From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 72887A04F3 for ; Thu, 19 Dec 2019 15:37:34 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 67EC91BF92; Thu, 19 Dec 2019 15:37:34 +0100 (CET) Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by dpdk.org (Postfix) with ESMTP id EF4621BF7D for ; Thu, 19 Dec 2019 15:37:32 +0100 (CET) Received: by mail-wm1-f68.google.com with SMTP id 20so5737713wmj.4 for ; Thu, 19 Dec 2019 06:37:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7qJPjAAZE9IZ+4j5rhmmvhGJc7OyBvtXDUEH2BqMV5c=; b=pbbe8+Lz5HrlFqEJ1/v65ZGOKzH9DXfmXOE233TXSx3QQHdfurpvJnWEVLcZQ+7Y6M +OrwxDoS56e1MgrLBvu1n1Yoz3N0eBVafRuET6iLSV31ZsNb7jrhy8kQjyO4s4L1azX4 lpQ7diQUmqCBChJPlAZvHlb4mjG18kwThHarRw/JWkHcpaD/90Cojdrhxoi1NMJq1bfo AgVuAvYkqnc4KAijVAhFtOu3EJ0FbWAzI0Com+dQv8i95x5xxOwEN0+DyAyGQmtPqQ/c HKUEcxLaxWnKKMPn1QTcnDbk3JzfZX0ascXR1Y6crrN6B6Gnb2vzOMcy9Yn8KQdVcQs7 4bPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7qJPjAAZE9IZ+4j5rhmmvhGJc7OyBvtXDUEH2BqMV5c=; b=aeVYF+LFEGbTxPRratRU2qNhActHROe6MrhvCZOiWCbIeF9HejPK6lJ+EHMJFMvwqP 2Q5YvMK8j+iYCTLp/sTJ4q8ZZZUwP99jjFtJZ+ZNDEsjTo6UmtbJCUJeg9cc3IMsv+cF H6s7qPvb0IFqRd3l17puN/8rEfTpjYwbduMUdb6rh4BkOl8hfbN15mlxdNUbrYNKhWMk j6SW0hOuXJ3/M+wP5i5yjmQGtPqEBBUFHdnBzfd/FoFybeRIx/4vvmCnYQrjDtEK5t33 JhhRSH6PFhEoD1Onjw/U5qMk3sP8CLkwe29COTkGytGk6yBDHSIwmwPUHQ1CX77Jk7H6 ya+A== X-Gm-Message-State: APjAAAWj3vtxcHTMOtBKFRiP56ndERfNlY40K2skdHKnZf14Ld/bN1Pv YHnownlu7u/975frNiS21jBgNT+cO90= X-Google-Smtp-Source: APXvYqwAQDMC32rIhuwVbk3AEUK+Rfqq8FWtr23wTdxKwo20qAJ+iur11tokYfspRqGTHiGT0mrFTw== X-Received: by 2002:a1c:b456:: with SMTP id d83mr10179467wmf.172.1576766252576; Thu, 19 Dec 2019 06:37:32 -0800 (PST) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id u13sm6336365wmd.36.2019.12.19.06.37.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Dec 2019 06:37:32 -0800 (PST) From: luca.boccassi@gmail.com To: Kalesh AP Cc: Somnath Kotur , Ajit Khaparde , dpdk stable Date: Thu, 19 Dec 2019 14:33:33 +0000 Message-Id: <20191219143447.21506-66-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191219143447.21506-1-luca.boccassi@gmail.com> References: <20191219143447.21506-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'net/bnxt: fix dereference before null check' has been queued to LTS release 17.11.10 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 17.11.10 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 12/21/19. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Luca Boccassi --- >From c7b19550a9910153efcae7cc0e25dde6fca1cd0d Mon Sep 17 00:00:00 2001 From: Kalesh AP Date: Wed, 9 Oct 2019 14:16:17 +0530 Subject: [PATCH] net/bnxt: fix dereference before null check [ upstream commit 5e592e8d4091da4ad1faadd9c3719bd4c245cca4 ] This patch fixes potential null pointer access in bnxt_alloc_ag_data(). Fix to return an error if null check is true. Fixes: daef48efe5e5 ("net/bnxt: support set MTU") Signed-off-by: Kalesh AP Reviewed-by: Somnath Kotur Reviewed-by: Ajit Khaparde --- drivers/net/bnxt/bnxt_rxr.