From: Rasesh Mody <rasesh.mody@cavium.com>
To: <dev@dpdk.org>, <ferruh.yigit@intel.com>
Cc: Rasesh Mody <rasesh.mody@cavium.com>, <stable@dpdk.org>,
<Dept-EngDPDKDev@cavium.com>
Subject: [dpdk-stable] [PATCH v2 13/21] net/qede/base: fix out-of-bound memory access
Date: Fri, 17 Mar 2017 23:53:28 -0700 [thread overview]
Message-ID: <1489820014-13279-4-git-send-email-rasesh.mody@cavium.com> (raw)
In-Reply-To: <2152c44b-3013-b709-16c0-cdef9c20fce2@intel.com>
Fix out-of-bound memory access on Management FW interaction for
resource allocation
Fixes: 252b88b58f70 ("net/qede/base: add selftest and query sensor info")
Signed-off-by: Rasesh Mody <rasesh.mody@cavium.com>
---
drivers/net/qede/base/ecore_mcp.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/net/qede/base/ecore_mcp.c b/drivers/net/qede/base/ecore_mcp.c
index e0d247b..cb3e0bd 100644
--- a/drivers/net/qede/base/ecore_mcp.c
+++ b/drivers/net/qede/base/ecore_mcp.c
@@ -2426,15 +2426,15 @@ enum _ecore_status_t ecore_mcp_get_resc_info(struct ecore_hwfn *p_hwfn,
u32 *p_mcp_resp, u32 *p_mcp_param)
{
struct ecore_mcp_mb_params mb_params;
- union drv_union_data *p_union_data;
+ union drv_union_data union_data;
enum _ecore_status_t rc;
OSAL_MEM_ZERO(&mb_params, sizeof(mb_params));
mb_params.cmd = DRV_MSG_GET_RESOURCE_ALLOC_MSG;
mb_params.param = ECORE_RESC_ALLOC_VERSION;
- p_union_data = (union drv_union_data *)p_resc_info;
- mb_params.p_data_src = p_union_data;
- mb_params.p_data_dst = p_union_data;
+ OSAL_MEMCPY(&union_data.resource, p_resc_info, sizeof(*p_resc_info));
+ mb_params.p_data_src = &union_data;
+ mb_params.p_data_dst = &union_data;
rc = ecore_mcp_cmd_and_union(p_hwfn, p_ptt, &mb_params);
if (rc != ECORE_SUCCESS)
return rc;
@@ -2442,6 +2442,8 @@ enum _ecore_status_t ecore_mcp_get_resc_info(struct ecore_hwfn *p_hwfn,
*p_mcp_resp = mb_params.mcp_resp;
*p_mcp_param = mb_params.mcp_param;
+ OSAL_MEMCPY(p_resc_info, &union_data.resource, sizeof(*p_resc_info));
+
DP_VERBOSE(p_hwfn, ECORE_MSG_SP,
"MFW resource_info: version 0x%x, res_id 0x%x, size 0x%x,"
" offset 0x%x, vf_size 0x%x, vf_offset 0x%x, flags 0x%x\n",
--
1.7.10.3
next prev parent reply other threads:[~2017-03-18 6:57 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1488181923-9649-1-git-send-email-rasesh.mody@cavium.com>
2017-03-02 13:04 ` [dpdk-stable] [dpdk-dev] [PATCH 01/21] net/qede/base: fix incorrect typecasting of flag Ferruh Yigit
2017-03-06 20:02 ` Mody, Rasesh
2017-03-18 6:48 ` [dpdk-stable] [PATCH v2 " Rasesh Mody
2017-03-20 17:15 ` Ferruh Yigit
2017-03-18 6:50 ` [dpdk-stable] [PATCH v2 02/21] net/qede/base: fix to set pointers to NULL after freeing Rasesh Mody
2017-03-18 6:50 ` [dpdk-stable] [PATCH v2 03/21] net/qede/base: fix forcing driver default resc allocation Rasesh Mody
2017-03-18 6:50 ` [dpdk-stable] [PATCH v2 04/21] net/qede/base: fix TM block ILT initialization Rasesh Mody
2017-03-18 6:50 ` [dpdk-stable] [PATCH v2 05/21] net/qede/base: fix printout Rasesh Mody
2017-03-18 6:50 ` [dpdk-stable] [PATCH v2 06/21] net/qede/base: fix VF init after malicious VF FLR Rasesh Mody
2017-03-18 6:50 ` [dpdk-stable] [PATCH v2 07/21] net/qede/base: fix numbering L2 VF queues Rasesh Mody
2017-03-18 6:50 ` [dpdk-stable] [PATCH v2 08/21] net/qede/base: fix index printing of multi-bit attentions Rasesh Mody
2017-03-18 6:50 ` [dpdk-stable] [PATCH v2 09/21] net/qede/base: fix to prevent VF promisc config Rasesh Mody
2017-03-18 6:53 ` [dpdk-stable] [PATCH v2 10/21] net/qede/base: add attention bits for AH chip Rasesh Mody
2017-03-18 6:53 ` [dpdk-stable] [PATCH v2 11/21] net/qede/base: fix printout Rasesh Mody
2017-03-18 6:53 ` [dpdk-stable] [PATCH v2 12/21] net/qede/base: fix DORQ attention mask Rasesh Mody
2017-03-18 6:53 ` Rasesh Mody [this message]
2017-03-18 6:53 ` [dpdk-stable] [PATCH v2 14/21] net/qede/base: fix to remove redundant memset Rasesh Mody
2017-03-18 6:53 ` [dpdk-stable] [PATCH v2 15/21] net/qede/base: fix remove the unneeded conversion to LE Rasesh Mody
2017-03-18 6:53 ` [dpdk-stable] [PATCH v2 16/21] net/qede/base: fix first VF index calculation Rasesh Mody
2017-03-18 6:53 ` [dpdk-stable] [PATCH v2 17/21] net/qede/base: fix typo Rasesh Mody
2017-03-18 6:53 ` [dpdk-stable] [PATCH v2 18/21] net/qede/base: refactor return path Rasesh Mody
2017-03-18 6:53 ` [dpdk-stable] [PATCH v2 19/21] net/qede/base: fix sriov typo Rasesh Mody
2017-03-18 6:57 ` [dpdk-stable] [PATCH v2 20/21] net/qede/base: fix resource lock minimum value Rasesh Mody
2017-03-18 6:57 ` [dpdk-stable] [PATCH v2 21/21] net/qede/base: fix to use NULL pointer Rasesh Mody
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1489820014-13279-4-git-send-email-rasesh.mody@cavium.com \
--to=rasesh.mody@cavium.com \
--cc=Dept-EngDPDKDev@cavium.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).