From: Andrew Rybchenko <arybchenko@solarflare.com>
To: <dev@dpdk.org>
Cc: Martin Harvey <mharvey@solarflare.com>, <stable@dpdk.org>
Subject: [dpdk-dev] [PATCH 21/37] net/sfc/base: avoid usage of too big arrays on stack
Date: Mon, 10 Sep 2018 10:33:20 +0100 [thread overview]
Message-ID: <1536572016-18134-22-git-send-email-arybchenko@solarflare.com> (raw)
In-Reply-To: <1536572016-18134-1-git-send-email-arybchenko@solarflare.com>
From: Martin Harvey <mharvey@solarflare.com>
Found by PreFAST static analysis.
Fixes: 1dae25112a54 ("net/sfc/base: import built-in selftest")
Fixes: d96a34d165b1 ("net/sfc/base: import NVRAM support")
Cc: stable@dpdk.org
Signed-off-by: Martin Harvey <mharvey@solarflare.com>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
---
drivers/net/sfc/base/ef10_phy.c | 18 +++++++++++++++---
drivers/net/sfc/base/efx_nvram.c | 27 ++++++++++++++++++---------
2 files changed, 33 insertions(+), 12 deletions(-)
diff --git a/drivers/net/sfc/base/ef10_phy.c b/drivers/net/sfc/base/ef10_phy.c
index 84acb70a1..e9c7b40e4 100644
--- a/drivers/net/sfc/base/ef10_phy.c
+++ b/drivers/net/sfc/base/ef10_phy.c
@@ -583,14 +583,26 @@ ef10_bist_poll(
unsigned long *valuesp,
__in size_t count)
{
+ /*
+ * MCDI_CTL_SDU_LEN_MAX_V1 is large enough cover all BIST results,
+ * whilst not wasting stack.
+ */
+ uint8_t payload[MAX(MC_CMD_POLL_BIST_IN_LEN, MCDI_CTL_SDU_LEN_MAX_V1)];
efx_nic_cfg_t *encp = &(enp->en_nic_cfg);
efx_mcdi_req_t req;
- uint8_t payload[MAX(MC_CMD_POLL_BIST_IN_LEN,
- MCDI_CTL_SDU_LEN_MAX)];
uint32_t value_mask = 0;
uint32_t result;
efx_rc_t rc;
+ EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_LEN <=
+ MCDI_CTL_SDU_LEN_MAX_V1);
+ EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_SFT9001_LEN <=
+ MCDI_CTL_SDU_LEN_MAX_V1);
+ EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_MRSFP_LEN <=
+ MCDI_CTL_SDU_LEN_MAX_V1);
+ EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_MEM_LEN <=
+ MCDI_CTL_SDU_LEN_MAX_V1);
+
_NOTE(ARGUNUSED(type))
(void) memset(payload, 0, sizeof (payload));
@@ -598,7 +610,7 @@ ef10_bist_poll(
req.emr_in_buf = payload;
req.emr_in_length = MC_CMD_POLL_BIST_IN_LEN;
req.emr_out_buf = payload;
- req.emr_out_length = MCDI_CTL_SDU_LEN_MAX;
+ req.emr_out_length = MCDI_CTL_SDU_LEN_MAX_V1;
efx_mcdi_execute(enp, &req);
diff --git a/drivers/net/sfc/base/efx_nvram.c b/drivers/net/sfc/base/efx_nvram.c
index 9000fe886..d7b1a6778 100644
--- a/drivers/net/sfc/base/efx_nvram.c
+++ b/drivers/net/sfc/base/efx_nvram.c
@@ -869,23 +869,27 @@ efx_mcdi_nvram_write(
__in size_t size)
{
efx_mcdi_req_t req;
- uint8_t payload[MAX(MCDI_CTL_SDU_LEN_MAX_V1,
- MCDI_CTL_SDU_LEN_MAX_V2)];
+ uint8_t *payload;
efx_rc_t rc;
size_t max_data_size;
+ size_t payload_len = enp->en_nic_cfg.enc_mcdi_max_payload_length;
- max_data_size = enp->en_nic_cfg.enc_mcdi_max_payload_length
- - MC_CMD_NVRAM_WRITE_IN_LEN(0);
- EFSYS_ASSERT3U(enp->en_nic_cfg.enc_mcdi_max_payload_length, >, 0);
- EFSYS_ASSERT3U(max_data_size, <,
- enp->en_nic_cfg.enc_mcdi_max_payload_length);
+ max_data_size = payload_len - MC_CMD_NVRAM_WRITE_IN_LEN(0);
+ EFSYS_ASSERT3U(payload_len, >, 0);
+ EFSYS_ASSERT3U(max_data_size, <, payload_len);
if (size > max_data_size) {
rc = EINVAL;
goto fail1;
}
- (void) memset(payload, 0, sizeof (payload));
+ EFSYS_KMEM_ALLOC(enp->en_esip, payload_len, payload);
+ if (payload == NULL) {
+ rc = ENOMEM;
+ goto fail2;
+ }
+
+ (void) memset(payload, 0, payload_len);
req.emr_cmd = MC_CMD_NVRAM_WRITE;
req.emr_in_buf = payload;
req.emr_in_length = MC_CMD_NVRAM_WRITE_IN_LEN(size);
@@ -903,11 +907,16 @@ efx_mcdi_nvram_write(
if (req.emr_rc != 0) {
rc = req.emr_rc;
- goto fail2;
+ goto fail3;
}
+ EFSYS_KMEM_FREE(enp->en_esip, payload_len, payload);
+
return (0);
+fail3:
+ EFSYS_PROBE(fail3);
+ EFSYS_KMEM_FREE(enp->en_esip, payload_len, payload);
fail2:
EFSYS_PROBE(fail2);
fail1:
--
2.17.1
