* [PATCH v2 5/7] net/bnxt: fix uninitialized warning
[not found] ` <20251230185837.301163-1-stephen@networkplumber.org>
@ 2025-12-30 18:55 ` Stephen Hemminger
2025-12-30 18:55 ` [PATCH v2 6/7] common/cnxk: fix array out of bounds Stephen Hemminger
2025-12-30 18:55 ` [PATCH v2 7/7] examples/fips_validation: avoid rte_memcpy() bug Stephen Hemminger
2 siblings, 0 replies; 5+ messages in thread
From: Stephen Hemminger @ 2025-12-30 18:55 UTC (permalink / raw)
To: dev
Cc: Stephen Hemminger, stable, Ajit Khaparde, Somnath Kotur,
Venkat Duvvuru, Mike Baucom, Kishore Padmanabha
With gcc-16 it inlines a lot more code and creates a warnings
where it thinks it might be manipulating bits that are not set.
It looks like this is because the bits in control word (cword)
in theory could be larger than the variable. Should not
be possible because wc_ctl_size_bits is only set to 3, 16, or 32
but that happens outside of the scope of these functions.
Resolve by adding bounds check which compiler sees and knows
the loop will only see those bits.
In function ‘ulp_bs_push_msb’,
inlined from ‘ulp_blob_push’ at ../drivers/net/bnxt/tf_ulp/ulp_utils.h:407:8,
inlined from ‘ulp_blob_push_32’ at ../drivers/net/bnxt/tf_ulp/ulp_utils.h:551:7,
inlined from ‘ulp_mapper_wc_tcam_tbl_dyn_post_process’ at ../drivers/net/bnxt/tf_ulp/ulp_mapper.c:2487:9:
../drivers/net/bnxt/tf_ulp/ulp_utils.h:336:17: warning: ‘cword’ may be used uninitialized [-Wmaybe-uninitialized]
336 | ulp_bs_put_msb(bs, pos, 8, val[i]);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../drivers/net/bnxt/tf_ulp/ulp_mapper.c: In function ‘ulp_mapper_wc_tcam_tbl_dyn_post_process’:
../drivers/net/bnxt/tf_ulp/ulp_mapper.c:2443:18: note: ‘cword’ declared here
2443 | uint32_t cword, i, rc;
| ^~~~~
Bugzilla ID: 1821
Fixes: 3fe124d2536c ("net/bnxt: support Thor platform")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
---
Note: same patch is already queued in broadcom-next
included here so next-net can do Gcc-16 builds
drivers/net/bnxt/tf_ulp/ulp_mapper.c | 5 +++++
drivers/net/bnxt/tf_ulp/ulp_mapper_tfc.c | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/drivers/net/bnxt/tf_ulp/ulp_mapper.c b/drivers/net/bnxt/tf_ulp/ulp_mapper.c
index 0ff952950b..960cdda311 100644
--- a/drivers/net/bnxt/tf_ulp/ulp_mapper.c
+++ b/drivers/net/bnxt/tf_ulp/ulp_mapper.c
@@ -2446,6 +2446,11 @@ ulp_mapper_wc_tcam_tbl_dyn_post_process(struct bnxt_ulp_device_params *dparms,
slice_width = dparms->wc_slice_width;
clen = dparms->wc_ctl_size_bits;
+ if (clen > 32) {
+ BNXT_DRV_DBG(ERR, "Key size bits %d too large\n", clen);
+ return -EINVAL;
+ }
+
max_slices = dparms->wc_max_slices;
blen = ulp_blob_data_len_get(key);
diff --git a/drivers/net/bnxt/tf_ulp/ulp_mapper_tfc.c b/drivers/net/bnxt/tf_ulp/ulp_mapper_tfc.c
index f99698a1d8..2d89f10d5e 100644
--- a/drivers/net/bnxt/tf_ulp/ulp_mapper_tfc.c
+++ b/drivers/net/bnxt/tf_ulp/ulp_mapper_tfc.c
@@ -90,6 +90,10 @@ ulp_mapper_tfc_wc_tcam_post_process(struct bnxt_ulp_device_params *dparms,
slice_width = dparms->wc_slice_width;
clen = dparms->wc_ctl_size_bits;
+ if (clen > 32) {
+ BNXT_DRV_DBG(ERR, "Key size bits %d too large\n", clen);
+ return -EINVAL;
+ }
max_slices = dparms->wc_max_slices;
blen = ulp_blob_data_len_get(key);
--
2.51.0
^ permalink raw reply [flat|nested] 5+ messages in thread* [PATCH v2 6/7] common/cnxk: fix array out of bounds
[not found] ` <20251230185837.301163-1-stephen@networkplumber.org>
2025-12-30 18:55 ` [PATCH v2 " Stephen Hemminger
@ 2025-12-30 18:55 ` Stephen Hemminger
2025-12-30 18:55 ` [PATCH v2 7/7] examples/fips_validation: avoid rte_memcpy() bug Stephen Hemminger
2 siblings, 0 replies; 5+ messages in thread
From: Stephen Hemminger @ 2025-12-30 18:55 UTC (permalink / raw)
To: dev
Cc: Stephen Hemminger, stable, vattunuru, Nithin Dabilpuram,
Kiran Kumar K, Sunil Kumar Kori, Satha Rao, Harman Kalra,
Jerin Jacob
Gcc-16 detects out of bounds reference in this code.
In function ‘nix_inl_selftest_work_cb’,
inlined from ‘inl_outb_soft_exp_poll’ at ../drivers/common/cnxk/roc_nix_inl_dev.c:1173:4,
inlined from ‘nix_inl_outb_poll_thread’ at ../drivers/common/cnxk/roc_nix_inl_dev.c:1201:6:
../drivers/common/cnxk/roc_nix_inl_dev.c:43:19: warning: array subscript 1 is outside array bounds of ‘uint64_t[1]’ {aka ‘long unsigned int[1]’} [-Warray-bounds=]
43 | uintptr_t work = gw[1];
| ^~~~
../drivers/common/cnxk/roc_nix_inl_dev.c: In function ‘nix_inl_outb_poll_thread’:
../drivers/common/cnxk/roc_nix_inl_dev.c:1172:34: note: at offset 8 into object ‘tmp’ of size 8
1172 | uint64_t tmp = ~(uint32_t)0x0;
| ^~~
Fixes: bea5d990a93b ("net/cnxk: support outbound soft expiry notification")
Cc: stable@dpdk.org
Cc: vattunuru@marvell.com
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
drivers/common/cnxk/roc_nix_inl_dev.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/common/cnxk/roc_nix_inl_dev.c b/drivers/common/cnxk/roc_nix_inl_dev.c
index 1eb96f913a..3a4f1ac1e7 100644
--- a/drivers/common/cnxk/roc_nix_inl_dev.c
+++ b/drivers/common/cnxk/roc_nix_inl_dev.c
@@ -1169,12 +1169,10 @@ inl_outb_soft_exp_poll(struct nix_inl_dev *inl_dev, uint32_t ring_idx)
(entry.s.data0 << 7));
if (sa != NULL) {
- uint64_t tmp = ~(uint32_t)0x0;
- inl_dev->work_cb(&tmp, sa, NIX_INL_SOFT_EXPIRY_THRD, NULL, port_id);
- __atomic_store_n(ring_base + tail_l + 1, 0ULL,
- __ATOMIC_RELAXED);
- __atomic_fetch_add((uint32_t *)ring_base, 1,
- __ATOMIC_ACQ_REL);
+ uint64_t tmp[2];
+ inl_dev->work_cb(tmp, sa, NIX_INL_SOFT_EXPIRY_THRD, NULL, port_id);
+ __atomic_store_n(ring_base + tail_l + 1, 0ULL, __ATOMIC_RELAXED);
+ __atomic_fetch_add((uint32_t *)ring_base, 1, __ATOMIC_ACQ_REL);
} else
plt_err("Invalid SA");
--
2.51.0
^ permalink raw reply [flat|nested] 5+ messages in thread* [PATCH v2 7/7] examples/fips_validation: avoid rte_memcpy() bug
[not found] ` <20251230185837.301163-1-stephen@networkplumber.org>
2025-12-30 18:55 ` [PATCH v2 " Stephen Hemminger
2025-12-30 18:55 ` [PATCH v2 6/7] common/cnxk: fix array out of bounds Stephen Hemminger
@ 2025-12-30 18:55 ` Stephen Hemminger
2026-01-05 4:21 ` [EXTERNAL] " Gowrishankar Muthukrishnan
2 siblings, 1 reply; 5+ messages in thread
From: Stephen Hemminger @ 2025-12-30 18:55 UTC (permalink / raw)
To: dev; +Cc: Stephen Hemminger, gmuthukrishn, stable
The code for copying example hash key values was calling rte_memcpy
but rte_memcpy is generating vector instruction that references
past the array.
In function ‘get_hash_oid’,
inlined from ‘prepare_rsa_xform’ at ../examples/fips_validation/main.c:1607:12:
../examples/fips_validation/main.c:890:20: warning: array subscript ‘__m128i_u[0]’
is partly outside array bounds of ‘uint8_t[15]’ {aka ‘unsigned char[15]’} [-Warray-bounds=]
890 | id = id_sha1;
| ~~~^~~~~~~~~
../examples/fips_validation/main.c: In function ‘prepare_rsa_xform’:
../examples/fips_validation/main.c:882:17: note: object ‘id_sha1’ of size 15
882 | uint8_t id_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
Workaround is to replace rte_memcpy with memcpy.
Fixes: ae5ae3bf5996 ("examples/fips_validation: encode digest with hash OID")
Cc: gmuthukrishn@marvell.com
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
examples/fips_validation/main.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index f21826e9d7..daf273bc85 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -882,8 +882,8 @@ get_hash_oid(enum rte_crypto_auth_algorithm hash, uint8_t *buf)
uint8_t id_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
0x00, 0x04, 0x14};
- uint8_t *id = NULL;
- int id_len = 0;
+ const uint8_t *id;
+ size_t id_len;
switch (hash) {
case RTE_CRYPTO_AUTH_SHA1:
@@ -907,12 +907,10 @@ get_hash_oid(enum rte_crypto_auth_algorithm hash, uint8_t *buf)
id_len = sizeof(id_sha512);
break;
default:
- id_len = -1;
- break;
+ return -1;
}
- if (id != NULL)
- rte_memcpy(buf, id, id_len);
+ memcpy(buf, id, id_len);
return id_len;
}
@@ -1614,8 +1612,8 @@ prepare_rsa_xform(struct rte_crypto_asym_xform *xform)
if (b_len) {
msg.len = env.digest_len + b_len;
msg.val = rte_zmalloc(NULL, msg.len, 0);
- rte_memcpy(msg.val, b, b_len);
- rte_memcpy(msg.val + b_len, env.digest, env.digest_len);
+ memcpy(msg.val, b, b_len);
+ memcpy(msg.val + b_len, env.digest, env.digest_len);
rte_free(env.digest);
env.digest = msg.val;
env.digest_len = msg.len;
--
2.51.0
^ permalink raw reply [flat|nested] 5+ messages in thread* RE: [EXTERNAL] [PATCH v2 7/7] examples/fips_validation: avoid rte_memcpy() bug
2025-12-30 18:55 ` [PATCH v2 7/7] examples/fips_validation: avoid rte_memcpy() bug Stephen Hemminger
@ 2026-01-05 4:21 ` Gowrishankar Muthukrishnan
0 siblings, 0 replies; 5+ messages in thread
From: Gowrishankar Muthukrishnan @ 2026-01-05 4:21 UTC (permalink / raw)
To: Stephen Hemminger, dev; +Cc: stable
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Fixes: ae5ae3bf5996 ("examples/fips_validation: encode digest with hash OID")
> Cc: gmuthukrishn@marvell.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
> examples/fips_validation/main.c | 14 ++++++--------
> 1 file changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
> index f21826e9d7..daf273bc85 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -882,8 +882,8 @@ get_hash_oid(enum rte_crypto_auth_algorithm hash,
> uint8_t *buf)
> uint8_t id_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
> 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
> 0x00, 0x04, 0x14};
> - uint8_t *id = NULL;
> - int id_len = 0;
> + const uint8_t *id;
> + size_t id_len;
>
> switch (hash) {
> case RTE_CRYPTO_AUTH_SHA1:
> @@ -907,12 +907,10 @@ get_hash_oid(enum rte_crypto_auth_algorithm hash,
> uint8_t *buf)
> id_len = sizeof(id_sha512);
> break;
> default:
> - id_len = -1;
> - break;
> + return -1;
> }
>
> - if (id != NULL)
> - rte_memcpy(buf, id, id_len);
> + memcpy(buf, id, id_len);
>
> return id_len;
> }
> @@ -1614,8 +1612,8 @@ prepare_rsa_xform(struct rte_crypto_asym_xform
> *xform)
> if (b_len) {
> msg.len = env.digest_len + b_len;
> msg.val = rte_zmalloc(NULL, msg.len, 0);
> - rte_memcpy(msg.val, b, b_len);
> - rte_memcpy(msg.val + b_len, env.digest,
> env.digest_len);
> + memcpy(msg.val, b, b_len);
> + memcpy(msg.val + b_len, env.digest,
> env.digest_len);
> rte_free(env.digest);
> env.digest = msg.val;
> env.digest_len = msg.len;
> --
> 2.51.0
^ permalink raw reply [flat|nested] 5+ messages in thread