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/drivers/net/bnxt/bnxt_rxr.c b/drivers/net/bnxt/bnxt_rxr.c index 95bba9d58f..6f916753cb 100644 --- a/drivers/net/bnxt/bnxt_rxr.c +++ b/drivers/net/bnxt/bnxt_rxr.c @@ -87,17 +87,21 @@ static inline int bnxt_alloc_ag_data(struct bnxt_rx_queue *rxq, struct bnxt_sw_rx_bd *rx_buf = &rxr->ag_buf_ring[prod]; struct rte_mbuf *data; - data = __bnxt_alloc_rx_data(rxq->mb_pool); - if (!data) { - rte_atomic64_inc(&rxq->bp->rx_mbuf_alloc_fail); - return -ENOMEM; - } - - if (rxbd == NULL) + if (rxbd == NULL) { RTE_LOG(ERR, PMD, "Jumbo Frame. rxbd is NULL\n"); - if (rx_buf == NULL) + return -EINVAL; + } + + if (rx_buf == NULL) { RTE_LOG(ERR, PMD, "Jumbo Frame. rx_buf is NULL\n"); + return -EINVAL; + } + data = __bnxt_alloc_rx_data(rxq->mb_pool); + if (!data) { + rte_atomic64_inc(&rxq->bp->rx_mbuf_alloc_fail); + return -ENOMEM; + } rx_buf->mbuf = data; -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2019-12-19 14:32:28.949479725 +0000 +++ 0066-net-bnxt-fix-dereference-before-null-check.patch 2019-12-19 14:32:26.145298619 +0000 @@ -1,13 +1,14 @@ -From 5e592e8d4091da4ad1faadd9c3719bd4c245cca4 Mon Sep 17 00:00:00 2001 +From c7b19550a9910153efcae7cc0e25dde6fca1cd0d Mon Sep 17 00:00:00 2001 From: Kalesh AP Date: Wed, 9 Oct 2019 14:16:17 +0530 Subject: [PATCH] net/bnxt: fix dereference before null check +[ upstream commit 5e592e8d4091da4ad1faadd9c3719bd4c245cca4 ] + This patch fixes potential null pointer access in bnxt_alloc_ag_data(). Fix to return an error if null check is true. Fixes: daef48efe5e5 ("net/bnxt: support set MTU") -Cc: stable@dpdk.org Signed-off-by: Kalesh AP Reviewed-by: Somnath Kotur @@ -17,39 +18,39 @@ 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/drivers/net/bnxt/bnxt_rxr.c b/drivers/net/bnxt/bnxt_rxr.c -index f0f9b020b1..03dae571b6 100644 +index 95bba9d58f..6f916753cb 100644 --- a/drivers/net/bnxt/bnxt_rxr.c +++ b/drivers/net/bnxt/bnxt_rxr.c -@@ -63,17 +63,21 @@ static inline int bnxt_alloc_ag_data(struct bnxt_rx_queue *rxq, +@@ -87,17 +87,21 @@ static inline int bnxt_alloc_ag_data(struct bnxt_rx_queue *rxq, struct bnxt_sw_rx_bd *rx_buf = &rxr->ag_buf_ring[prod]; - struct rte_mbuf *mbuf; + struct rte_mbuf *data; -- mbuf = __bnxt_alloc_rx_data(rxq->mb_pool); -- if (!mbuf) { -- rte_atomic64_inc(&rxq->rx_mbuf_alloc_fail); +- data = __bnxt_alloc_rx_data(rxq->mb_pool); +- if (!data) { +- rte_atomic64_inc(&rxq->bp->rx_mbuf_alloc_fail); - return -ENOMEM; - } - - if (rxbd == NULL) + if (rxbd == NULL) { - PMD_DRV_LOG(ERR, "Jumbo Frame. rxbd is NULL\n"); + RTE_LOG(ERR, PMD, "Jumbo Frame. rxbd is NULL\n"); - if (rx_buf == NULL) + return -EINVAL; + } + + if (rx_buf == NULL) { - PMD_DRV_LOG(ERR, "Jumbo Frame. rx_buf is NULL\n"); + RTE_LOG(ERR, PMD, "Jumbo Frame. rx_buf is NULL\n"); + return -EINVAL; + } -+ mbuf = __bnxt_alloc_rx_data(rxq->mb_pool); -+ if (!mbuf) { -+ rte_atomic64_inc(&rxq->rx_mbuf_alloc_fail); ++ data = __bnxt_alloc_rx_data(rxq->mb_pool); ++ if (!data) { ++ rte_atomic64_inc(&rxq->bp->rx_mbuf_alloc_fail); + return -ENOMEM; + } - rx_buf->mbuf = mbuf; - mbuf->data_off = RTE_PKTMBUF_HEADROOM; + rx_buf->mbuf = data; + -- 2.20.1