next prev parent reply other threads:[~2018-09-10 9:33 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-10 9:32 [dpdk-dev] [PATCH 00/37] net/sfc: update base driver Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 01/37] net/sfc/base: fix PreFAST warnings because of unused return Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 02/37] net/sfc/base: fix invalid order of memset arguments Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 03/37] net/sfc/base: fix output buffer SAL annotation Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 04/37] net/sfc/base: highlight that image layout header generated Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 05/37] net/sfc/base: fix erroneous SAL annotation for input buffers Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 06/37] net/sfc/base: properly align on line continuation Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 07/37] net/sfc/base: add space after sizeof Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 08/37] net/sfc/base: fix build failure because of no declaration Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 09/37] net/sfc/base: add more definitions of partitions Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 10/37] net/sfc/base: fix outer IPID field in TSO option descriptors Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 11/37] net/sfc/base: move empty efsys definitions to EFX headers Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 12/37] net/sfc/base: add check for TUNNEL module in NIC reset API Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 13/37] net/sfc/base: refactor monitors support Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 14/37] net/sfc/base: remove probes when a Tx queue is too full Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 15/37] net/sfc/base: add generated description of sensors Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 16/37] net/sfc/base: check size of memory to read sensors data to Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 17/37] net/sfc/base: add API to retrieve sensor limits Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 18/37] net/sfc/base: add buffer editing functions to boot config Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 19/37] net/sfc/base: add accessor for default port mode Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 20/37] net/sfc/base: generalise EF10 NVRAM buffer interface Andrew Rybchenko
2018-09-10 9:33 ` Andrew Rybchenko [this message]
2018-09-10 9:33 ` [dpdk-dev] [PATCH 22/37] net/sfc/base: add information if TSO workaround is required Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 23/37] net/sfc/base: fix out of bounds read when dereferencing sdup Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 24/37] net/sfc/base: add routine to check for hardware presence Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 25/37] net/sfc/base: add API to inform libefx of hardware removal Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 26/37] net/sfc/base: fix ID retrival in v3 licensing Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 27/37] net/sfc/base: prevent access to the NIC config before probe Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 28/37] net/sfc/base: fix name of the argument to store RSS flags Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 29/37] net/sfc/base: fix a typo in unicast filter insertion comment Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 30/37] net/sfc/base: add support to get active FEC type Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 31/37] net/sfc/base: use simpler code to check hash algorithm type Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 32/37] net/sfc/base: check buffer size for hash flags Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 33/37] net/sfc/base: simplify the code to parse RSS hash type Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 34/37] net/sfc/base: improve handling of legacy RSS hash flags Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 35/37] net/sfc/base: modify phy caps to indicate FEC request Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 36/37] net/sfc/base: fix MAC Tx stats for less or equal to 64 bytes Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 37/37] net/sfc/base: add helper API to make Geneve filter spec Andrew Rybchenko
2018-09-21 10:28 ` [dpdk-dev] [PATCH 00/37] net/sfc: update base driver Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1536572016-18134-22-git-send-email-arybchenko@solarflare.com \
--to=arybchenko@solarflare.com \
--cc=dev@dpdk.org \
--cc=mharvey@solarflare.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).