From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129]) by dpdk.org (Postfix) with ESMTP id B6FB61B512 for ; Fri, 30 Nov 2018 00:13:10 +0100 (CET) Received: from Internal Mail-Server by MTLPINE1 (envelope-from yskoh@mellanox.com) with ESMTPS (AES256-SHA encrypted); 30 Nov 2018 01:18:59 +0200 Received: from scfae-sc-2.mti.labs.mlnx (scfae-sc-2.mti.labs.mlnx [10.101.0.96]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id wATNCW7J032075; Fri, 30 Nov 2018 01:13:04 +0200 From: Yongseok Koh To: Martin Harvey Cc: Andrew Rybchenko , dpdk stable Date: Thu, 29 Nov 2018 15:10:13 -0800 Message-Id: <20181129231202.30436-19-yskoh@mellanox.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181129231202.30436-1-yskoh@mellanox.com> References: <20181129231202.30436-1-yskoh@mellanox.com> Subject: [dpdk-stable] patch 'net/sfc/base: avoid usage of too big arrays on stack' has been queued to LTS release 17.11.5 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Nov 2018 23:13:11 -0000 Hi, FYI, your patch has been queued to LTS release 17.11.5 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 12/01/18. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. If the code is different (ie: not only metadata diffs), due for example to a change in context or macro names, please double check it. Thanks. Yongseok --- >>From 3528d952ba9f0d80e5d24942e543b2cea6f34595 Mon Sep 17 00:00:00 2001 From: Martin Harvey Date: Mon, 10 Sep 2018 10:33:20 +0100 Subject: [PATCH] net/sfc/base: avoid usage of too big arrays on stack [ upstream commit da8692388e7f2cc575b53b2cc76f72f459fd9ca5 ] Found by PreFAST static analysis. Fixes: 1dae25112a54 ("net/sfc/base: import built-in selftest") Fixes: d96a34d165b1 ("net/sfc/base: import NVRAM support") Signed-off-by: Martin Harvey Signed-off-by: Andrew Rybchenko --- drivers/net/sfc/base/ef10_phy.c | 18 +++++++++++++++--- drivers/net/sfc/base/efx_nvram.c | 27 ++++++++++++++++++--------- 2 files changed, 33 insertions(+), 12 deletions(-) diff --git a/drivers/net/sfc/base/ef10_phy.c b/drivers/net/sfc/base/ef10_phy.c index 81309f291..5926c2ef6 100644 --- a/drivers/net/sfc/base/ef10_phy.c +++ b/drivers/net/sfc/base/ef10_phy.c @@ -523,14 +523,26 @@ ef10_bist_poll( unsigned long *valuesp, __in size_t count) { + /* + * MCDI_CTL_SDU_LEN_MAX_V1 is large enough cover all BIST results, + * whilst not wasting stack. + */ + uint8_t payload[MAX(MC_CMD_POLL_BIST_IN_LEN, MCDI_CTL_SDU_LEN_MAX_V1)]; efx_nic_cfg_t *encp = &(enp->en_nic_cfg); efx_mcdi_req_t req; - uint8_t payload[MAX(MC_CMD_POLL_BIST_IN_LEN, - MCDI_CTL_SDU_LEN_MAX)]; uint32_t value_mask = 0; uint32_t result; efx_rc_t rc; + EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_LEN <= + MCDI_CTL_SDU_LEN_MAX_V1); + EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_SFT9001_LEN <= + MCDI_CTL_SDU_LEN_MAX_V1); + EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_MRSFP_LEN <= + MCDI_CTL_SDU_LEN_MAX_V1); + EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_MEM_LEN <= + MCDI_CTL_SDU_LEN_MAX_V1); + _NOTE(ARGUNUSED(type)) (void) memset(payload, 0, sizeof (payload)); @@ -538,7 +550,7 @@ ef10_bist_poll( req.emr_in_buf = payload; req.emr_in_length = MC_CMD_POLL_BIST_IN_LEN; req.emr_out_buf = payload; - req.emr_out_length = MCDI_CTL_SDU_LEN_MAX; + req.emr_out_length = MCDI_CTL_SDU_LEN_MAX_V1; efx_mcdi_execute(enp, &req); diff --git a/drivers/net/sfc/base/efx_nvram.c b/drivers/net/sfc/base/efx_nvram.c index 7ea307b6d..63e8b15f6 100644 --- a/drivers/net/sfc/base/efx_nvram.c +++ b/drivers/net/sfc/base/efx_nvram.c @@ -858,23 +858,27 @@ efx_mcdi_nvram_write( __in size_t size) { efx_mcdi_req_t req; - uint8_t payload[MAX(MCDI_CTL_SDU_LEN_MAX_V1, - MCDI_CTL_SDU_LEN_MAX_V2)]; + uint8_t *payload; efx_rc_t rc; size_t max_data_size; + size_t payload_len = enp->en_nic_cfg.enc_mcdi_max_payload_length; - max_data_size = enp->en_nic_cfg.enc_mcdi_max_payload_length - - MC_CMD_NVRAM_WRITE_IN_LEN(0); - EFSYS_ASSERT3U(enp->en_nic_cfg.enc_mcdi_max_payload_length, >, 0); - EFSYS_ASSERT3U(max_data_size, <, - enp->en_nic_cfg.enc_mcdi_max_payload_length); + max_data_size = payload_len - MC_CMD_NVRAM_WRITE_IN_LEN(0); + EFSYS_ASSERT3U(payload_len, >, 0); + EFSYS_ASSERT3U(max_data_size, <, payload_len); if (size > max_data_size) { rc = EINVAL; goto fail1; } - (void) memset(payload, 0, sizeof (payload)); + EFSYS_KMEM_ALLOC(enp->en_esip, payload_len, payload); + if (payload == NULL) { + rc = ENOMEM; + goto fail2; + } + + (void) memset(payload, 0, payload_len); req.emr_cmd = MC_CMD_NVRAM_WRITE; req.emr_in_buf = payload; req.emr_in_length = MC_CMD_NVRAM_WRITE_IN_LEN(size); @@ -892,11 +896,16 @@ efx_mcdi_nvram_write( if (req.emr_rc != 0) { rc = req.emr_rc; - goto fail2; + goto fail3; } + EFSYS_KMEM_FREE(enp->en_esip, payload_len, payload); + return (0); +fail3: + EFSYS_PROBE(fail3); + EFSYS_KMEM_FREE(enp->en_esip, payload_len, payload); fail2: EFSYS_PROBE(fail2); fail1: -- 2.11.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2018-11-29 15:01:46.126278103 -0800 +++ 0019-net-sfc-base-avoid-usage-of-too-big-arrays-on-stack.patch 2018-11-29 15:01:45.002960000 -0800 @@ -1,13 +1,14 @@ -From da8692388e7f2cc575b53b2cc76f72f459fd9ca5 Mon Sep 17 00:00:00 2001 +From 3528d952ba9f0d80e5d24942e543b2cea6f34595 Mon Sep 17 00:00:00 2001 From: Martin Harvey Date: Mon, 10 Sep 2018 10:33:20 +0100 Subject: [PATCH] net/sfc/base: avoid usage of too big arrays on stack +[ upstream commit da8692388e7f2cc575b53b2cc76f72f459fd9ca5 ] + Found by PreFAST static analysis. Fixes: 1dae25112a54 ("net/sfc/base: import built-in selftest") Fixes: d96a34d165b1 ("net/sfc/base: import NVRAM support") -Cc: stable@dpdk.org Signed-off-by: Martin Harvey Signed-off-by: Andrew Rybchenko @@ -17,10 +18,10 @@ 2 files changed, 33 insertions(+), 12 deletions(-) diff --git a/drivers/net/sfc/base/ef10_phy.c b/drivers/net/sfc/base/ef10_phy.c -index 84acb70a1..e9c7b40e4 100644 +index 81309f291..5926c2ef6 100644 --- a/drivers/net/sfc/base/ef10_phy.c +++ b/drivers/net/sfc/base/ef10_phy.c -@@ -583,14 +583,26 @@ ef10_bist_poll( +@@ -523,14 +523,26 @@ ef10_bist_poll( unsigned long *valuesp, __in size_t count) { @@ -49,7 +50,7 @@ _NOTE(ARGUNUSED(type)) (void) memset(payload, 0, sizeof (payload)); -@@ -598,7 +610,7 @@ ef10_bist_poll( +@@ -538,7 +550,7 @@ ef10_bist_poll( req.emr_in_buf = payload; req.emr_in_length = MC_CMD_POLL_BIST_IN_LEN; req.emr_out_buf = payload; @@ -59,10 +60,10 @@ efx_mcdi_execute(enp, &req); diff --git a/drivers/net/sfc/base/efx_nvram.c b/drivers/net/sfc/base/efx_nvram.c -index 9000fe886..d7b1a6778 100644 +index 7ea307b6d..63e8b15f6 100644 --- a/drivers/net/sfc/base/efx_nvram.c +++ b/drivers/net/sfc/base/efx_nvram.c -@@ -869,23 +869,27 @@ efx_mcdi_nvram_write( +@@ -858,23 +858,27 @@ efx_mcdi_nvram_write( __in size_t size) { efx_mcdi_req_t req; @@ -98,7 +99,7 @@ req.emr_cmd = MC_CMD_NVRAM_WRITE; req.emr_in_buf = payload; req.emr_in_length = MC_CMD_NVRAM_WRITE_IN_LEN(size); -@@ -903,11 +907,16 @@ efx_mcdi_nvram_write( +@@ -892,11 +896,16 @@ efx_mcdi_nvram_write( if (req.emr_rc != 0) { rc = req.emr_rc;