* [dpdk-dev] [PATCH] common/sfc_efx/base: avoid reading past the buffer
@ 2020-11-05 20:46 Ivan Malov
2020-11-06 15:48 ` Ferruh Yigit
0 siblings, 1 reply; 2+ messages in thread
From: Ivan Malov @ 2020-11-05 20:46 UTC (permalink / raw)
To: dev; +Cc: Andy Moreton, Andrew Rybchenko
Existing field ID validity check does not validate the field
descriptor availability. Make it more rigorous to avoid
reading past the buffer containing field descriptors.
Coverity issue: 363742
Fixes: 370ed675a952 ("common/sfc_efx/base: support setting PPORT in match spec")
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Reviewed-by: Andy Moreton <amoreton@xilinx.com>
---
drivers/common/sfc_efx/base/efx_mae.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/common/sfc_efx/base/efx_mae.c b/drivers/common/sfc_efx/base/efx_mae.c
index af9a5189c..ee0a3d319 100644
--- a/drivers/common/sfc_efx/base/efx_mae.c
+++ b/drivers/common/sfc_efx/base/efx_mae.c
@@ -622,25 +622,30 @@ efx_mae_match_spec_field_set(
__in_bcount(mask_size) const uint8_t *mask)
{
const efx_mae_mv_desc_t *descp;
+ unsigned int desc_set_nentries;
uint8_t *mvp;
efx_rc_t rc;
- if (field_id >= EFX_MAE_FIELD_NIDS) {
- rc = EINVAL;
- goto fail1;
- }
-
switch (spec->emms_type) {
case EFX_MAE_RULE_OUTER:
+ desc_set_nentries =
+ EFX_ARRAY_SIZE(__efx_mae_outer_rule_mv_desc_set);
descp = &__efx_mae_outer_rule_mv_desc_set[field_id];
mvp = spec->emms_mask_value_pairs.outer;
break;
case EFX_MAE_RULE_ACTION:
+ desc_set_nentries =
+ EFX_ARRAY_SIZE(__efx_mae_action_rule_mv_desc_set);
descp = &__efx_mae_action_rule_mv_desc_set[field_id];
mvp = spec->emms_mask_value_pairs.action;
break;
default:
rc = ENOTSUP;
+ goto fail1;
+ }
+
+ if (field_id >= desc_set_nentries) {
+ rc = EINVAL;
goto fail2;
}
--
2.20.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [dpdk-dev] [PATCH] common/sfc_efx/base: avoid reading past the buffer
2020-11-05 20:46 [dpdk-dev] [PATCH] common/sfc_efx/base: avoid reading past the buffer Ivan Malov
@ 2020-11-06 15:48 ` Ferruh Yigit
0 siblings, 0 replies; 2+ messages in thread
From: Ferruh Yigit @ 2020-11-06 15:48 UTC (permalink / raw)
To: Ivan Malov, dev; +Cc: Andy Moreton, Andrew Rybchenko
On 11/5/2020 8:46 PM, Ivan Malov wrote:
> Existing field ID validity check does not validate the field
> descriptor availability. Make it more rigorous to avoid
> reading past the buffer containing field descriptors.
>
> Coverity issue: 363742
> Fixes: 370ed675a952 ("common/sfc_efx/base: support setting PPORT in match spec")
>
> Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
> Reviewed-by: Andy Moreton <amoreton@xilinx.com>
Applied to dpdk-next-net/main, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-06 15:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-05 20:46 [dpdk-dev] [PATCH] common/sfc_efx/base: avoid reading past the buffer Ivan Malov
2020-11-06 15:48 ` Ferruh Yigit
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).