From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D18C5433AC for ; Thu, 23 Nov 2023 17:17:16 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A8ABF42F21; Thu, 23 Nov 2023 17:17:16 +0100 (CET) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by mails.dpdk.org (Postfix) with ESMTP id CF75F42F0B for ; Thu, 23 Nov 2023 17:17:15 +0100 (CET) Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-3316ad2bee5so582825f8f.1 for ; Thu, 23 Nov 2023 08:17:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700756235; x=1701361035; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cDm/Vt3xjAjNtkt6miWoHxLG7PURa38IGmuZEvSBaTI=; b=k4GKXVpjA91sEz9h46JXuBf3IFiz6cWOHQAyiod6XRU6V7mVPWduTuwlR2oiXMwS0L PZwY8/RrGUhH1gGxBS9a99lYWcp3nRJOw7+NkGVieXdfmmSCZQc5DlvJ5zSlyUNGVQ3L aJ7Dm7Tq2SfPtP5nw3134/zJkIPHeLxZ04I/kklAYDnS1Es+eNzz+4efoUseohdXsP5k DTE5JOdEWb5FSZCxafM1nW2xcPjsscwFlNUGQyJ2uDv59GYuGtWu4jWqetbSB3u5jQam zR3mPF/YCYTckVBQxHPBoNx4TcAyBStYRXxTMx3rUhnzUrGBl6+voGOHgjpleP7dtfQg gdOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700756235; x=1701361035; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cDm/Vt3xjAjNtkt6miWoHxLG7PURa38IGmuZEvSBaTI=; b=uJidH3rvMGC7Y1LM1qU7iWEcQloqXyr0Pu9oqKNZO2g6jz40fhaqDSBslh48aII5mN /i4D8aLmflIQdDUCJozrzmEE/qR6Xn8qp3K7aD80k7QjCppiGTYdFrPVJ8l92VqTPi1n UCM8UiEoqrEsZR/1pV/WtPbl/LW3nwwDNay+8qRDfi9p+MbfC0TNy0MLhYLjrEIeaouD 3jzgI+Z56ZhY52WoHw6NRuMDQfLcsQ+4wagUmHqOVXWjgOIO7yG0/BgKcdjCT/wQgDxR ll64w75H3Z8haIZVlXo/NN913KZ4zFUgdT0mlH258XCOh1HrCNwDsKhwurJZRPi7cJKQ 7xhw== X-Gm-Message-State: AOJu0YxporNGtvth64x8/45iGDm2FV67wdHxVjixAZ//irC60EAhubeZ G9hO+A9Yue3DFKTusZEDItk= X-Google-Smtp-Source: AGHT+IF1kC4ZxvNL+2vzrKUwCW7sJCvFqly1Zj5hD6AGh4n//TeYh58uFqOmNJkNybXwmF+9pdY68w== X-Received: by 2002:a5d:5913:0:b0:32f:7867:112 with SMTP id v19-20020a5d5913000000b0032f78670112mr3342105wrd.13.1700756235184; Thu, 23 Nov 2023 08:17:15 -0800 (PST) Received: from localhost ([137.220.119.58]) by smtp.gmail.com with ESMTPSA id e2-20020a5d4e82000000b00323293bd023sm2075216wru.6.2023.11.23.08.17.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 08:17:14 -0800 (PST) From: luca.boccassi@gmail.com To: Ferruh Yigit Cc: Luca Boccassi , Jiawen Wu , dpdk stable Subject: patch 'net/txgbe: fix out of bound access' has been queued to stable release 20.11.10 Date: Thu, 23 Nov 2023 16:17:01 +0000 Message-Id: <20231123161709.670852-1-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231115114515.2355140-16-luca.boccassi@gmail.com> References: <20231115114515.2355140-16-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 20.11.10 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/25/23. