Linux RDMA and InfiniBand development
 help / color / mirror / Atom feed
From: <dan.carpenter@oracle.com>
To: paulb@mellanox.com
Cc: Paul Blakey <paulb@mellanox.com>, linux-rdma@vger.kernel.org
Subject: [bug report] net/mlx5e: CT: Save ct entries tuples in hashtables
Date: Tue, 14 Jul 2020 13:00:44 +0300	[thread overview]
Message-ID: <20200714100044.GA280741@mwanda> (raw)

Hello Paul Blakey,

The patch bc562be9674b: "net/mlx5e: CT: Save ct entries tuples in
hashtables" from Mar 29, 2020, leads to the following static checker
warning:

	drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:246 mlx5_tc_ct_rule_to_tuple_nat()
	error: buffer overflow 'tuple->ip.src_v6.in6_u.u6_addr32' 4 <= 7

drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
   229  
   230                  offset = act->mangle.offset;
   231                  val = act->mangle.val;
   232                  switch (act->mangle.htype) {
   233                  case FLOW_ACT_MANGLE_HDR_TYPE_IP4:
   234                          if (offset == offsetof(struct iphdr, saddr))
   235                                  tuple->ip.src_v4 = cpu_to_be32(val);
   236                          else if (offset == offsetof(struct iphdr, daddr))
   237                                  tuple->ip.dst_v4 = cpu_to_be32(val);
   238                          else
   239                                  return -EOPNOTSUPP;
   240                          break;
   241  
   242                  case FLOW_ACT_MANGLE_HDR_TYPE_IP6:
   243                          ip6_offset = (offset - offsetof(struct ipv6hdr, saddr));
   244                          ip6_offset /= 4;
   245                          if (ip6_offset < 8)
                                    ^^^^^^^^^^^^^^

   246                                  tuple->ip.src_v6.s6_addr32[ip6_offset] = cpu_to_be32(val);
                                                         ^^^^^^^^^^^^^^^^^^^^^
This is a 4 element array.

   247                          else
   248                                  return -EOPNOTSUPP;
   249                          break;
   250  
   251                  case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
   252                          if (offset == offsetof(struct tcphdr, source))
   253                                  tuple->port.src = cpu_to_be16(val);
   254                          else if (offset == offsetof(struct tcphdr, dest))
   255                                  tuple->port.dst = cpu_to_be16(val);
   256                          else
   257                                  return -EOPNOTSUPP;
   258                          break;

regards,
dan carpenter

                 reply	other threads:[~2020-07-14 10:02 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200714100044.GA280741@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=linux-rdma@vger.kernel.org \
    --cc=paulb@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox