From: Andrew Rybchenko <arybchenko@solarflare.com>
To: <dev@dpdk.org>
Cc: Ivan Malov <Ivan.Malov@oktetlabs.ru>
Subject: [dpdk-dev] [PATCH 32/37] net/sfc/base: check buffer size for hash flags
Date: Mon, 10 Sep 2018 10:33:31 +0100 [thread overview]
Message-ID: <1536572016-18134-33-git-send-email-arybchenko@solarflare.com> (raw)
In-Reply-To: <1536572016-18134-1-git-send-email-arybchenko@solarflare.com>
From: Ivan Malov <Ivan.Malov@oktetlabs.ru>
The efx_rx_scale_hash_flags_get interface is unsafe, as it does not
have an argument for the size of the output buffer used to return
the flags. While the only caller currently supplies a sufficiently
large buffer, this should be checked at runtime to avoid writing
past the end of the buffer.
Signed-off-by: Ivan Malov <Ivan.Malov@oktetlabs.ru>
Signed-off-by: Andrew Rybchenko <arybchenko@solarflare.com>
---
drivers/net/sfc/base/efx.h | 3 +-
drivers/net/sfc/base/efx_annote.h | 1 +
drivers/net/sfc/base/efx_rx.c | 120 +++++++++++++++++++-----------
drivers/net/sfc/sfc_rx.c | 2 +-
4 files changed, 81 insertions(+), 45 deletions(-)
diff --git a/drivers/net/sfc/base/efx.h b/drivers/net/sfc/base/efx.h
index cc68f744e..de62b7d50 100644
--- a/drivers/net/sfc/base/efx.h
+++ b/drivers/net/sfc/base/efx.h
@@ -2368,7 +2368,8 @@ extern __checkReturn efx_rc_t
efx_rx_scale_hash_flags_get(
__in efx_nic_t *enp,
__in efx_rx_hash_alg_t hash_alg,
- __inout_ecount(EFX_RX_HASH_NFLAGS) unsigned int *flagsp,
+ __out_ecount_part(max_nflags, *nflagsp) unsigned int *flagsp,
+ __in unsigned int max_nflags,
__out unsigned int *nflagsp);
extern __checkReturn efx_rc_t
diff --git a/drivers/net/sfc/base/efx_annote.h b/drivers/net/sfc/base/efx_annote.h
index 671aaed3b..607b43c77 100644
--- a/drivers/net/sfc/base/efx_annote.h
+++ b/drivers/net/sfc/base/efx_annote.h
@@ -33,6 +33,7 @@
#define __out_opt
#define __out_ecount(_n)
#define __out_ecount_opt(_n)
+#define __out_ecount_part(_n, _l)
#define __out_bcount(_n)
#define __out_bcount_opt(_n)
#define __out_bcount_part(_n, _l)
diff --git a/drivers/net/sfc/base/efx_rx.c b/drivers/net/sfc/base/efx_rx.c
index dfd3974da..bb0c144d7 100644
--- a/drivers/net/sfc/base/efx_rx.c
+++ b/drivers/net/sfc/base/efx_rx.c
@@ -298,13 +298,12 @@ efx_rx_scatter_enable(
efx_rx_scale_hash_flags_get(
__in efx_nic_t *enp,
__in efx_rx_hash_alg_t hash_alg,
- __inout_ecount(EFX_RX_HASH_NFLAGS) unsigned int *flagsp,
+ __out_ecount_part(max_nflags, *nflagsp) unsigned int *flagsp,
+ __in unsigned int max_nflags,
__out unsigned int *nflagsp)
{
efx_nic_cfg_t *encp = &enp->en_nic_cfg;
- boolean_t l4;
- boolean_t additional_modes;
- unsigned int *entryp = flagsp;
+ unsigned int nflags = 0;
efx_rc_t rc;
if (flagsp == NULL || nflagsp == NULL) {
@@ -313,56 +312,90 @@ efx_rx_scale_hash_flags_get(
}
if ((encp->enc_rx_scale_hash_alg_mask & (1U << hash_alg)) == 0) {
- *nflagsp = 0;
- return 0;
+ nflags = 0;
+ goto done;
}
- l4 = encp->enc_rx_scale_l4_hash_supported;
- additional_modes = encp->enc_rx_scale_additional_modes_supported;
-
-#define LIST_FLAGS(_entryp, _class, _l4_hashing, _additional_modes) \
- do { \
- if (_l4_hashing) { \
- *(_entryp++) = EFX_RX_HASH(_class, 4TUPLE); \
- \
- if (_additional_modes) { \
- *(_entryp++) = \
- EFX_RX_HASH(_class, 2TUPLE_DST); \
- *(_entryp++) = \
- EFX_RX_HASH(_class, 2TUPLE_SRC); \
- } \
- } \
- \
- *(_entryp++) = EFX_RX_HASH(_class, 2TUPLE); \
- \
- if (_additional_modes) { \
- *(_entryp++) = EFX_RX_HASH(_class, 1TUPLE_DST); \
- *(_entryp++) = EFX_RX_HASH(_class, 1TUPLE_SRC); \
- } \
- \
- *(_entryp++) = EFX_RX_HASH(_class, DISABLE); \
- \
