From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 62A79A00E6 for ; Tue, 16 Apr 2019 16:38:07 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 5342D1B4E2; Tue, 16 Apr 2019 16:38:07 +0200 (CEST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id D84541B4D3 for ; Tue, 16 Apr 2019 16:38:05 +0200 (CEST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 47FA0307EA82; Tue, 16 Apr 2019 14:38:05 +0000 (UTC) Received: from rh.redhat.com (ovpn-117-214.ams2.redhat.com [10.36.117.214]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5E2641001E92; Tue, 16 Apr 2019 14:38:04 +0000 (UTC) From: Kevin Traynor To: Pavel Belous Cc: Igor Russkikh , dpdk stable Date: Tue, 16 Apr 2019 15:36:40 +0100 Message-Id: <20190416143719.21601-22-ktraynor@redhat.com> In-Reply-To: <20190416143719.21601-1-ktraynor@redhat.com> References: <20190416143719.21601-1-ktraynor@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Tue, 16 Apr 2019 14:38:05 +0000 (UTC) Subject: [dpdk-stable] patch 'net/atlantic: fix buffer overflow' has been queued to LTS release 18.11.2 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.2 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 04/24/19. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Kevin Traynor --- >From de7b992ce9c15972ff1c0c4622e339b94a118280 Mon Sep 17 00:00:00 2001 From: Pavel Belous Date: Tue, 12 Mar 2019 15:24:57 +0000 Subject: [PATCH] net/atlantic: fix buffer overflow [ upstream commit e09a7bee7772d39e57537a7564c9d58ed028ffcf ] Found by Coverity scan. This is a real memory corruption. There is no need in extra RTE_ALIGN macros since the request/result structures are 4-byte aligned by definition. Coverity issue: 323518, 323520 Fixes: ce4e8d418097 ("net/atlantic: implement EEPROM get/set") Signed-off-by: Igor Russkikh Signed-off-by: Pavel Belous --- drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c index 6841d9bce..f90ccfe9e 100644 --- a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c +++ b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c @@ -502,5 +502,5 @@ static int aq_fw2x_get_eeprom(struct aq_hw_s *self, u32 *data, u32 len) err = hw_atl_utils_fw_upload_dwords(self, self->rpc_addr, (u32 *)(void *)&request, - RTE_ALIGN(sizeof(request), sizeof(u32))); + sizeof(request) / sizeof(u32)); if (err < 0) @@ -524,5 +524,5 @@ static int aq_fw2x_get_eeprom(struct aq_hw_s *self, u32 *data, u32 len) err = hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32), &result, - RTE_ALIGN(sizeof(result), sizeof(u32))); + sizeof(result) / sizeof(u32)); if (err < 0) @@ -559,5 +559,5 @@ static int aq_fw2x_set_eeprom(struct aq_hw_s *self, u32 *data, u32 len) err = hw_atl_utils_fw_upload_dwords(self, self->rpc_addr, (u32 *)(void *)&request, - RTE_ALIGN(sizeof(request), sizeof(u32))); + sizeof(request) / sizeof(u32)); if (err < 0) @@ -590,5 +590,5 @@ static int aq_fw2x_set_eeprom(struct aq_hw_s *self, u32 *data, u32 len) err = hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32), &result, - RTE_ALIGN(sizeof(result), sizeof(u32))); + sizeof(result) / sizeof(u32)); if (err < 0) -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2019-04-16 15:34:26.197776863 +0100 +++ 0022-net-atlantic-fix-buffer-overflow.patch 2019-04-16 15:34:25.166180260 +0100 @@ -1,15 +1,16 @@ -From e09a7bee7772d39e57537a7564c9d58ed028ffcf Mon Sep 17 00:00:00 2001 +From de7b992ce9c15972ff1c0c4622e339b94a118280 Mon Sep 17 00:00:00 2001 From: Pavel Belous Date: Tue, 12 Mar 2019 15:24:57 +0000 Subject: [PATCH] net/atlantic: fix buffer overflow +[ upstream commit e09a7bee7772d39e57537a7564c9d58ed028ffcf ] + Found by Coverity scan. This is a real memory corruption. There is no need in extra RTE_ALIGN macros since the request/result structures are 4-byte aligned by definition. Coverity issue: 323518, 323520 Fixes: ce4e8d418097 ("net/atlantic: implement EEPROM get/set") -Cc: stable@dpdk.org Signed-off-by: Igor Russkikh Signed-off-by: Pavel Belous