From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-eopbgr720088.outbound.protection.outlook.com [40.107.72.88]) by dpdk.org (Postfix) with ESMTP id BC1034C93; Sat, 9 Mar 2019 15:03:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=AQUANTIA1COM.onmicrosoft.com; s=selector1-aquantia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CAvHW3PobxJ9ecLtd9m6eO1s5nLpGGx1XnR0ZRy43SY=; b=HBNPckPF2vO1no0g29gkhkMF5frxc9q/PRafd6p8tOztHA8gT8cZttJpulhOHNzhZmwDXjjSnYIGRZcTkib+sxd7RUIrNztGVRTT3vl/ZrPva0HDTu6hIUluBGp3FM7oGFXMfYVWXWrJHRRfkl2BimKTCG8AjS9Pww7C/MRV/54= Received: from DM6PR11MB3625.namprd11.prod.outlook.com (20.178.230.149) by DM6PR11MB2892.namprd11.prod.outlook.com (20.177.216.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.18; Sat, 9 Mar 2019 14:03:30 +0000 Received: from DM6PR11MB3625.namprd11.prod.outlook.com ([fe80::d145:a1f4:ed34:e31b]) by DM6PR11MB3625.namprd11.prod.outlook.com ([fe80::d145:a1f4:ed34:e31b%3]) with mapi id 15.20.1665.020; Sat, 9 Mar 2019 14:03:30 +0000 From: Igor Russkikh To: "dev@dpdk.org" CC: Pavel Belous , Igor Russkikh , "stable@dpdk.org" , Pavel Belous Thread-Topic: [PATCH v2 04/10] net/atlantic: fix buffer overflow Thread-Index: AQHU1oDgF1zF5O8EcEq7UzfKsv+Law== Date: Sat, 9 Mar 2019 14:03:30 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR05CA0278.eurprd05.prod.outlook.com (2603:10a6:3:fc::30) To DM6PR11MB3625.namprd11.prod.outlook.com (2603:10b6:5:13a::21) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Igor.Russkikh@aquantia.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [95.79.108.179] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 25faaeb8-dc9b-45f6-3e9e-08d6a4980243 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:DM6PR11MB2892; x-ms-traffictypediagnostic: DM6PR11MB2892: x-microsoft-exchange-diagnostics: =?iso-8859-1?Q?1; DM6PR11MB2892; 23:IxolDbZXOtYIpksTCLUhF51yO7iY/rsb6L8EJb0?= =?iso-8859-1?Q?u1tN4SKgKvK407dCdSOcfb2vKCtf7avIOsfY7bjvpj+tncbT+1OebWmiwd?= =?iso-8859-1?Q?f8BaQHisYu7Ec9uCtY9cIMZjLD4T63YQdSky133Pyegix3AHImTwq43gWE?= =?iso-8859-1?Q?bCDT8utAWqtRG/v8Hcs/0RAjRJaAzwA03mOVCIbr/i2y7se43pzEg/LnUw?= =?iso-8859-1?Q?ghmf0KdJRTdyC/rCYiW7mDQ3KLITGtUrCHqvIR0oVRHQLrAWj3PYI5Ae4G?= =?iso-8859-1?Q?r6ro97UOBqppNx51WtgRuIPoateNyaKBRilky9ZziErc+JuKFMoG32rH0v?= =?iso-8859-1?Q?B+GwRMLt+CXxam+w0FB9z5T1b2dvYdZhcwkd5Kcs03EkdY/qOALBtScDSz?= =?iso-8859-1?Q?97oqZYQy6+1je4JojtQW0iMXX+q9miRub3m6v0lUR/nQZkMKto6eBKhBTO?= =?iso-8859-1?Q?C2avsC1RaD/58VPHZdtNec/voTPV03OPJTDhj8kifY9RBHQZVcS/V7A4G0?= =?iso-8859-1?Q?A5tRnx1Q5ORsvjFaW32u6mjz1ucyl54Jz85k/+s4lUQwrUo5RtVgHKmrgx?= =?iso-8859-1?Q?FAkgCqs+4lv7wNsrSeWQMALs0vG4HylY2mqinawPA2jjvrLUyPmLIKHAvX?= =?iso-8859-1?Q?zQzrJYTDspsNj23odmnOWN9c/Yi5VZM7uP3Mby2afgI1V1Lly3lA6mgIU3?= =?iso-8859-1?Q?cwWQW7YZyGRvZBN766N2tGqSkr/4IXs5sqfgPPER9OoZOZRYgoWmi44aeu?= =?iso-8859-1?Q?YameU/BPKc87M5TN562G+F99OP6q4b6u2+mMIaAtnbmO5SZqveaTTSFgN5?= =?iso-8859-1?Q?hv/L7RrMrs6Sugn9DD+CRld5a4/IkI1Fb/b146j5echYqc4Lf+Lf8iu94i?= =?iso-8859-1?Q?yDa3LECickRFkC7Bq346g82L6giMDGTjxzRbA585Je86cQSvd1YCyGjclO?= =?iso-8859-1?Q?SJbBl28/eOjSkcjenfs82hw5WQfveKIsMRPepvNjmofCKqczkO8rj/kgxK?= =?iso-8859-1?Q?tJP2j/139lFSP7wkyZ5MJM4lS4TGjhHBfpI+dzYqpCEOVxGaO3zgShyGrj?= =?iso-8859-1?Q?V72zslye4BJo/RmBLKjuGHs53n/7wu3KvPVlfX6j7Z5f1r6iNPm63J0KtA?= =?iso-8859-1?Q?urMAdR6vZjJBwlAOOXfudehLSJYnzGLLMe1aqAPZP72Y1f5t/V9l2OTtRn?= =?iso-8859-1?Q?LsNyLSbFmBZMbGNpjrAcKOIWK+7g0K6+DC4WAc8N67fyEZvBC5yX25EtqZ?= =?iso-8859-1?Q?ktgqrExfMFh0xE3TpPO+KO4BjmCKw0c/p4phPWsRribU/89f900SIvQlFk?= =?iso-8859-1?Q?g34gMa8YGphQA8+3kLve5dR12BnSqJSb5FAs54WJ801HqjrvNhQbFwoTLH?= =?iso-8859-1?Q?dwCCMpVvWCmy7q1N+4ti/qnpUGbY1Z9CjRao4d1OCAoCKvNS97ldJq2dSp?= =?iso-8859-1?Q?lXF2mCOy7xsc6nYp5XJAyltynQmhx5XlvOn?