From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F0299A0A02 for ; Tue, 18 May 2021 17:10:24 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E3ED7410FF; Tue, 18 May 2021 17:10:24 +0200 (CEST) Received: from shelob.oktetlabs.ru (shelob.oktetlabs.ru [91.220.146.113]) by mails.dpdk.org (Postfix) with ESMTP id 31E9F40041; Tue, 18 May 2021 17:10:21 +0200 (CEST) Received: from localhost.localdomain (unknown [5.144.120.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by shelob.oktetlabs.ru (Postfix) with ESMTPSA id B14897F53B; Tue, 18 May 2021 18:10:20 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 shelob.oktetlabs.ru B14897F53B DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=oktetlabs.ru; s=default; t=1621350620; bh=GgnoTAxNcaP9JJkQhOe3VuSd0X2hIIu769OrN15zzFU=; h=From:To:Cc:Subject:Date; b=kvJA49hE+7qnFLcAiD8TcZyfRk5uNE18fxtX4nLtfdRd8fZPw1PjxBsv89F+QoIcn eT+wSvIHfKCwigOHhq7apCQKPMqwLbgbPuOdPi7JYQ1jwUMBIJOpSPtff2K/yeC0lY JveynmtDkvX7atgsT5+CM8VnhdvhFW2a9AQbhyOg= From: Ivan Malov To: dev@dpdk.org Cc: Andy Moreton , stable@dpdk.org, Andrew Rybchenko , Ferruh Yigit Date: Tue, 18 May 2021 18:10:11 +0300 Message-Id: <20210518151012.14277-1-ivan.malov@oktetlabs.ru> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] [PATCH 1/2] common/sfc_efx/base: limit reported MCDI response length X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" From: Andy Moreton MCDI helper routines in libefx include length checks for response messages, to ensure that short replies and optional fields are handled correctly. If the MCDI response message from the firmware is larger than the caller's buffer then the response length reported to the caller should be limited to the buffer size. Otherwise length checks in the caller may allow reading past the end of the buffer. Fixes: 6f619653b9b1 ("net/sfc/base: import MCDI implementation") Cc: stable@dpdk.org Signed-off-by: Andy Moreton Signed-off-by: Ivan Malov Reviewed-by: Andrew Rybchenko --- drivers/common/sfc_efx/base/efx_mcdi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/common/sfc_efx/base/efx_mcdi.c b/drivers/common/sfc_efx/base/efx_mcdi.c index ff676f8a0..f4e1384d0 100644 --- a/drivers/common/sfc_efx/base/efx_mcdi.c +++ b/drivers/common/sfc_efx/base/efx_mcdi.c @@ -516,6 +516,9 @@ efx_mcdi_finish_response( bytes = MIN(emrp->emr_out_length_used, emrp->emr_out_length); efx_mcdi_read_response(enp, emrp->emr_out_buf, resp_off, bytes); + /* Report bytes copied to caller (response message may be larger) */ + emrp->emr_out_length_used = bytes; + #if EFSYS_OPT_MCDI_LOGGING if (emtp->emt_logger != NULL) { emtp->emt_logger(emtp->emt_context, -- 2.20.1