[dpdk-dev] [PATCH v2 20/25] net/bnxt: fix out of bound access in bit handling
Ajit Khaparde
ajit.khaparde at broadcom.com
Wed Sep 16 06:28:46 CEST 2020
From: Kishore Padmanabha <kishore.padmanabha at broadcom.com>
Fix out of bounds access in action bit handling.
The act_val is changed to be array to resolve out of bound access issue.
Fixes: 52799debdf1c ("net/bnxt: support action bitmap opcode")
Signed-off-by: Kishore Padmanabha <kishore.padmanabha at broadcom.com>
Reviewed-by: Shahaji Bhosle <sbhosle at broadcom.com>
Reviewed-by: Mike Baucom <michael.baucom at broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde at broadcom.com>
---
drivers/net/bnxt/tf_ulp/ulp_mapper.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/net/bnxt/tf_ulp/ulp_mapper.c b/drivers/net/bnxt/tf_ulp/ulp_mapper.c
index 15682673d..732141166 100644
--- a/drivers/net/bnxt/tf_ulp/ulp_mapper.c
+++ b/drivers/net/bnxt/tf_ulp/ulp_mapper.c
@@ -782,7 +782,7 @@ ulp_mapper_result_field_process(struct bnxt_ulp_mapper_parms *parms,
uint64_t regval;
uint32_t val_size = 0, field_size = 0;
uint64_t act_bit;
- uint8_t act_val;
+ uint8_t act_val[16];
uint64_t hdr_bit;
switch (fld->result_opcode) {
@@ -824,19 +824,18 @@ ulp_mapper_result_field_process(struct bnxt_ulp_mapper_parms *parms,
return -EINVAL;
}
act_bit = tfp_be_to_cpu_64(act_bit);
+ memset(act_val, 0, sizeof(act_val));
if (ULP_BITMAP_ISSET(parms->act_bitmap->bits, act_bit))
- act_val = 1;
- else
- act_val = 0;
+ act_val[0] = 1;
if (fld->field_bit_size > ULP_BYTE_2_BITS(sizeof(act_val))) {
BNXT_TF_DBG(ERR, "%s field size is incorrect\n", name);
return -EINVAL;
}
- if (!ulp_blob_push(blob, &act_val, fld->field_bit_size)) {
+ if (!ulp_blob_push(blob, act_val, fld->field_bit_size)) {
BNXT_TF_DBG(ERR, "%s push field failed\n", name);
return -EINVAL;
}
- val = &act_val;
+ val = act_val;
break;
case BNXT_ULP_MAPPER_OPC_SET_TO_ENCAP_ACT_PROP_SZ:
if (!ulp_operand_read(fld->result_operand,
--
2.21.1 (Apple Git-122.3)
More information about the dev
mailing list