All of lore.kernel.org
 help / color / mirror / Atom feed
From: <dan.carpenter@oracle.com>
To: paulb@mellanox.com
Cc: Paul Blakey <paulb@mellanox.com>, linux-rdma@vger.kernel.org
Subject: [bug report] net/mlx5e: CT: Save ct entries tuples in hashtables
Date: Tue, 14 Jul 2020 13:00:44 +0300	[thread overview]
Message-ID: <20200714100044.GA280741@mwanda> (raw)

Hello Paul Blakey,

The patch bc562be9674b: "net/mlx5e: CT: Save ct entries tuples in
hashtables" from Mar 29, 2020, leads to the following static checker
warning:

	drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:246 mlx5_tc_ct_rule_to_tuple_nat()
	error: buffer overflow 'tuple->ip.src_v6.in6_u.u6_addr32' 4 <= 7

drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
   229  
   230                  offset = act->mangle.offset;
   231                  val = act->mangle.val;
   232                  switch (act->mangle.htype) {
   233                  case FLOW_ACT_MANGLE_HDR_TYPE_IP4:
   234                          if (offset == offsetof(struct iphdr, saddr))
   235                                  tuple->ip.src_v4 = cpu_to_be32(val);
   236                          else if (offset == offsetof(struct iphdr, daddr))
   237                                  tuple->ip.dst_v4 = cpu_to_be32(val);
   238                          else
   239                                  return -EOPNOTSUPP;
   240                          break;
   241  
   242                  case FLOW_ACT_MANGLE_HDR_TYPE_IP6:
   243                          ip6_offset = (offset - offsetof(struct ipv6hdr, saddr));
   244                          ip6_offset /= 4;
   245                          if (ip6_offset < 8)
                                    ^^^^^^^^^^^^^^

   246                                  tuple->ip.src_v6.s6_addr32[ip6_offset] = cpu_to_be32(val);
                                                         ^^^^^^^^^^^^^^^^^^^^^
This is a 4 element array.

   247                          else
   248                                  return -EOPNOTSUPP;
   249                          break;
   250  
   251                  case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
   252                          if (offset == offsetof(struct tcphdr, source))
   253                                  tuple->port.src = cpu_to_be16(val);
   254                          else if (offset == offsetof(struct tcphdr, dest))
   255                                  tuple->port.dst = cpu_to_be16(val);
   256                          else
   257                                  return -EOPNOTSUPP;
   258                          break;

regards,
dan carpenter

                 reply	other threads:[~2020-07-14 10:02 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200714100044.GA280741@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=linux-rdma@vger.kernel.org \
    --cc=paulb@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.