From: Ajit Khaparde <ajit.khaparde@broadcom.com>
To: dev@dpdk.org
Cc: Kishore Padmanabha <kishore.padmanabha@broadcom.com>,
Shahaji Bhosle <sbhosle@broadcom.com>,
Mike Baucom <michael.baucom@broadcom.com>
Subject: [dpdk-dev] [PATCH v2 20/25] net/bnxt: fix out of bound access in bit handling
Date: Tue, 15 Sep 2020 21:28:46 -0700 [thread overview]
Message-ID: <20200916042851.32914-21-ajit.khaparde@broadcom.com> (raw)
In-Reply-To: <20200916042851.32914-1-ajit.khaparde@broadcom.com>
From: Kishore Padmanabha <kishore.padmanabha@broadcom.com>
Fix out of bounds access in action bit handling.
The act_val is changed to be array to resolve out of bound access issue.
Fixes: 52799debdf1c ("net/bnxt: support action bitmap opcode")
Signed-off-by: Kishore Padmanabha <kishore.padmanabha@broadcom.com>
Reviewed-by: Shahaji Bhosle <sbhosle@broadcom.com>
Reviewed-by: Mike Baucom <michael.baucom@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
---
drivers/net/bnxt/tf_ulp/ulp_mapper.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/net/bnxt/tf_ulp/ulp_mapper.c b/drivers/net/bnxt/tf_ulp/ulp_mapper.c
index 15682673d..732141166 100644
--- a/drivers/net/bnxt/tf_ulp/ulp_mapper.c
+++ b/drivers/net/bnxt/tf_ulp/ulp_mapper.c
@@ -782,7 +782,7 @@ ulp_mapper_result_field_process(struct bnxt_ulp_mapper_parms *parms,
uint64_t regval;
uint32_t val_size = 0, field_size = 0;
uint64_t act_bit;
- uint8_t act_val;
+ uint8_t act_val[16];
uint64_t hdr_bit;
switch (fld->result_opcode) {
@@ -824,19 +824,18 @@ ulp_mapper_result_field_process(struct bnxt_ulp_mapper_parms *parms,
return -EINVAL;
}
act_bit = tfp_be_to_cpu_64(act_bit);
+ memset(act_val, 0, sizeof(act_val));
if (ULP_BITMAP_ISSET(parms->act_bitmap->bits, act_bit))
- act_val = 1;
- else
- act_val = 0;
+ act_val[0] = 1;
if (fld->field_bit_size > ULP_BYTE_2_BITS(sizeof(act_val))) {
BNXT_TF_DBG(ERR, "%s field size is incorrect\n", name);
return -EINVAL;
}
- if (!ulp_blob_push(blob, &act_val, fld->field_bit_size)) {
+ if (!ulp_blob_push(blob, act_val, fld->field_bit_size)) {
BNXT_TF_DBG(ERR, "%s push field failed\n", name);
return -EINVAL;
}
- val = &act_val;
+ val = act_val;
break;
case BNXT_ULP_MAPPER_OPC_SET_TO_ENCAP_ACT_PROP_SZ:
if (!ulp_operand_read(fld->result_operand,
--
2.21.1 (Apple Git-122.3)
next prev parent reply other threads:[~2020-09-16 4:32 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-11 1:55 [dpdk-dev] [PATCH 00/25] patchset for bnxt Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 01/25] net/bnxt: fix port stop process and cleanup resources Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 02/25] net/bnxt: fix the drop action flow to support count action Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 03/25] net/bnxt: reject offload flows with invalid MAC address Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 04/25] net/bnxt: reduce debug log messages Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 05/25] net/bnxt: fix to break the ipv4 and ipv6 ingress rule Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 06/25] net/bnxt: free the em index on failure Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 07/25] net/bnxt: add a null ptr check for the resource manager Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 08/25] net/bnxt: change default flow rule to use 8B encap Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 09/25] net/bnxt: fix the function id used in the flow flush Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 10/25] net/bnxt: vfr port clean up during port stop Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 11/25] net/bnxt: fix crash in VF rep queue selection Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 12/25] net/bnxt: fix to conditionally rollback added VF-rep ports Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 13/25] net/bnxt: update resource allocation settings Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 14/25] net/bnxt: move IF tbl from tunneled to direct HWRM msg Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 15/25] net/bnxt: remove VLAN pop action for egress flows Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 16/25] net/bnxt: increase counter support from 8K to 16K Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 17/25] net/bnxt: fix to explicitly check and set for start cntr ID Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 18/25] net/bnxt: enable support for VXLAN ipv6 encapsulation Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 19/25] net/bnxt: enable support for nat action with tagged traffic Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 20/25] net/bnxt: fix out of bound access in action bit handling Ajit Khaparde
