix to check for vnic ptr in bnxt shutdown path Ajit Khaparde
2020-09-11  1:56 ` [dpdk-dev] [PATCH 25/25] net/bnxt: fix to have a separate mutex for FW health check Ajit Khaparde
2020-09-16  4:28 ` [dpdk-dev] [PATCH v2 00/25] patchset for bnxt Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 01/25] net/bnxt: fix resource cleanup in port stop Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 02/25] net/bnxt: fix the drop action flow to support count Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 03/25] net/bnxt: reject flow offload with invalid MAC Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 04/25] net/bnxt: reduce debug log messages Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 05/25] net/bnxt: fix coexistence of ipv4 and ipv6 ingress rules Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 06/25] net/bnxt: free the EM index on failure Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 07/25] net/bnxt: add null pointer check for resource manager Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 08/25] net/bnxt: modify default flow rule creation Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 09/25] net/bnxt: fix the function id used in flow flush Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 10/25] net/bnxt: refactor VFR port clean up Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 11/25] net/bnxt: fix crash in VFR queue select Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 12/25] net/bnxt: fix VFR cleanup during init failure Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 13/25] net/bnxt: update resource settings Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 14/25] net/bnxt: use direct HWRM message for interface table Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 15/25] net/bnxt: remove VLAN pop action for egress flows Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 16/25] net/bnxt: increase counter support from 8K to 16K Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 17/25] net/bnxt: check and set initial counter ID Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 18/25] net/bnxt: enable VXLAN ipv6 encapsulation Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 19/25] net/bnxt: enable NAT action with tagged traffic Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 20/25] net/bnxt: fix out of bound access in bit handling Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 21/25] net/bnxt: provide switch info if VFR are configured Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 22/25] net/bnxt: fix bugs in representor data path Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 23/25] net/bnxt: add locks in flow database Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 24/25] net/bnxt: fix to check VNIC in shutdown path Ajit Khaparde
2020-09-16  4:28   ` [dpdk-dev] [PATCH v2 25/25] net/bnxt: add separate mutex for FW health check Ajit Khaparde
2020-09-16 16:21   ` [dpdk-dev] [PATCH v2 00/25] patchset for bnxt Ajit Khaparde
2020-09-16 23:57     ` Ferruh Yigit
2020-09-17  0:13       ` Ajit Khaparde
2020-09-17  7:39         ` Ferruh Yigit

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200911015603.88359-21-ajit.khaparde@broadcom.com \
    --to=ajit.khaparde@broadcom.com \
    --cc=dev@dpdk.org \
    --cc=kishore.padmanabha@broadcom.com \
    --cc=michael.baucom@broadcom.com \
    --cc=sbhosle@broadcom.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox