[dpdk-dev] [PATCH v2 04/10] net/atlantic: fix buffer overflow

Igor Russkikh Igor.Russkikh at aquantia.com
Sat Mar 9 15:03:30 CET 2019


From: Pavel Belous <Pavel.Belous at aquantia.com>

Found by Coverity scan. This is a real memory corruption.
There is no need in extra RTE_ALIGN macros since the
request/result structures are 4-byte aligned by definition.

Cc: stable at dpdk.org
Fixes: ce4e8d418097 ("net/atlantic: implement EEPROM get/set")
Signed-off-by: Igor Russkikh <igor.russkikh at aquantia.com>
Signed-off-by: Pavel Belous <Pavel.Belous at aquantia.com>
---
 drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
index 6841d9bce39c..f90ccfe9e010 100644
--- a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
+++ b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
@@ -501,7 +501,7 @@ static int aq_fw2x_get_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
 	/* Write SMBUS request to cfg memory */
 	err = hw_atl_utils_fw_upload_dwords(self, self->rpc_addr,
 				(u32 *)(void *)&request,
-				RTE_ALIGN(sizeof(request), sizeof(u32)));
+				sizeof(request) / sizeof(u32));
 
 	if (err < 0)
 		return err;
@@ -523,7 +523,7 @@ static int aq_fw2x_get_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
 
 	err = hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32),
 			&result,
-			RTE_ALIGN(sizeof(result), sizeof(u32)));
+			sizeof(result) / sizeof(u32));
 
 	if (err < 0)
 		return err;
@@ -558,7 +558,7 @@ static int aq_fw2x_set_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
 	/* Write SMBUS request to cfg memory */
 	err = hw_atl_utils_fw_upload_dwords(self, self->rpc_addr,
 				(u32 *)(void *)&request,
-				RTE_ALIGN(sizeof(request), sizeof(u32)));
+				sizeof(request) / sizeof(u32));
 
 	if (err < 0)
 		return err;
@@ -589,7 +589,7 @@ static int aq_fw2x_set_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
 	/* Read status of write operation */
 	err = hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32),
 				&result,
-				RTE_ALIGN(sizeof(result), sizeof(u32)));
+				sizeof(result) / sizeof(u32));
 
 	if (err < 0)
 		return err;
-- 
2.17.1



More information about the dev mailing list