From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ktraynor@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by dpdk.org (Postfix) with ESMTP id 91B2B1B104
 for <stable@dpdk.org>; Wed, 21 Nov 2018 17:06:01 +0100 (CET)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id E763037F43;
 Wed, 21 Nov 2018 16:06:00 +0000 (UTC)
Received: from ktraynor.remote.csb (unknown [10.36.118.7])
 by smtp.corp.redhat.com (Postfix) with ESMTP id D6BB3608E7;
 Wed, 21 Nov 2018 16:05:59 +0000 (UTC)
From: Kevin Traynor <ktraynor@redhat.com>
To: Martin Harvey <mharvey@solarflare.com>
Cc: Andrew Rybchenko <arybchenko@solarflare.com>, dpdk stable <stable@dpdk.org>
Date: Wed, 21 Nov 2018 16:04:01 +0000
Message-Id: <20181121160440.9014-11-ktraynor@redhat.com>
In-Reply-To: <20181121160440.9014-1-ktraynor@redhat.com>
References: <20181121160440.9014-1-ktraynor@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.29]); Wed, 21 Nov 2018 16:06:01 +0000 (UTC)
Subject: [dpdk-stable] patch 'net/sfc/base: avoid usage of too big arrays on
	stack' has been queued to stable release 18.08.1
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 16:06:02 -0000

Hi,

FYI, your patch has been queued to stable release 18.08.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/26/18. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the patch applied
to the branch. If the code is different (ie: not only metadata diffs), due for example to
a change in context or macro names, please double check it.

Thanks.

Kevin Traynor

---
>>From af46826f4325915429d372d59d40e1258ddc9255 Mon Sep 17 00:00:00 2001
From: Martin Harvey <mharvey@solarflare.com>
Date: Mon, 10 Sep 2018 10:33:20 +0100
Subject: [PATCH] net/sfc/base: avoid usage of too big arrays on stack

[ upstream commit da8692388e7f2cc575b53b2cc76f72f459fd9ca5 ]

Found by PreFAST static analysis.

Fixes: 1dae25112a54 ("net/sfc/base: import built-in selftest")
Fixes: d96a34d165b1 ("net/sfc/base: import NVRAM support")

Signed-off-by: Martin Harvey <mharvey@solarflare.com>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
---
 drivers/net/sfc/base/ef10_phy.c  | 18 +++++++++++++++---
 drivers/net/sfc/base/efx_nvram.c | 27 ++++++++++++++++++---------
 2 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/drivers/net/sfc/base/ef10_phy.c b/drivers/net/sfc/base/ef10_phy.c
index 84acb70a1..e9c7b40e4 100644
--- a/drivers/net/sfc/base/ef10_phy.c
+++ b/drivers/net/sfc/base/ef10_phy.c
@@ -584,12 +584,24 @@ ef10_bist_poll(
 	__in			size_t count)
 {
+	/*
+	 * MCDI_CTL_SDU_LEN_MAX_V1 is large enough cover all BIST results,
+	 * whilst not wasting stack.
+	 */
+	uint8_t payload[MAX(MC_CMD_POLL_BIST_IN_LEN, MCDI_CTL_SDU_LEN_MAX_V1)];
 	efx_nic_cfg_t *encp = &(enp->en_nic_cfg);
 	efx_mcdi_req_t req;
-	uint8_t payload[MAX(MC_CMD_POLL_BIST_IN_LEN,
-			    MCDI_CTL_SDU_LEN_MAX)];
 	uint32_t value_mask = 0;
 	uint32_t result;
 	efx_rc_t rc;
 
+	EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_LEN <=
+	    MCDI_CTL_SDU_LEN_MAX_V1);
+	EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_SFT9001_LEN <=
+	    MCDI_CTL_SDU_LEN_MAX_V1);
+	EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_MRSFP_LEN <=
+	    MCDI_CTL_SDU_LEN_MAX_V1);
+	EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_MEM_LEN <=
+	    MCDI_CTL_SDU_LEN_MAX_V1);
+
 	_NOTE(ARGUNUSED(type))
 
