DPDK patches and discussions
 help / color / mirror / Atom feed
From: Soumyadeep Hore <soumyadeep.hore@intel.com>
To: bruce.richardson@intel.com, ian.stokes@intel.com,
	aman.deep.singh@intel.com
Cc: dev@dpdk.org, shaiq.wani@intel.com
Subject: [PATCH v1 04/12] net/ice: avoid reading past end of PFA
Date: Thu, 22 Aug 2024 09:56:04 +0000	[thread overview]
Message-ID: <20240822095612.216214-5-soumyadeep.hore@intel.com> (raw)
In-Reply-To: <20240822095612.216214-1-soumyadeep.hore@intel.com>

The ice_get_pfa_module_tlv() function iterates over the Preserved Fields
Area to read data from the Shadow RAM, including the Part Board Assembly
data, among others.

If the specific TLV being requested is not found in the current NVM, the
code will read past the end of the PFA, misinterpreting the last word of
the PFA and the word just after the PFA as another TLV. This typically
results in one extra iteration before the length check of the while loop is
triggered.

Signed-off-by: Soumyadeep Hore <soumyadeep.hore@intel.com>
---
 drivers/net/ice/base/ice_nvm.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ice/base/ice_nvm.c b/drivers/net/ice/base/ice_nvm.c
index 5e982de4b5..0124cef04c 100644
--- a/drivers/net/ice/base/ice_nvm.c
+++ b/drivers/net/ice/base/ice_nvm.c
@@ -498,11 +498,16 @@ ice_get_pfa_module_tlv(struct ice_hw *hw, u16 *module_tlv, u16 *module_tlv_len,
 		ice_debug(hw, ICE_DBG_INIT, "Failed to read PFA length.\n");
 		return status;
 	}
-	/* Starting with first TLV after PFA length, iterate through the list
+	/* The Preserved Fields Area contains a sequence of TLVs which define
+	 * its contents. The PFA length includes all of the TLVs, plus its
+	 * initial length word itself, *and* one final word at the end of all
+	 * of the TLVs.
+	 *
+	 * Starting with first TLV after PFA length, iterate through the list
 	 * of TLVs to find the requested one.
 	 */
 	next_tlv = pfa_ptr + 1;
-	while (next_tlv < ((u32)pfa_ptr + pfa_len)) {
+	while (next_tlv < ((u32)pfa_ptr + pfa_len - 1)) {
 		u16 tlv_sub_module_type;
 		u16 tlv_len;
 
