From: Jake Freeland <jfree@FreeBSD.org>
To: Chenbo Xia <chenbox@nvidia.com>,
Nipun Gupta <nipun.gupta@amd.com>,
Tyler Retzlaff <roretzla@linux.microsoft.com>,
Bruce Richardson <bruce.richardson@intel.com>
Cc: Jake Freeland <jfree@FreeBSD.org>, dev@dpdk.org
Subject: [PATCH 3/4] bus/pci/bsd: Eliminate potential overflow
Date: Tue, 6 May 2025 12:40:43 -0500 [thread overview]
Message-ID: <20250506174046.1136711-4-jfree@FreeBSD.org> (raw)
In-Reply-To: <20250506174046.1136711-1-jfree@FreeBSD.org>
When calling rte_pci_write_config(), use memcpy(3) to copy @len bytes
of @buf into local memory instead of casting it to a uint32_t pointer
and dereferencing it. This prevents us from reading data outside of
@buf in the case that @buf has a length less than 32 bits.
Signed-off-by: Jake Freeland <jfree@FreeBSD.org>
---
drivers/bus/pci/bsd/pci.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/bus/pci/bsd/pci.c b/drivers/bus/pci/bsd/pci.c
index 0581daf130..c64cd2c86c 100644
--- a/drivers/bus/pci/bsd/pci.c
+++ b/drivers/bus/pci/bsd/pci.c
@@ -467,7 +467,6 @@ int rte_pci_write_config(const struct rte_pci_device *dev,
.pc_func = dev->addr.function,
},
.pi_reg = offset,
- .pi_data = *(const uint32_t *)buf,
.pi_width = len,
};
@@ -476,7 +475,7 @@ int rte_pci_write_config(const struct rte_pci_device *dev,
goto error;
}
- memcpy(&pi.pi_data, buf, len);
+ memcpy(&pi.pi_data, buf, MIN(len, sizeof(pi.pi_data)));
fd = open("/dev/pci", O_RDWR);
if (fd < 0) {
--
2.47.2
next prev parent reply other threads:[~2025-05-06 17:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-06 17:40 [PATCH 0/4] BSD PCI Fixes Jake Freeland
2025-05-06 17:40 ` [PATCH 1/4] bus/pci: Use force-noreplace flag when mapping PCI resources Jake Freeland
2025-05-08 11:32 ` Burakov, Anatoly
2025-05-06 17:40 ` [PATCH 2/4] bus/pci/bsd: Map resources at EAL baseaddr Jake Freeland
2025-05-08 11:31 ` Burakov, Anatoly
2025-05-06 17:40 ` Jake Freeland [this message]
2025-05-08 11:28 ` [PATCH 3/4] bus/pci/bsd: Eliminate potential overflow Burakov, Anatoly
2025-05-06 17:40 ` [PATCH 4/4] bus/pci/bsd: Fix device existence check Jake Freeland
2025-05-08 11:27 ` Burakov, Anatoly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250506174046.1136711-4-jfree@FreeBSD.org \
--to=jfree@freebsd.org \
--cc=bruce.richardson@intel.com \
--cc=chenbox@nvidia.com \
--cc=dev@dpdk.org \
--cc=nipun.gupta@amd.com \
--cc=roretzla@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).