From: Kevin Traynor <ktraynor@redhat.com>
To: Martin Harvey <mharvey@solarflare.com>
Cc: Andrew Rybchenko <arybchenko@solarflare.com>,
dpdk stable <stable@dpdk.org>
Subject: [dpdk-stable] patch 'net/sfc/base: avoid usage of too big arrays on stack' has been queued to stable release 18.08.1
Date: Wed, 21 Nov 2018 16:04:01 +0000 [thread overview]
Message-ID: <20181121160440.9014-11-ktraynor@redhat.com> (raw)
In-Reply-To: <20181121160440.9014-1-ktraynor@redhat.com>
Hi,
FYI, your patch has been queued to stable release 18.08.1
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/26/18. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the patch applied
to the branch. If the code is different (ie: not only metadata diffs), due for example to
a change in context or macro names, please double check it.
Thanks.
Kevin Traynor
---
>From af46826f4325915429d372d59d40e1258ddc9255 Mon Sep 17 00:00:00 2001
From: Martin Harvey <mharvey@solarflare.com>
Date: Mon, 10 Sep 2018 10:33:20 +0100
Subject: [PATCH] net/sfc/base: avoid usage of too big arrays on stack
[ upstream commit da8692388e7f2cc575b53b2cc76f72f459fd9ca5 ]
Found by PreFAST static analysis.
Fixes: 1dae25112a54 ("net/sfc/base: import built-in selftest")
Fixes: d96a34d165b1 ("net/sfc/base: import NVRAM support")
Signed-off-by: Martin Harvey <mharvey@solarflare.com>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
---
drivers/net/sfc/base/ef10_phy.c | 18 +++++++++++++++---
drivers/net/sfc/base/efx_nvram.c | 27 ++++++++++++++++++---------
2 files changed, 33 insertions(+), 12 deletions(-)
diff --git a/drivers/net/sfc/base/ef10_phy.c b/drivers/net/sfc/base/ef10_phy.c
index 84acb70a1..e9c7b40e4 100644
--- a/drivers/net/sfc/base/ef10_phy.c
+++ b/drivers/net/sfc/base/ef10_phy.c
@@ -584,12 +584,24 @@ ef10_bist_poll(
__in size_t count)
{
+ /*
+ * MCDI_CTL_SDU_LEN_MAX_V1 is large enough cover all BIST results,
+ * whilst not wasting stack.
+ */
+ uint8_t payload[MAX(MC_CMD_POLL_BIST_IN_LEN, MCDI_CTL_SDU_LEN_MAX_V1)];
efx_nic_cfg_t *encp = &(enp->en_nic_cfg);
efx_mcdi_req_t req;
- uint8_t payload[MAX(MC_CMD_POLL_BIST_IN_LEN,
- MCDI_CTL_SDU_LEN_MAX)];
uint32_t value_mask = 0;
uint32_t result;
efx_rc_t rc;
+ EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_LEN <=
+ MCDI_CTL_SDU_LEN_MAX_V1);
+ EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_SFT9001_LEN <=
+ MCDI_CTL_SDU_LEN_MAX_V1);
+ EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_MRSFP_LEN <=
+ MCDI_CTL_SDU_LEN_MAX_V1);
+ EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_MEM_LEN <=
+ MCDI_CTL_SDU_LEN_MAX_V1);
+
_NOTE(ARGUNUSED(type))
@@ -599,5 +611,5 @@ ef10_bist_poll(
req.emr_in_length = MC_CMD_POLL_BIST_IN_LEN;
req.emr_out_buf = payload;
- req.emr_out_length = MCDI_CTL_SDU_LEN_MAX;
+ req.emr_out_length = MCDI_CTL_SDU_LEN_MAX_V1;
efx_mcdi_execute(enp, &req);
diff --git a/drivers/net/sfc/base/efx_nvram.c b/drivers/net/sfc/base/efx_nvram.c
index f3107bbb5..f9a6ee585 100644
--- a/drivers/net/sfc/base/efx_nvram.c
+++ b/drivers/net/sfc/base/efx_nvram.c
@@ -870,14 +870,12 @@ efx_mcdi_nvram_write(
{
efx_mcdi_req_t req;
- uint8_t payload[MAX(MCDI_CTL_SDU_LEN_MAX_V1,
- MCDI_CTL_SDU_LEN_MAX_V2)];
+ uint8_t *payload;
efx_rc_t rc;
size_t max_data_size;
+ size_t payload_len = enp->en_nic_cfg.enc_mcdi_max_payload_length;
- max_data_size = enp->en_nic_cfg.enc_mcdi_max_payload_length
- - MC_CMD_NVRAM_WRITE_IN_LEN(0);
- EFSYS_ASSERT3U(enp->en_nic_cfg.enc_mcdi_max_payload_length, >, 0);
- EFSYS_ASSERT3U(max_data_size, <,
- enp->en_nic_cfg.enc_mcdi_max_payload_length);
+ max_data_size = payload_len - MC_CMD_NVRAM_WRITE_IN_LEN(0);
+ EFSYS_ASSERT3U(payload_len, >, 0);
+ EFSYS_ASSERT3U(max_data_size, <, payload_len);
if (size > max_data_size) {
@@ -886,5 +884,11 @@ efx_mcdi_nvram_write(
}
- (void) memset(payload, 0, sizeof (payload));
+ EFSYS_KMEM_ALLOC(enp->en_esip, payload_len, payload);
+ if (payload == NULL) {
+ rc = ENOMEM;
+ goto fail2;
+ }
+
+ (void) memset(payload, 0, payload_len);
req.emr_cmd = MC_CMD_NVRAM_WRITE;
req.emr_in_buf = payload;
@@ -904,9 +908,14 @@ efx_mcdi_nvram_write(
if (req.emr_rc != 0) {
rc = req.emr_rc;
- goto fail2;
+ goto fail3;
}
+ EFSYS_KMEM_FREE(enp->en_esip, payload_len, payload);
+
return (0);
+fail3:
+ EFSYS_PROBE(fail3);
+ EFSYS_KMEM_FREE(enp->en_esip, payload_len, payload);
fail2:
EFSYS_PROBE(fail2);
--
2.19.0
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2018-11-21 15:59:13.896090588 +0000
+++ 0011-net-sfc-base-avoid-usage-of-too-big-arrays-on-stack.patch 2018-11-21 15:59:13.000000000 +0000
@@ -1,13 +1,14 @@
-From da8692388e7f2cc575b53b2cc76f72f459fd9ca5 Mon Sep 17 00:00:00 2001
+From af46826f4325915429d372d59d40e1258ddc9255 Mon Sep 17 00:00:00 2001
From: Martin Harvey <mharvey@solarflare.com>
Date: Mon, 10 Sep 2018 10:33:20 +0100
Subject: [PATCH] net/sfc/base: avoid usage of too big arrays on stack
+[ upstream commit da8692388e7f2cc575b53b2cc76f72f459fd9ca5 ]
+
Found by PreFAST static analysis.
