From: Yuval Mintz <yuvalmin@broadcom.com>
To: <davem@davemloft.net>, <netdev@vger.kernel.org>
Cc: <ariele@broadcom.com>, Yuval Mintz <yuvalmin@broadcom.com>
Subject: [PATCH net 4/5] bnx2x: fix AFEX memory overflow
Date: Sun, 5 Jan 2014 18:33:53 +0200 [thread overview]
Message-ID: <1388939634-19948-5-git-send-email-yuvalmin@broadcom.com> (raw)
In-Reply-To: <1388939634-19948-1-git-send-email-yuvalmin@broadcom.com>
There are 2 different (related) flows in the slowpath configuration
that utilize the same pointer and cast it to different structs;
This is obviously incorrect as the intended allocated memory is that
of the smaller struct, possibly causing the flow utilizing the larger
struct to corrupt other slowpath configuration.
Since both flows are exclusive, set the allocated memory to be a union
of both structs.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
index cb30d1a..2d5fce4 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
@@ -1250,7 +1250,10 @@ struct bnx2x_slowpath {
* Therefore, if they would have been defined in the same union,
* data can get corrupted.
*/
- struct afex_vif_list_ramrod_data func_afex_rdata;
+ union {
+ struct afex_vif_list_ramrod_data viflist_data;
+ struct function_update_data func_update;
+ } func_afex_rdata;
/* used by dmae command executer */
struct dmae_command dmae[MAX_DMAE_C];
--
1.8.1.227.g44fe835
next prev parent reply other threads:[~2014-01-05 16:34 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-05 16:33 [PATCH net 0/5] bnx2x: Bug fixes patch series Yuval Mintz
2014-01-05 16:33 ` [PATCH net 1/5] bnx2x: limit number of interrupt vectors for 57711 Yuval Mintz
2014-01-06 13:47 ` Sergei Shtylyov
2014-01-05 16:33 ` [PATCH net 2/5] bnx2x: Correct number of MSI-X vectors for VFs Yuval Mintz
2014-01-06 16:28 ` [BUG] bnx2x : lockdep assertion Eric Dumazet
2014-01-06 16:35 ` Ariel Elior
2014-01-06 16:49 ` Eric Dumazet
2014-01-05 16:33 ` [PATCH net 3/5] bnx2x: Clean before update RSS arrives Yuval Mintz
2014-01-05 16:33 ` Yuval Mintz [this message]
2014-01-05 16:33 ` [PATCH net 5/5] bnx2x: fix VLAN configuration for VFs Yuval Mintz
2014-01-05 19:19 ` Or Gerlitz
2014-01-05 19:24 ` Yuval Mintz
2014-01-06 1:23 ` [PATCH net 0/5] bnx2x: Bug fixes patch series David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1388939634-19948-5-git-send-email-yuvalmin@broadcom.com \
--to=yuvalmin@broadcom.com \
--cc=ariele@broadcom.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).