From: Ivan Malov <ivan.malov@oktetlabs.ru>
To: dev@dpdk.org
Cc: Andy Moreton <amoreton@xilinx.com>,
stable@dpdk.org, Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>,
Ferruh Yigit <ferruh.yigit@intel.com>
Subject: [dpdk-dev] [PATCH 2/2] common/sfc_efx/base: add missing MCDI response length checks
Date: Tue, 18 May 2021 18:10:12 +0300 [thread overview]
Message-ID: <20210518151012.14277-2-ivan.malov@oktetlabs.ru> (raw)
In-Reply-To: <20210518151012.14277-1-ivan.malov@oktetlabs.ru>
From: Andy Moreton <amoreton@xilinx.com>
Fixes: 6f619653b9b1 ("net/sfc/base: import MCDI implementation")
Fixes: e7cd430c864f ("net/sfc/base: import SFN7xxx family support")
Fixes: 94190e3543bf ("net/sfc/base: import SFN8xxx family support")
Fixes: 34285fd0891d ("common/sfc_efx/base: add match spec validate API")
Fixes: e61baa82e64b ("common/sfc_efx/base: add MAE action set provisioning APIs")
Fixes: b4fac34715f2 ("common/sfc_efx/base: add MAE action rule provisioning APIs")
Fixes: ed15d7f8e064 ("common/sfc_efx/base: validate and compare outer match specs")
Fixes: 7a673e1a4a05 ("common/sfc_efx/base: support outer rule provisioning")
Cc: stable@dpdk.org
Signed-off-by: Andy Moreton <amoreton@xilinx.com>
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
---
drivers/common/sfc_efx/base/ef10_filter.c | 11 ++++-
drivers/common/sfc_efx/base/ef10_nic.c | 10 ++++-
drivers/common/sfc_efx/base/efx_mae.c | 52 +++++++++++++++++++----
drivers/common/sfc_efx/base/efx_mcdi.c | 7 +++
4 files changed, 69 insertions(+), 11 deletions(-)
diff --git a/drivers/common/sfc_efx/base/ef10_filter.c b/drivers/common/sfc_efx/base/ef10_filter.c
index 0c99d4b74..ac6006c9b 100644
--- a/drivers/common/sfc_efx/base/ef10_filter.c
+++ b/drivers/common/sfc_efx/base/ef10_filter.c
@@ -1225,20 +1225,25 @@ efx_mcdi_get_parser_disp_info(
goto fail1;
}
+ if (req.emr_out_length_used < MC_CMD_GET_PARSER_DISP_INFO_OUT_LENMIN) {
+ rc = EMSGSIZE;
+ goto fail2;
+ }
+
matches_count = MCDI_OUT_DWORD(req,
GET_PARSER_DISP_INFO_OUT_NUM_SUPPORTED_MATCHES);
if (req.emr_out_length_used <
MC_CMD_GET_PARSER_DISP_INFO_OUT_LEN(matches_count)) {
rc = EMSGSIZE;
- goto fail2;
+ goto fail3;
}
*list_lengthp = matches_count;
if (buffer_length < matches_count) {
rc = ENOSPC;
- goto fail3;
+ goto fail4;
}
/*
@@ -1258,6 +1263,8 @@ efx_mcdi_get_parser_disp_info(
return (0);
+fail4:
+ EFSYS_PROBE(fail4);
fail3:
EFSYS_PROBE(fail3);
fail2:
diff --git a/drivers/common/sfc_efx/base/ef10_nic.c b/drivers/common/sfc_efx/base/ef10_nic.c
index 531365e42..eda0ad306 100644
--- a/drivers/common/sfc_efx/base/ef10_nic.c
+++ b/drivers/common/sfc_efx/base/ef10_nic.c
@@ -491,11 +491,17 @@ efx_mcdi_get_rxdp_config(
req.emr_out_length = MC_CMD_GET_RXDP_CONFIG_OUT_LEN;
efx_mcdi_execute(enp, &req);
+
if (req.emr_rc != 0) {
rc = req.emr_rc;
goto fail1;
}
+ if (req.emr_out_length_used < MC_CMD_GET_RXDP_CONFIG_OUT_LEN) {
+ rc = EMSGSIZE;
+ goto fail2;
+ }
+
if (MCDI_OUT_DWORD_FIELD(req, GET_RXDP_CONFIG_OUT_DATA,
GET_RXDP_CONFIG_OUT_PAD_HOST_DMA) == 0) {
/* RX DMA end padding is disabled */
@@ -514,7 +520,7 @@ efx_mcdi_get_rxdp_config(
break;
default:
rc = ENOTSUP;
- goto fail2;
+ goto fail3;
}
}
@@ -522,6 +528,8 @@ efx_mcdi_get_rxdp_config(
return (0);
+fail3:
+ EFSYS_PROBE(fail3);
fail2:
EFSYS_PROBE(fail2);
fail1:
diff --git a/drivers/common/sfc_efx/base/efx_mae.c b/drivers/common/sfc_efx/base/efx_mae.c
index 80fe155d0..c1784211e 100644
--- a/drivers/common/sfc_efx/base/efx_mae.c
+++ b/drivers/common/sfc_efx/base/efx_mae.c
@@ -109,17 +109,22 @@ efx_mae_get_outer_rule_caps(
goto fail2;
}
+ if (req.emr_out_length_used < MC_CMD_MAE_GET_OR_CAPS_OUT_LENMIN) {