-- 
2.43.0


  parent reply	other threads:[~2024-08-22 10:51 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-22  9:56 [PATCH v1 00/12] Align ICE shared code with Base driver Soumyadeep Hore
2024-08-22  9:56 ` [PATCH v1 01/12] net/ice: use correct format specifiers for unsigned ints Soumyadeep Hore
2024-08-22  9:56 ` [PATCH v1 02/12] net/ice: updates for ptp init GNRD Soumyadeep Hore
2024-08-22  9:56 ` [PATCH v1 03/12] net/ice: add new tag definitions Soumyadeep Hore
2024-08-22  9:56 ` Soumyadeep Hore [this message]
2024-08-22 14:41   ` [PATCH v1 04/12] net/ice: avoid reading past end of PFA Bruce Richardson
2024-08-22  9:56 ` [PATCH v1 05/12] net/ice: update PTP init Soumyadeep Hore
2024-08-22  9:56 ` [PATCH v1 06/12] net/ice: address compilation errors Soumyadeep Hore
2024-08-22  9:56 ` [PATCH v1 07/12] net/ice: fix link speed for 200G Soumyadeep Hore
2024-08-22  9:56 ` [PATCH v1 08/12] net/ice: update iteration of TLVs in Preserved Fields Area Soumyadeep Hore
2024-08-22 14:45   ` Bruce Richardson
2024-08-23  6:55     ` Hore, Soumyadeep
2024-08-22  9:56 ` [PATCH v1 09/12] net/ice: correct Tx Scheduler AQ command RD bit for E825C Soumyadeep Hore
2024-08-22  9:56 ` [PATCH v1 10/12] net/ice: support optional flags in signature segment header Soumyadeep Hore
2024-08-22  9:56 ` [PATCH v1 11/12] net/ice: update E830 50G branding strings Soumyadeep Hore
2024-08-22  9:56 ` [PATCH v1 12/12] net/ice: add support for FEC auto-detect for Connorsville Soumyadeep Hore
2024-08-22 18:53 ` [PATCH v2 00/12] Align ICE shared code with Base driver Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 01/12] net/ice: use correct format specifiers for unsigned ints Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 02/12] net/ice: updates for ptp init in E825C Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 03/12] net/ice: add new tag definitions Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 04/12] net/ice: avoid reading past end of PFA Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 05/12] net/ice: update PTP init Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 06/12] net/ice: address compilation errors Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 07/12] net/ice: fix link speed for 200G Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 08/12] net/ice: update iteration of TLVs in Preserved Fields Area Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 09/12] net/ice: correct Tx Scheduler AQ command RD bit for E825C Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 10/12] net/ice: support optional flags in signature segment header Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 11/12] net/ice: update E830 50G branding strings Soumyadeep Hore
2024-08-22 18:53   ` [PATCH v2 12/12] net/ice: add support for FEC auto-detect for E830 Soumyadeep Hore
2024-08-23  9:56     ` [PATCH v3 00/12] Align ICE shared code with Base driver Soumyadeep Hore
2024-08-23  9:56       ` [PATCH v3 01/12] net/ice: use correct format specifiers for unsigned ints Soumyadeep Hore
2024-08-27 10:00         ` Bruce Richardson
2024-08-23  9:56       ` [PATCH v3 02/12] net/ice: updates for ptp init in E825C Soumyadeep Hore
2024-08-28 10:53         ` Bruce Richardson
2024-08-23  9:56       ` [PATCH v3 03/12] net/ice: add new tag definitions Soumyadeep Hore
2024-08-23  9:56       ` [PATCH v3 04/12] net/ice: avoid reading past end of PFA Soumyadeep Hore
2024-08-28 15:36         ` Bruce Richardson
2024-08-23  9:56       ` [PATCH v3 05/12] net/ice: update PTP init Soumyadeep Hore
2024-08-23  9:56       ` [PATCH v3 06/12] net/ice: address compilation errors Soumyadeep Hore
2024-08-23  9:56       ` [PATCH v3 07/12] net/ice: fix link speed for 200G Soumyadeep Hore
2024-08-23  9:56       ` [PATCH v3 08/12] net/ice: update iteration of TLVs in Preserved Fields Area Soumyadeep Hore
2024-08-28 16:05         ` Bruce Richardson
2024-08-23  9:56       ` [PATCH v3 09/12] net/ice: correct Tx Scheduler AQ command RD bit for E825C Soumyadeep Hore
2024-08-23  9:56       ` [PATCH v3 10/12] net/ice: support optional flags in signature segment header Soumyadeep Hore
2024-08-23  9:56       ` [PATCH v3 11/12] net/ice: update E830 50G branding strings Soumyadeep Hore
2024-08-23  9:56       ` [PATCH v3 12/12] net/ice: add support for FEC auto-detect for E830 Soumyadeep Hore
2024-08-26 15:55       ` [PATCH v3 00/12] Align ICE shared code with Base driver Patrick Robb
2024-08-28 16:42       ` Bruce Richardson
2024-09-13 10:22         ` Bruce Richardson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240822095612.216214-5-soumyadeep.hore@intel.com \
    --to=soumyadeep.hore@intel.com \
    --cc=aman.deep.singh@intel.com \
    --cc=bruce.richardson@intel.com \
    --cc=dev@dpdk.org \
    --cc=ian.stokes@intel.com \
    --cc=shaiq.wani@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).