- _NOTE(CONSTANTCONDITION) \
+ /* Helper to add flags word to flags array without buffer overflow */
+#define INSERT_FLAGS(_flags) \
+ do { \
+ if (nflags >= max_nflags) { \
+ rc = E2BIG; \
+ goto fail2; \
+ } \
+ *(flagsp + nflags) = (_flags); \
+ nflags++; \
+ \
+ _NOTE(CONSTANTCONDITION) \
} while (B_FALSE)
- LIST_FLAGS(entryp, IPV4_TCP, l4, additional_modes);
- LIST_FLAGS(entryp, IPV6_TCP, l4, additional_modes);
+ if (encp->enc_rx_scale_l4_hash_supported != B_FALSE) {
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 4TUPLE));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 4TUPLE));
+ }
+
+ if ((encp->enc_rx_scale_l4_hash_supported != B_FALSE) &&
+ (encp->enc_rx_scale_additional_modes_supported != B_FALSE)) {
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 2TUPLE_DST));
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 2TUPLE_SRC));
+
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 2TUPLE_DST));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 2TUPLE_SRC));
- if (additional_modes) {
- LIST_FLAGS(entryp, IPV4_UDP, l4, additional_modes);
- LIST_FLAGS(entryp, IPV6_UDP, l4, additional_modes);
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 4TUPLE));
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 2TUPLE_DST));
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 2TUPLE_SRC));
+
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 4TUPLE));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 2TUPLE_DST));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 2TUPLE_SRC));
+ }
+
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 2TUPLE));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 2TUPLE));
+
+ INSERT_FLAGS(EFX_RX_HASH(IPV4, 2TUPLE));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6, 2TUPLE));
+
+ if (encp->enc_rx_scale_additional_modes_supported != B_FALSE) {
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 1TUPLE_DST));
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 1TUPLE_SRC));
+
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 1TUPLE_DST));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 1TUPLE_SRC));
+
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 2TUPLE));
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 1TUPLE_DST));
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 1TUPLE_SRC));
+
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 2TUPLE));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 1TUPLE_DST));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 1TUPLE_SRC));
+
+ INSERT_FLAGS(EFX_RX_HASH(IPV4, 1TUPLE_DST));
+ INSERT_FLAGS(EFX_RX_HASH(IPV4, 1TUPLE_SRC));
+
+ INSERT_FLAGS(EFX_RX_HASH(IPV6, 1TUPLE_DST));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6, 1TUPLE_SRC));
}
- LIST_FLAGS(entryp, IPV4, B_FALSE, additional_modes);
- LIST_FLAGS(entryp, IPV6, B_FALSE, additional_modes);
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, DISABLE));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, DISABLE));
+
+ INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, DISABLE));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, DISABLE));
-#undef LIST_FLAGS
+ INSERT_FLAGS(EFX_RX_HASH(IPV4, DISABLE));
+ INSERT_FLAGS(EFX_RX_HASH(IPV6, DISABLE));
- *nflagsp = (unsigned int)(entryp - flagsp);
- EFSYS_ASSERT3U(*nflagsp, <=, EFX_RX_HASH_NFLAGS);
+#undef INSERT_FLAGS
+done:
+ *nflagsp = nflags;
return (0);
+fail2:
+ EFSYS_PROBE(fail2);
fail1:
EFSYS_PROBE1(fail1, efx_rc_t, rc);
@@ -548,7 +581,8 @@ efx_rx_scale_mode_set(
/*
* Get the list of supported hash flags and sanitise the input.
