From: Michal Schmidt <mschmidt@redhat.com>
To: "Mintz, Yuval" <Yuval.Mintz@cavium.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Cc: "Elior, Ariel" <Ariel.Elior@cavium.com>
Subject: [PATCH net 3/7 v2] bnx2x: fix possible overrun of VFPF multicast addresses array
Date: Mon, 6 Mar 2017 15:45:40 +0100 [thread overview]
Message-ID: <186b89fe-dbf4-ecc2-7c0c-0f2c37b846b8@redhat.com> (raw)
In-Reply-To: <BL2PR07MB230637FFDAFE26D2052B269F8D2D0@BL2PR07MB2306.namprd07.prod.outlook.com>
It is too late to check for the limit of the number of VF multicast
addresses after they have already been copied to the req->multicast[]
array, possibly overflowing it.
Do the check before copying.
Checking early also avoids having to (and forgetting to) unlock
vf2pf_mutex.
While we're looking at the error paths in the function, also return
an error code from it when the PF responds with an error. Even though
the caller ignores it.
v2: Move the check before bnx2x_vfpf_prep() as suggested by Yuval.
Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c
index bfae300..2b2ae92 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c
@@ -864,46 +864,44 @@ int bnx2x_vfpf_config_rss(struct bnx2x *bp,
}
int bnx2x_vfpf_set_mcast(struct net_device *dev)
{
struct bnx2x *bp = netdev_priv(dev);
struct vfpf_set_q_filters_tlv *req = &bp->vf2pf_mbox->req.set_q_filters;
struct pfvf_general_resp_tlv *resp = &bp->vf2pf_mbox->resp.general_resp;
- int rc, i = 0;
+ int rc = 0, i = 0;
struct netdev_hw_addr *ha;
if (bp->state != BNX2X_STATE_OPEN) {
DP(NETIF_MSG_IFUP, "state is %x, returning\n", bp->state);
return -EINVAL;
}
+ /* We support PFVF_MAX_MULTICAST_PER_VF mcast addresses tops */
+ if (netdev_mc_count(dev) > PFVF_MAX_MULTICAST_PER_VF) {
+ DP(NETIF_MSG_IFUP,
+ "VF supports not more than %d multicast MAC addresses\n",
+ PFVF_MAX_MULTICAST_PER_VF);
+ return -EINVAL;
+ }
+
/* clear mailbox and prep first tlv */
bnx2x_vfpf_prep(bp, &req->first_tlv, CHANNEL_TLV_SET_Q_FILTERS,
sizeof(*req));
/* Get Rx mode requested */
DP(NETIF_MSG_IFUP, "dev->flags = %x\n", dev->flags);
netdev_for_each_mc_addr(ha, dev) {
DP(NETIF_MSG_IFUP, "Adding mcast MAC: %pM\n",
bnx2x_mc_addr(ha));
memcpy(req->multicast[i], bnx2x_mc_addr(ha), ETH_ALEN);
i++;
}
- /* We support four PFVF_MAX_MULTICAST_PER_VF mcast
- * addresses tops
- */
- if (i >= PFVF_MAX_MULTICAST_PER_VF) {
- DP(NETIF_MSG_IFUP,
- "VF supports not more than %d multicast MAC addresses\n",
- PFVF_MAX_MULTICAST_PER_VF);
- return -EINVAL;
- }
-
req->n_multicast = i;
req->flags |= VFPF_SET_Q_FILTERS_MULTICAST_CHANGED;
req->vf_qid = 0;
/* add list termination tlv */
bnx2x_add_tlv(bp, req, req->first_tlv.tl.length, CHANNEL_TLV_LIST_END,
sizeof(struct channel_list_end_tlv));
@@ -920,15 +918,15 @@ int bnx2x_vfpf_set_mcast(struct net_device *dev)
BNX2X_ERR("Set Rx mode/multicast failed: %d\n",
resp->hdr.status);
rc = -EINVAL;
}
out:
bnx2x_vfpf_finalize(bp, &req->first_tlv);
- return 0;
+ return rc;
}
/* request pf to add a vlan for the vf */
int bnx2x_vfpf_update_vlan(struct bnx2x *bp, u16 vid, u8 vf_qid, bool add)
{
struct vfpf_set_q_filters_tlv *req = &bp->vf2pf_mbox->req.set_q_filters;
struct pfvf_general_resp_tlv *resp = &bp->vf2pf_mbox->resp.general_resp;
--
2.9.3
next prev parent reply other threads:[~2017-03-06 14:52 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-03 16:08 [PATCH net 0/7] bnx2x: PTP crash, VF VLAN fixes Michal Schmidt
2017-03-03 16:08 ` [PATCH net 1/7] bnx2x: prevent crash when accessing PTP with interface down Michal Schmidt
2017-03-05 9:43 ` Mintz, Yuval
2017-03-06 14:04 ` Michal Schmidt
2017-03-03 16:08 ` [PATCH net 2/7] bnx2x: lower verbosity of VF stats debug messages Michal Schmidt
2017-03-03 16:08 ` [PATCH net 3/7] bnx2x: fix possible overrun of VFPF multicast addresses array Michal Schmidt
2017-03-05 9:55 ` Mintz, Yuval
2017-03-06 14:45 ` Michal Schmidt [this message]
2017-03-07 15:54 ` [PATCH net 3/7 v2] " Mintz, Yuval
2017-03-03 16:08 ` [PATCH net 4/7] bnx2x: fix detection of VLAN filtering feature for VF Michal Schmidt
2017-03-03 16:08 ` [PATCH net 5/7] bnx2x: do not rollback VF MAC/VLAN filters we did not configure Michal Schmidt
2017-03-05 10:13 ` Mintz, Yuval
2017-03-06 14:05 ` Michal Schmidt
2017-03-03 16:08 ` [PATCH net 6/7] bnx2x: fix incorrect filter count in an error message Michal Schmidt
2017-03-03 16:08 ` [PATCH net 7/7] bnx2x: add missing configuration of VF VLAN filters Michal Schmidt
2017-03-05 10:17 ` [PATCH net 0/7] bnx2x: PTP crash, VF VLAN fixes Mintz, Yuval
2017-03-07 21:53 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=186b89fe-dbf4-ecc2-7c0c-0f2c37b846b8@redhat.com \
--to=mschmidt@redhat.com \
--cc=Ariel.Elior@cavium.com \
--cc=Yuval.Mintz@cavium.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).