2020-09-11 1:55 ` [dpdk-dev] [PATCH 21/25] net/bnxt: provide switch info while VF-Reps are configured Ajit Khaparde
2020-09-11 1:56 ` [dpdk-dev] [PATCH 22/25] net/bnxt: fix bugs in representor data path Ajit Khaparde
2020-09-11 1:56 ` [dpdk-dev] [PATCH 23/25] net/bnxt: add support for locks in flow database Ajit Khaparde
2020-09-11 1:56 ` [dpdk-dev] [PATCH 24/25] net/bnxt: fix to check for vnic ptr in bnxt shutdown path Ajit Khaparde
2020-09-11 1:56 ` [dpdk-dev] [PATCH 25/25] net/bnxt: fix to have a separate mutex for FW health check Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 00/25] patchset for bnxt Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 01/25] net/bnxt: fix resource cleanup in port stop Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 02/25] net/bnxt: fix the drop action flow to support count Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 03/25] net/bnxt: reject flow offload with invalid MAC Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 04/25] net/bnxt: reduce debug log messages Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 05/25] net/bnxt: fix coexistence of ipv4 and ipv6 ingress rules Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 06/25] net/bnxt: free the EM index on failure Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 07/25] net/bnxt: add null pointer check for resource manager Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 08/25] net/bnxt: modify default flow rule creation Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 09/25] net/bnxt: fix the function id used in flow flush Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 10/25] net/bnxt: refactor VFR port clean up Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 11/25] net/bnxt: fix crash in VFR queue select Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 12/25] net/bnxt: fix VFR cleanup during init failure Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 13/25] net/bnxt: update resource settings Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 14/25] net/bnxt: use direct HWRM message for interface table Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 15/25] net/bnxt: remove VLAN pop action for egress flows Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 16/25] net/bnxt: increase counter support from 8K to 16K Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 17/25] net/bnxt: check and set initial counter ID Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 18/25] net/bnxt: enable VXLAN ipv6 encapsulation Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 19/25] net/bnxt: enable NAT action with tagged traffic Ajit Khaparde
2020-09-16 4:28 ` Ajit Khaparde [this message]
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 21/25] net/bnxt: provide switch info if VFR are configured Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 22/25] net/bnxt: fix bugs in representor data path Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 23/25] net/bnxt: add locks in flow database Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 24/25] net/bnxt: fix to check VNIC in shutdown path Ajit Khaparde
2020-09-16 4:28 ` [dpdk-dev] [PATCH v2 25/25] net/bnxt: add separate mutex for FW health check Ajit Khaparde
2020-09-16 16:21 ` [dpdk-dev] [PATCH v2 00/25] patchset for bnxt Ajit Khaparde
2020-09-16 23:57 ` Ferruh Yigit
2020-09-17 0:13 ` Ajit Khaparde
2020-09-17 7:39 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200916042851.32914-21-ajit.khaparde@broadcom.com \
--to=ajit.khaparde@broadcom.com \
--cc=dev@dpdk.org \
--cc=kishore.padmanabha@broadcom.com \
--cc=michael.baucom@broadcom.com \
--cc=sbhosle@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).