*/
- rc = efx_rx_scale_hash_flags_get(enp, alg, type_flags, &type_nflags);
+ rc = efx_rx_scale_hash_flags_get(enp, alg, type_flags,
+ EFX_ARRAY_SIZE(type_flags), &type_nflags);
if (rc != 0)
goto fail2;
diff --git a/drivers/net/sfc/sfc_rx.c b/drivers/net/sfc/sfc_rx.c
index d8503e201..68d5594ba 100644
--- a/drivers/net/sfc/sfc_rx.c
+++ b/drivers/net/sfc/sfc_rx.c
@@ -1200,7 +1200,7 @@ sfc_rx_hash_init(struct sfc_adapter *sa)
return EINVAL;
rc = efx_rx_scale_hash_flags_get(sa->nic, alg, flags_supp,
- &nb_flags_supp);
+ RTE_DIM(flags_supp), &nb_flags_supp);
if (rc != 0)
return rc;
--
2.17.1
next prev parent reply other threads:[~2018-09-10 9:33 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-10 9:32 [dpdk-dev] [PATCH 00/37] net/sfc: update base driver Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 01/37] net/sfc/base: fix PreFAST warnings because of unused return Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 02/37] net/sfc/base: fix invalid order of memset arguments Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 03/37] net/sfc/base: fix output buffer SAL annotation Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 04/37] net/sfc/base: highlight that image layout header generated Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 05/37] net/sfc/base: fix erroneous SAL annotation for input buffers Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 06/37] net/sfc/base: properly align on line continuation Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 07/37] net/sfc/base: add space after sizeof Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 08/37] net/sfc/base: fix build failure because of no declaration Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 09/37] net/sfc/base: add more definitions of partitions Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 10/37] net/sfc/base: fix outer IPID field in TSO option descriptors Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 11/37] net/sfc/base: move empty efsys definitions to EFX headers Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 12/37] net/sfc/base: add check for TUNNEL module in NIC reset API Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 13/37] net/sfc/base: refactor monitors support Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 14/37] net/sfc/base: remove probes when a Tx queue is too full Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 15/37] net/sfc/base: add generated description of sensors Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 16/37] net/sfc/base: check size of memory to read sensors data to Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 17/37] net/sfc/base: add API to retrieve sensor limits Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 18/37] net/sfc/base: add buffer editing functions to boot config Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 19/37] net/sfc/base: add accessor for default port mode Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 20/37] net/sfc/base: generalise EF10 NVRAM buffer interface Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 21/37] net/sfc/base: avoid usage of too big arrays on stack Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 22/37] net/sfc/base: add information if TSO workaround is required Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 23/37] net/sfc/base: fix out of bounds read when dereferencing sdup Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 24/37] net/sfc/base: add routine to check for hardware presence Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 25/37] net/sfc/base: add API to inform libefx of hardware removal Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 26/37] net/sfc/base: fix ID retrival in v3 licensing Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 27/37] net/sfc/base: prevent access to the NIC config before probe Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 28/37] net/sfc/base: fix name of the argument to store RSS flags Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 29/37] net/sfc/base: fix a typo in unicast filter insertion comment Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 30/37] net/sfc/base: add support to get active FEC type Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 31/37] net/sfc/base: use simpler code to check hash algorithm type Andrew Rybchenko
2018-09-10 9:33 ` Andrew Rybchenko [this message]
2018-09-10 9:33 ` [dpdk-dev] [PATCH 33/37] net/sfc/base: simplify the code to parse RSS hash type Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 34/37] net/sfc/base: improve handling of legacy RSS hash flags Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 35/37] net/sfc/base: modify phy caps to indicate FEC request Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 36/37] net/sfc/base: fix MAC Tx stats for less or equal to 64 bytes Andrew Rybchenko
2018-09-10 9:33 ` [dpdk-dev] [PATCH 37/37] net/sfc/base: add helper API to make Geneve filter spec Andrew Rybchenko
2018-09-21 10:28 ` [dpdk-dev] [PATCH 00/37] net/sfc: update base driver Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1536572016-18134-33-git-send-email-arybchenko@solarflare.com \
--to=arybchenko@solarflare.com \
--cc=Ivan.Malov@oktetlabs.ru \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).