+ rc = EMSGSIZE;
+ goto fail3;
+ }
+
mcdi_field_ncaps = MCDI_OUT_DWORD(req, MAE_GET_OR_CAPS_OUT_COUNT);
if (req.emr_out_length_used <
MC_CMD_MAE_GET_OR_CAPS_OUT_LEN(mcdi_field_ncaps)) {
rc = EMSGSIZE;
- goto fail3;
+ goto fail4;
}
if (mcdi_field_ncaps > field_ncaps) {
rc = EMSGSIZE;
- goto fail4;
+ goto fail5;
}
for (i = 0; i < mcdi_field_ncaps; ++i) {
@@ -147,6 +152,8 @@ efx_mae_get_outer_rule_caps(
return (0);
+fail5:
+ EFSYS_PROBE(fail5);
fail4:
EFSYS_PROBE(fail4);
fail3:
@@ -191,17 +198,22 @@ efx_mae_get_action_rule_caps(
goto fail2;
}
- mcdi_field_ncaps = MCDI_OUT_DWORD(req, MAE_GET_OR_CAPS_OUT_COUNT);
+ if (req.emr_out_length_used < MC_CMD_MAE_GET_AR_CAPS_OUT_LENMIN) {
+ rc = EMSGSIZE;
+ goto fail3;
+ }
+
+ mcdi_field_ncaps = MCDI_OUT_DWORD(req, MAE_GET_AR_CAPS_OUT_COUNT);
if (req.emr_out_length_used <
MC_CMD_MAE_GET_AR_CAPS_OUT_LEN(mcdi_field_ncaps)) {
rc = EMSGSIZE;
- goto fail3;
+ goto fail4;
}
if (mcdi_field_ncaps > field_ncaps) {
rc = EMSGSIZE;
- goto fail4;
+ goto fail5;
}
for (i = 0; i < mcdi_field_ncaps; ++i) {
@@ -229,6 +241,8 @@ efx_mae_get_action_rule_caps(
return (0);
+fail5:
+ EFSYS_PROBE(fail5);
fail4:
EFSYS_PROBE(fail4);
fail3:
@@ -1773,15 +1787,22 @@ efx_mae_outer_rule_remove(
goto fail2;
}
+ if (req.emr_out_length_used < MC_CMD_MAE_OUTER_RULE_REMOVE_OUT_LENMIN) {
+ rc = EMSGSIZE;
+ goto fail3;
+ }
+
if (MCDI_OUT_DWORD(req, MAE_OUTER_RULE_REMOVE_OUT_REMOVED_OR_ID) !=
or_idp->id) {
/* Firmware failed to remove the outer rule. */
rc = EAGAIN;
- goto fail3;
+ goto fail4;
}
return (0);
+fail4:
+ EFSYS_PROBE(fail4);
fail3:
EFSYS_PROBE(fail3);
fail2:
@@ -2176,15 +2197,22 @@ efx_mae_action_set_free(
goto fail2;
}
+ if (req.emr_out_length_used < MC_CMD_MAE_ACTION_SET_FREE_OUT_LENMIN) {
+ rc = EMSGSIZE;
+ goto fail3;
+ }
+
if (MCDI_OUT_DWORD(req, MAE_ACTION_SET_FREE_OUT_FREED_AS_ID) !=
aset_idp->id) {
/* Firmware failed to free the action set. */
rc = EAGAIN;
- goto fail3;
+ goto fail4;
}
return (0);
+fail4:
+ EFSYS_PROBE(fail4);
fail3:
EFSYS_PROBE(fail3);
fail2:
@@ -2326,15 +2354,23 @@ efx_mae_action_rule_remove(
goto fail2;
}
+ if (req.emr_out_length_used <
+ MC_CMD_MAE_ACTION_RULE_DELETE_OUT_LENMIN) {
+ rc = EMSGSIZE;
+ goto fail3;
+ }
+
if (MCDI_OUT_DWORD(req, MAE_ACTION_RULE_DELETE_OUT_DELETED_AR_ID) !=
ar_idp->id) {
/* Firmware failed to delete the action rule. */
rc = EAGAIN;
- goto fail3;
+ goto fail4;
}
return (0);
+fail4:
+ EFSYS_PROBE(fail4);
fail3:
EFSYS_PROBE(fail3);
fail2:
diff --git a/drivers/common/sfc_efx/base/efx_mcdi.c b/drivers/common/sfc_efx/base/efx_mcdi.c
index f4e1384d0..f226ffd92 100644
--- a/drivers/common/sfc_efx/base/efx_mcdi.c
+++ b/drivers/common/sfc_efx/base/efx_mcdi.c
@@ -2294,6 +2294,11 @@ efx_mcdi_get_workarounds(
goto fail1;
}
+ if (req.emr_out_length_used < MC_CMD_GET_WORKAROUNDS_OUT_LEN) {
+ rc = EMSGSIZE;
+ goto fail2;
+ }
+
if (implementedp != NULL) {
*implementedp =
MCDI_OUT_DWORD(req, GET_WORKAROUNDS_OUT_IMPLEMENTED);
@@ -2305,6 +2310,8 @@ efx_mcdi_get_workarounds(
return (0);
+fail2:
+ EFSYS_PROBE(fail2);
fail1:
EFSYS_PROBE1(fail1, efx_rc_t, rc);
--
2.20.1
next prev parent reply other threads:[~2021-05-18 15:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-18 15:10 [dpdk-dev] [PATCH 1/2] common/sfc_efx/base: limit reported MCDI response length Ivan Malov
2021-05-18 15:10 ` Ivan Malov [this message]
2021-05-18 16:41 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210518151012.14277-2-ivan.malov@oktetlabs.ru \
--to=ivan.malov@oktetlabs.ru \
--cc=amoreton@xilinx.com \
--cc=andrew.rybchenko@oktetlabs.ru \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).