@@ -599,5 +611,5 @@ ef10_bist_poll(
 	req.emr_in_length = MC_CMD_POLL_BIST_IN_LEN;
 	req.emr_out_buf = payload;
-	req.emr_out_length = MCDI_CTL_SDU_LEN_MAX;
+	req.emr_out_length = MCDI_CTL_SDU_LEN_MAX_V1;
 
 	efx_mcdi_execute(enp, &req);
diff --git a/drivers/net/sfc/base/efx_nvram.c b/drivers/net/sfc/base/efx_nvram.c
index f3107bbb5..f9a6ee585 100644
--- a/drivers/net/sfc/base/efx_nvram.c
+++ b/drivers/net/sfc/base/efx_nvram.c
@@ -870,14 +870,12 @@ efx_mcdi_nvram_write(
 {
 	efx_mcdi_req_t req;
-	uint8_t payload[MAX(MCDI_CTL_SDU_LEN_MAX_V1,
-			    MCDI_CTL_SDU_LEN_MAX_V2)];
+	uint8_t *payload;
 	efx_rc_t rc;
 	size_t max_data_size;
+	size_t payload_len = enp->en_nic_cfg.enc_mcdi_max_payload_length;
 
-	max_data_size = enp->en_nic_cfg.enc_mcdi_max_payload_length
-	    - MC_CMD_NVRAM_WRITE_IN_LEN(0);
-	EFSYS_ASSERT3U(enp->en_nic_cfg.enc_mcdi_max_payload_length, >, 0);
-	EFSYS_ASSERT3U(max_data_size, <,
-		    enp->en_nic_cfg.enc_mcdi_max_payload_length);
+	max_data_size = payload_len - MC_CMD_NVRAM_WRITE_IN_LEN(0);
+	EFSYS_ASSERT3U(payload_len, >, 0);
+	EFSYS_ASSERT3U(max_data_size, <, payload_len);
 
 	if (size > max_data_size) {
@@ -886,5 +884,11 @@ efx_mcdi_nvram_write(
 	}
 
-	(void) memset(payload, 0, sizeof (payload));
+	EFSYS_KMEM_ALLOC(enp->en_esip, payload_len, payload);
+	if (payload == NULL) {
+		rc = ENOMEM;
+		goto fail2;
+	}
+
+	(void) memset(payload, 0, payload_len);
 	req.emr_cmd = MC_CMD_NVRAM_WRITE;
 	req.emr_in_buf = payload;
@@ -904,9 +908,14 @@ efx_mcdi_nvram_write(
 	if (req.emr_rc != 0) {
 		rc = req.emr_rc;
-		goto fail2;
+		goto fail3;
 	}
 
+	EFSYS_KMEM_FREE(enp->en_esip, payload_len, payload);
+
 	return (0);
 
+fail3:
+	EFSYS_PROBE(fail3);
+	EFSYS_KMEM_FREE(enp->en_esip, payload_len, payload);
 fail2:
 	EFSYS_PROBE(fail2);
-- 
2.19.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2018-11-21 15:59:13.896090588 +0000
+++ 0011-net-sfc-base-avoid-usage-of-too-big-arrays-on-stack.patch	2018-11-21 15:59:13.000000000 +0000
@@ -1,13 +1,14 @@
-From da8692388e7f2cc575b53b2cc76f72f459fd9ca5 Mon Sep 17 00:00:00 2001
+From af46826f4325915429d372d59d40e1258ddc9255 Mon Sep 17 00:00:00 2001
 From: Martin Harvey <mharvey@solarflare.com>
 Date: Mon, 10 Sep 2018 10:33:20 +0100
 Subject: [PATCH] net/sfc/base: avoid usage of too big arrays on stack
 
+[ upstream commit da8692388e7f2cc575b53b2cc76f72f459fd9ca5 ]
+
 Found by PreFAST static analysis.
 
 Fixes: 1dae25112a54 ("net/sfc/base: import built-in selftest")
 Fixes: d96a34d165b1 ("net/sfc/base: import NVRAM support")
-Cc: stable@dpdk.org
 
 Signed-off-by: Martin Harvey <mharvey@solarflare.com>
 Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
@@ -55,7 +56,7 @@
  
  	efx_mcdi_execute(enp, &req);
 diff --git a/drivers/net/sfc/base/efx_nvram.c b/drivers/net/sfc/base/efx_nvram.c
-index 9000fe886..d7b1a6778 100644
+index f3107bbb5..f9a6ee585 100644
 --- a/drivers/net/sfc/base/efx_nvram.c
 +++ b/drivers/net/sfc/base/efx_nvram.c
 @@ -870,14 +870,12 @@ efx_mcdi_nvram_write(