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/30f93c1d99c8a870e5a5e680652879e0ec9226d0 Thanks. Luca Boccassi --- >From 30f93c1d99c8a870e5a5e680652879e0ec9226d0 Mon Sep 17 00:00:00 2001 From: Ferruh Yigit Date: Fri, 17 Nov 2023 10:12:04 +0000 Subject: [PATCH] net/txgbe: fix out of bound access [ upstream commit 4a2ba73b1d1a76a4c270aa34af22229172a7f387 ] Reported by SuSe CI [1] by GCC [2], possibly false positive. Error: In function 'txgbe_host_interface_command', inlined from 'txgbe_host_interface_command' at ../drivers/net/txgbe/base/txgbe_mng.c:104:1, inlined from 'txgbe_hic_reset' at ../drivers/net/txgbe/base/txgbe_mng.c:345:9: ../drivers/net/txgbe/base/txgbe_mng.c:145:36: error: array subscript 2 is outside array bounds ofr 'struct txgbe_hic_reset[1]' [-Werror=array-bounds=] 145 | buffer[bi] = rd32a(hw, TXGBE_MNGMBX, bi); ../drivers/net/txgbe/base/txgbe_mng.c: In function 'txgbe_hic_reset': ../drivers/net/txgbe/base/txgbe_mng.c:331:32: note: at offset 8 into object 'reset_cmd' of size 8 331 | struct txgbe_hic_reset reset_cmd; | ^~~~~~~~~ Access to buffer done based on command code, the case complained by FW_RESET_CMD has short buffer but this code path only taken with command 0x30, so this shouldn't be a problem. Command 0x30 no more used, removing this exception check that cause build error. [1] https://build.opensuse.org/public/build/home:bluca:dpdk/openSUSE_Factory_ARM/armv7l/dpdk-20.11/_log [2] gcc 13.2.1 "cc (SUSE Linux) 13.2.1 20230912 Fixes: 35c90ecccfd4 ("net/txgbe: add EEPROM functions") Reported-by: Luca Boccassi Signed-off-by: Ferruh Yigit Reviewed-by: Jiawen Wu --- drivers/net/txgbe/base/txgbe_mng.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/drivers/net/txgbe/base/txgbe_mng.c b/drivers/net/txgbe/base/txgbe_mng.c index b492dc8f11..3faf5648c7 100644 --- a/drivers/net/txgbe/base/txgbe_mng.c +++ b/drivers/net/txgbe/base/txgbe_mng.c @@ -135,21 +135,7 @@ txgbe_host_interface_command(struct txgbe_hw *hw, u32 *buffer, for (bi = 0; bi < dword_len; bi++) buffer[bi] = rd32a(hw, TXGBE_MNGMBX, bi); - /* - * If there is any thing in data position pull it in - * Read Flash command requires reading buffer length from - * two byes instead of one byte - */ - if (resp->cmd == 0x30) { - for (; bi < dword_len + 2; bi++) - buffer[bi] = rd32a(hw, TXGBE_MNGMBX, bi); - - buf_len = (((u16)(resp->cmd_or_resp.ret_status) << 3) - & 0xF00) | resp->buf_len; - hdr_size += (2 << 2); - } else { - buf_len = resp->buf_len; - } + buf_len = resp->buf_len; if (!buf_len) goto rel_out; -- 2.39.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2023-11-23 16:15:19.261740317 +0000 +++ 0001-net-txgbe-fix-out-of-bound-access.patch 2023-11-23 16:15:19.211058297 +0000 @@ -1 +1 @@ -From 4a2ba73b1d1a76a4c270aa34af22229172a7f387 Mon Sep 17 00:00:00 2001 +From 30f93c1d99c8a870e5a5e680652879e0ec9226d0 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 4a2ba73b1d1a76a4c270aa34af22229172a7f387 ] + @@ -37 +38,0 @@ -Cc: stable@dpdk.org @@ -47 +48 @@ -index df7145094f..029a0a1fe1 100644 +index b492dc8f11..3faf5648c7 100644 @@ -50 +51 @@ -@@ -141,21 +141,7 @@ txgbe_host_interface_command(struct txgbe_hw *hw, u32 *buffer, +@@ -135,21 +135,7 @@ txgbe_host_interface_command(struct txgbe_hw *hw, u32 *buffer,