Fixes: 1dae25112a54 ("net/sfc/base: import built-in selftest")
Fixes: d96a34d165b1 ("net/sfc/base: import NVRAM support")
-Cc: stable@dpdk.org
Signed-off-by: Martin Harvey <mharvey@solarflare.com>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
@@ -55,7 +56,7 @@
efx_mcdi_execute(enp, &req);
diff --git a/drivers/net/sfc/base/efx_nvram.c b/drivers/net/sfc/base/efx_nvram.c
-index 9000fe886..d7b1a6778 100644
+index f3107bbb5..f9a6ee585 100644
--- a/drivers/net/sfc/base/efx_nvram.c
+++ b/drivers/net/sfc/base/efx_nvram.c
@@ -870,14 +870,12 @@ efx_mcdi_nvram_write(
next prev parent reply other threads:[~2018-11-21 16:06 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-21 16:03 [dpdk-stable] patch 'net/sfc/base: fix PreFAST warnings because of unused return' " Kevin Traynor
2018-11-21 16:03 ` [dpdk-stable] patch 'net/sfc/base: fix invalid order of memset arguments' " Kevin Traynor
2018-11-21 16:03 ` [dpdk-stable] patch 'net/sfc/base: fix output buffer SAL annotation' " Kevin Traynor
2018-11-21 16:03 ` [dpdk-stable] patch 'net/sfc/base: fix SAL annotation for input buffers' " Kevin Traynor
2018-11-21 16:03 ` [dpdk-stable] patch 'net/sfc/base: properly align on line continuation' " Kevin Traynor
2018-11-21 16:03 ` [dpdk-stable] patch 'net/sfc/base: add space after sizeof' " Kevin Traynor
2018-11-21 16:03 ` [dpdk-stable] patch 'net/sfc/base: fix build because of no declaration' " Kevin Traynor
2018-11-21 16:03 ` [dpdk-stable] patch 'net/sfc/base: fix outer IPID field in TSO option descriptors' " Kevin Traynor
2018-11-21 16:03 ` [dpdk-stable] patch 'net/sfc/base: add check for TUNNEL module in NIC reset API' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/sfc/base: check size of memory to read sensors data to' " Kevin Traynor
2018-11-21 16:04 ` Kevin Traynor [this message]
2018-11-21 16:04 ` [dpdk-stable] patch 'net/sfc/base: fix out of bounds read when dereferencing sdup' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/sfc/base: fix ID retrieval in v3 licensing' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/sfc/base: prevent access to the NIC config before probe' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/sfc/base: fix name of the argument to store RSS flags' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/sfc/base: fix a typo in unicast filter insertion comment' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/sfc/base: fix MAC Tx stats for less or equal to 64 bytes' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/sfc: fix an Rx queue double release possibility' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/sfc: fix a Tx " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/e1000: fix missing Tx multi-segs capability' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/fm10k: " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/i40e: " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/ixgbe: " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/avf: fix unused variables and label' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/avf: fix missing compiler error flags' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/bonding: fix Rx slave fairness' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/dpaa: fix jumbo buffer config' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/dpaa: fix link speed based on MAC type' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/failsafe: remove not supported multicast MAC filter' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'ethdev: fix error handling in create function' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/sfc/base: make last byte of module information available' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/cxgbe: announce Rx scatter offload' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'ethdev: fix doxygen comment to be with structure' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/avf: remove keeping CRC configuration' " Kevin Traynor
2018-11-22 17:29 ` Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/virtio-user: fix multiple queue for vhost-kernel' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/virtio: add missing supported features' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'vhost: fix corner case for enqueue operation' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/i40e: fix 25G AOC and ACC cable detection on XXV710' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'net/bonding: stop and deactivate slaves on stop' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'doc: fix typo for cryptodev' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'doc: fix missing CCM to QAT feature list' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'examples/ipsec-secgw: fix wrong session size' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'app/test-crypto-perf: fix check for auth key' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'app/test-crypto-perf: fix check for cipher IV' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'app/test-crypto-perf: fix double allocation of memory' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'crypto/aesni_mb: fix possible array overrun' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'crypto/aesni_mb: fix truncated digest size for CMAC' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'compress/qat: fix checksum on decompression' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'compress/qat: remove unnecessary assignment' " Kevin Traynor
2018-11-21 16:04 ` [dpdk-stable] patch 'test/crypto: fix number of queue pairs' " Kevin Traynor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181121160440.9014-11-ktraynor@redhat.com \
--to=ktraynor@redhat.com \
--cc=arybchenko@solarflare.com \
--cc=mharvey@solarflare.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).