From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 85DC543BAC; Fri, 1 Mar 2024 04:35:51 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B8B5542F7B; Fri, 1 Mar 2024 04:35:50 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id CAC1D42F6B; Fri, 1 Mar 2024 04:35:48 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4211IKlF005214; Thu, 29 Feb 2024 19:35:48 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=yhWogOiEfy/EF4DYRGBNHsOeCoy5nQwlRh+QECS2boc=; b=cES 6dp8FUdzCbMztTjgDzBMNZj04FdbYXLV4X8EVjmjOLodMPJPVy2kAvv7lVvCU7zE WF7ZJ6fL77OqMCDVCD8lcflJheQIsIHad14AheJB0DXhFEvFq6sM+0S/9JtO/z74 p+JvhpPf+MuEkLB1ia5EBmW1ei+SXxi5rWFlosovhfgSVLLy1xW6ZhrdTnUr7hSa yt+gLIcANfkCRYkFtE2t7m/5V4XpJw3v9Z0QaDZE+jDTyuaT1lvIC4ZlYWv4DOp9 ZJ3LoCZXFsLtoHQoZ5/DpdEM856g0hn8sWZtyA1y/wrPubVKY/Hr9Z2XLnIBsOuq qvSKA+/EiGW/eg70uNg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wjfay664r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 Feb 2024 19:35:48 -0800 (PST) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 29 Feb 2024 19:35:46 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 29 Feb 2024 19:35:46 -0800 Received: from cavium-OptiPlex-3070-BM17.. (unknown [10.28.34.33]) by maili.marvell.com (Postfix) with ESMTP id A0B253F710F; Thu, 29 Feb 2024 19:35:43 -0800 (PST) From: To: Nithin Dabilpuram , Kiran Kumar K , Sunil Kumar Kori , Satha Rao , Jerin Jacob CC: , Satheesh Paul , , Harman Kalra Subject: [dpdk-dev] [PATCH v2 2/2] common/cnxk: fix possible out-of-bounds access Date: Fri, 1 Mar 2024 09:05:34 +0530 Message-ID: <20240301033534.1968900-2-psatheesh@marvell.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240301033534.1968900-1-psatheesh@marvell.com> References: <20240228064643.1923169-1-psatheesh@marvell.com> <20240301033534.1968900-1-psatheesh@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: 1i6OJPXS5svLXQfCUwl3z42Wx7q21bdg X-Proofpoint-GUID: 1i6OJPXS5svLXQfCUwl3z42Wx7q21bdg X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-29_08,2024-02-29_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Satheesh Paul The subtraction expression in mbox_memcpy() can wrap around causing an out-of-bounds access. Added a check on 'size' to fix this. Coverity issue: 384431, 384439 Fixes: 585bb3e538f9 ("common/cnxk: add VF support to base device class") Cc: stable@dpdk.org Signed-off-by: Satheesh Paul Reviewed-by: Harman Kalra --- drivers/common/cnxk/roc_dev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/common/cnxk/roc_dev.c b/drivers/common/cnxk/roc_dev.c index 084343c3b4..14aff233d5 100644 --- a/drivers/common/cnxk/roc_dev.c +++ b/drivers/common/cnxk/roc_dev.c @@ -502,6 +502,8 @@ pf_vf_mbox_send_up_msg(struct dev *dev, void *rec_msg) size_t size; size = PLT_ALIGN(mbox_id2size(msg->hdr.id), MBOX_MSG_ALIGN); + if (size < sizeof(struct mbox_msghdr)) + return; /* Send UP message to all VF's */ for (vf = 0; vf < vf_mbox->ndevs; vf++) { /* VF active */ -- 2.39.2