= x-microsoft-antispam-prvs: x-forefront-prvs: 0971922F40 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(366004)(39850400004)(136003)(346002)(199004)(189003)(106356001)(5660300002)(6116002)(26005)(4326008)(99286004)(52116002)(2906002)(3846002)(76176011)(107886003)(2351001)(105586002)(14454004)(102836004)(97736004)(476003)(68736007)(44832011)(386003)(186003)(486006)(11346002)(446003)(2616005)(6506007)(450100002)(25786009)(2501003)(86362001)(305945005)(7736002)(14444005)(72206003)(8676002)(6486002)(256004)(118296001)(316002)(8936002)(66066001)(6436002)(81156014)(1730700003)(53936002)(5640700003)(81166006)(50226002)(71190400001)(6916009)(54906003)(36756003)(71200400001)(478600001)(6512007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB2892; H:DM6PR11MB3625.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: aquantia.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: SMUIXzy2+GPaRLD+2Rhcfl6EAge7zZpjQdzMpS2fco7EFL9RLrLTZ+Wgm5mztmawCfwlf8xoUMQWOkz80YoDA9o4R1TJtPr7hC558NCiP8VHNjmGkOGiAEDbSZmN9zA0n5I5ZEGoY733VSweGKZm1Y4lAQ2Sy5qIYnsMwAP/mpQ2fGBAKV/gnzEMKYAHRHfsN6U1sDWZ4qk3npZaJJ3LAnyIY5qrju5Fu8PyTAbVf5ltlYQwjUZ+JguckG8bVAztIK/HAB3COYSrjS4gk577t1J9KUx/VBHI0Qucp16ZVIhlaoH+SE1jMbK0Jfv/EFK9U/Q53eLV+G3SlCSlDRJhm1d4HAjJN5/0v2IvKEKPBFtuqZvswHWxk3Ji+wZUO5R2Gmsz4HHNRrT0E2Ma/8/y5K0xpa2c6RdRG2rW7WACsJs= Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: aquantia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 25faaeb8-dc9b-45f6-3e9e-08d6a4980243 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2019 14:03:30.3142 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 83e2e134-991c-4ede-8ced-34d47e38e6b1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2892 Subject: [dpdk-stable] [PATCH v2 04/10] net/atlantic: fix buffer overflow X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Mar 2019 14:03:32 -0000 From: Pavel Belous Found by Coverity scan. This is a real memory corruption. There is no need in extra RTE_ALIGN macros since the request/result structures are 4-byte aligned by definition. Cc: stable@dpdk.org Fixes: ce4e8d418097 ("net/atlantic: implement EEPROM get/set") Signed-off-by: Igor Russkikh Signed-off-by: Pavel Belous --- drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c b/drivers/net/= atlantic/hw_atl/hw_atl_utils_fw2x.c index 6841d9bce39c..f90ccfe9e010 100644 --- a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c +++ b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c @@ -501,7 +501,7 @@ static int aq_fw2x_get_eeprom(struct aq_hw_s *self, u32= *data, u32 len) /* Write SMBUS request to cfg memory */ err =3D hw_atl_utils_fw_upload_dwords(self, self->rpc_addr, (u32 *)(void *)&request, - RTE_ALIGN(sizeof(request), sizeof(u32))); + sizeof(request) / sizeof(u32)); =20 if (err < 0) return err; @@ -523,7 +523,7 @@ static int aq_fw2x_get_eeprom(struct aq_hw_s *self, u32= *data, u32 len) =20 err =3D hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32), &result, - RTE_ALIGN(sizeof(result), sizeof(u32))); + sizeof(result) / sizeof(u32)); =20 if (err < 0) return err; @@ -558,7 +558,7 @@ static int aq_fw2x_set_eeprom(struct aq_hw_s *self, u32= *data, u32 len) /* Write SMBUS request to cfg memory */ err =3D hw_atl_utils_fw_upload_dwords(self, self->rpc_addr, (u32 *)(void *)&request, - RTE_ALIGN(sizeof(request), sizeof(u32))); + sizeof(request) / sizeof(u32)); =20 if (err < 0) return err; @@ -589,7 +589,7 @@ static int aq_fw2x_set_eeprom(struct aq_hw_s *self, u32= *data, u32 len) /* Read status of write operation */ err =3D hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32), &result, - RTE_ALIGN(sizeof(result), sizeof(u32))); + sizeof(result) / sizeof(u32)); =20 if (err < 0) return err; --=20 2.17.1