From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 24766A0A02 for ; Tue, 18 May 2021 17:10:25 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0A62E41102; Tue, 18 May 2021 17:10:25 +0200 (CEST) Received: from shelob.oktetlabs.ru (shelob.oktetlabs.ru [91.220.146.113]) by mails.dpdk.org (Postfix) with ESMTP id 861414068E; Tue, 18 May 2021 17:10:21 +0200 (CEST) Received: from localhost.localdomain (unknown [5.144.120.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by shelob.oktetlabs.ru (Postfix) with ESMTPSA id 0F7667F593; Tue, 18 May 2021 18:10:21 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 shelob.oktetlabs.ru 0F7667F593 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=oktetlabs.ru; s=default; t=1621350621; bh=CpEOaeGz46GKgIaE/RvZb6Sdg5uwQQ/rFAU+tL/1vG4=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=vP3j/ktMmbr5RAG1M/fLA/M56FFmIEzguIA9nCnaWIXyLhtykq2RTyqYoWebgcgC9 GMDSaGxa5/2inqwOA7Ir/WTjalmJ5jtutg0HyNdoLYCBKCrIOaIAg9XqgeDNREo42c UNBAfjwEBEYlTabpSqsf43Vy2viJNx5+9r7QSmDQ= From: Ivan Malov To: dev@dpdk.org Cc: Andy Moreton , stable@dpdk.org, Andrew Rybchenko , Ferruh Yigit Date: Tue, 18 May 2021 18:10:12 +0300 Message-Id: <20210518151012.14277-2-ivan.malov@oktetlabs.ru> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210518151012.14277-1-ivan.malov@oktetlabs.ru> References: <20210518151012.14277-1-ivan.malov@oktetlabs.ru> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] [PATCH 2/2] common/sfc_efx/base: add missing MCDI response length checks X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" From: Andy Moreton Fixes: 6f619653b9b1 ("net/sfc/base: import MCDI implementation") Fixes: e7cd430c864f ("net/sfc/base: import SFN7xxx family support") Fixes: 94190e3543bf ("net/sfc/base: import SFN8xxx family support") Fixes: 34285fd0891d ("common/sfc_efx/base: add match spec validate API") Fixes: e61baa82e64b ("common/sfc_efx/base: add MAE action set provisioning APIs") Fixes: b4fac34715f2 ("common/sfc_efx/base: add MAE action rule provisioning APIs") Fixes: ed15d7f8e064 ("common/sfc_efx/base: validate and compare outer match specs") Fixes: 7a673e1a4a05 ("common/sfc_efx/base: support outer rule provisioning") Cc: stable@dpdk.org Signed-off-by: Andy Moreton Signed-off-by: Ivan Malov Reviewed-by: Andrew Rybchenko --- drivers/common/sfc_efx/base/ef10_filter.c | 11 ++++- drivers/common/sfc_efx/base/ef10_nic.c | 10 ++++- drivers/common/sfc_efx/base/efx_mae.c | 52 +++++++++++++++++++---- drivers/common/sfc_efx/base/efx_mcdi.c | 7 +++ 4 files changed, 69 insertions(+), 11 deletions(-) diff --git a/drivers/common/sfc_efx/base/ef10_filter.c b/drivers/common/sfc_efx/base/ef10_filter.c index 0c99d4b74..ac6006c9b 100644 --- a/drivers/common/sfc_efx/base/ef10_filter.c +++ b/drivers/common/sfc_efx/base/ef10_filter.c @@ -1225,20 +1225,25 @@ efx_mcdi_get_parser_disp_info( goto fail1; } + if (req.emr_out_length_used < MC_CMD_GET_PARSER_DISP_INFO_OUT_LENMIN) { + rc = EMSGSIZE; + goto fail2; + } + matches_count = MCDI_OUT_DWORD(req, GET_PARSER_DISP_INFO_OUT_NUM_SUPPORTED_MATCHES); if (req.emr_out_length_used < MC_CMD_GET_PARSER_DISP_INFO_OUT_LEN(matches_count)) { rc = EMSGSIZE; - goto fail2; + goto fail3; } *list_lengthp = matches_count; if (buffer_length < matches_count) { rc = ENOSPC; - goto fail3; + goto fail4; } /* @@ -1258,6 +1263,8 @@ efx_mcdi_get_parser_disp_info( return (0); +fail4: + EFSYS_PROBE(fail4); fail3: EFSYS_PROBE(fail3); fail2: diff --git a/drivers/common/sfc_efx/base/ef10_nic.c b/drivers/common/sfc_efx/base/ef10_nic.c index 531365e42..eda0ad306 100644 --- a/drivers/common/sfc_efx/base/ef10_nic.c +++ b/drivers/common/sfc_efx/base/ef10_nic.c @@ -491,11 +491,17 @@ efx_mcdi_get_rxdp_config( req.emr_out_length = MC_CMD_GET_RXDP_CONFIG_OUT_LEN; efx_mcdi_execute(enp, &req); + if (req.emr_rc != 0) { rc = req.emr_rc; goto fail1; } + if (req.emr_out_length_used < MC_CMD_GET_RXDP_CONFIG_OUT_LEN) { + rc = EMSGSIZE; + goto fail2; + } + if (MCDI_OUT_DWORD_FIELD(req, GET_RXDP_CONFIG_OUT_DATA, GET_RXDP_CONFIG_OUT_PAD_HOST_DMA) == 0) { /* RX DMA end padding is disabled */ @@ -514,7 +520,7 @@ efx_mcdi_get_rxdp_config( break; default: rc = ENOTSUP; - goto fail2; + goto fail3; } } @@ -522,6 +528,8 @@ efx_mcdi_get_rxdp_config( return (0); +fail3: + EFSYS_PROBE(fail3); fail2: EFSYS_PROBE(fail2); fail1: diff --git a/drivers/common/sfc_efx/base/efx_mae.c b/drivers/common/sfc_efx/base/efx_mae.c index 80fe155d0..c1784211e 100644 --- a/drivers/common/sfc_efx/base/efx_mae.c +++ b/drivers/common/sfc_efx/base/efx_mae.c @@ -109,17 +109,22 @@ efx_mae_get_outer_rule_caps( goto fail2; } + if (req.emr_out_length_used < MC_CMD_MAE_GET_OR_CAPS_OUT_LENMIN) { + rc = EMSGSIZE; + goto fail3; + } + mcdi_field_ncaps = MCDI_OUT_DWORD(req, MAE_GET_OR_CAPS_OUT_COUNT); if (req.emr_out_length_used < MC_CMD_MAE_GET_OR_CAPS_OUT_LEN(mcdi_field_ncaps)) { rc = EMSGSIZE; - goto fail3; + goto fail4; } if (mcdi_field_ncaps > field_ncaps) { rc = EMSGSIZE; - goto fail4; + goto fail5; } for (i = 0; i < mcdi_field_ncaps; ++i) { @@ -147,6 +152,8 @@ efx_mae_get_outer_rule_caps( return (0); +fail5: + EFSYS_PROBE(fail5); fail4: EFSYS_PROBE(fail4); fail3: @@ -191,17 +198,22 @@ efx_mae_get_action_rule_caps( goto fail2; } - mcdi_field_ncaps = MCDI_OUT_DWORD(req, MAE_GET_OR_CAPS_OUT_COUNT); + if (req.emr_out_length_used < MC_CMD_MAE_GET_AR_CAPS_OUT_LENMIN) { + rc = EMSGSIZE; + goto fail3; + } + + mcdi_field_ncaps = MCDI_OUT_DWORD(req, MAE_GET_AR_CAPS_OUT_COUNT); if (req.emr_out_length_used < MC_CMD_MAE_GET_AR_CAPS_OUT_LEN(mcdi_field_ncaps)) { rc = EMSGSIZE; - goto fail3; + goto fail4; } if (mcdi_field_ncaps > field_ncaps) { rc = EMSGSIZE; - goto fail4; + goto fail5; } for (i = 0; i < mcdi_field_ncaps; ++i) { @@ -229,6 +241,8 @@ efx_mae_get_action_rule_caps( return (0); +fail5: + EFSYS_PROBE(fail5); fail4: EFSYS_PROBE(fail4); fail3: @@ -1773,15 +1787,22 @@ efx_mae_outer_rule_remove( goto fail2; } + if (req.emr_out_length_used < MC_CMD_MAE_OUTER_RULE_REMOVE_OUT_LENMIN) { + rc = EMSGSIZE; + goto fail3; + } + if (MCDI_OUT_DWORD(req, MAE_OUTER_RULE_REMOVE_OUT_REMOVED_OR_ID) != or_idp->id) { /* Firmware failed to remove the outer rule. */ rc = EAGAIN; - goto fail3; + goto fail4; } return (0); +fail4: + EFSYS_PROBE(fail4); fail3: EFSYS_PROBE(fail3); fail2: @@ -2176,15 +2197,22 @@ efx_mae_action_set_free( goto fail2; } + if (req.emr_out_length_used < MC_CMD_MAE_ACTION_SET_FREE_OUT_LENMIN) { + rc = EMSGSIZE; + goto fail3; + } + if (MCDI_OUT_DWORD(req, MAE_ACTION_SET_FREE_OUT_FREED_AS_ID) != aset_idp->id) { /* Firmware failed to free the action set. */ rc = EAGAIN; - goto fail3; + goto fail4; } return (0); +fail4: + EFSYS_PROBE(fail4); fail3: EFSYS_PROBE(fail3); fail2: @@ -2326,15 +2354,23 @@ efx_mae_action_rule_remove( goto fail2; } + if (req.emr_out_length_used < + MC_CMD_MAE_ACTION_RULE_DELETE_OUT_LENMIN) { + rc = EMSGSIZE; + goto fail3; + } + if (MCDI_OUT_DWORD(req, MAE_ACTION_RULE_DELETE_OUT_DELETED_AR_ID) != ar_idp->id) { /* Firmware failed to delete the action rule. */ rc = EAGAIN; - goto fail3; + goto fail4; } return (0); +fail4: + EFSYS_PROBE(fail4); fail3: EFSYS_PROBE(fail3); fail2: diff --git a/drivers/common/sfc_efx/base/efx_mcdi.c b/drivers/common/sfc_efx/base/efx_mcdi.c index f4e1384d0..f226ffd92 100644 --- a/drivers/common/sfc_efx/base/efx_mcdi.c +++ b/drivers/common/sfc_efx/base/efx_mcdi.c @@ -2294,6 +2294,11 @@ efx_mcdi_get_workarounds( goto fail1; } + if (req.emr_out_length_used < MC_CMD_GET_WORKAROUNDS_OUT_LEN) { + rc = EMSGSIZE; + goto fail2; + } + if (implementedp != NULL) { *implementedp = MCDI_OUT_DWORD(req, GET_WORKAROUNDS_OUT_IMPLEMENTED); @@ -2305,6 +2310,8 @@ efx_mcdi_get_workarounds( return (0); +fail2: + EFSYS_PROBE(fail2); fail1: EFSYS_PROBE1(fail1, efx_rc_t, rc); -- 2.20.1