From patchwork Mon Sep 10 09:33:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Rybchenko X-Patchwork-Id: 44502 X-Patchwork-Delegate: ferruh.yigit@amd.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E3CF41B051; Mon, 10 Sep 2018 11:34:46 +0200 (CEST) Received: from dispatch1-us1.ppe-hosted.com (dispatch1-us1.ppe-hosted.com [67.231.154.164]) by dpdk.org (Postfix) with ESMTP id 223EB4CA2 for ; Mon, 10 Sep 2018 11:33:55 +0200 (CEST) X-Virus-Scanned: Proofpoint Essentials engine Received: from webmail.solarflare.com (webmail.solarflare.com [12.187.104.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1-us1.ppe-hosted.com (Proofpoint Essentials ESMTP Server) with ESMTPS id 3AC60780055; Mon, 10 Sep 2018 09:33:54 +0000 (UTC) Received: from ocex03.SolarFlarecom.com (10.20.40.36) by ocex03.SolarFlarecom.com (10.20.40.36) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 10 Sep 2018 02:33:49 -0700 Received: from opal.uk.solarflarecom.com (10.17.10.1) by ocex03.SolarFlarecom.com (10.20.40.36) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Mon, 10 Sep 2018 02:33:48 -0700 Received: from ukv-loginhost.uk.solarflarecom.com (ukv-loginhost.uk.solarflarecom.com [10.17.10.39]) by opal.uk.solarflarecom.com (8.13.8/8.13.8) with ESMTP id w8A9XlTm023879; Mon, 10 Sep 2018 10:33:47 +0100 Received: from ukv-loginhost.uk.solarflarecom.com (localhost [127.0.0.1]) by ukv-loginhost.uk.solarflarecom.com (Postfix) with ESMTP id 11D341626D1; Mon, 10 Sep 2018 10:33:47 +0100 (BST) From: Andrew Rybchenko To: CC: Ivan Malov Date: Mon, 10 Sep 2018 10:33:31 +0100 Message-ID: <1536572016-18134-33-git-send-email-arybchenko@solarflare.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1536572016-18134-1-git-send-email-arybchenko@solarflare.com> References: <1536572016-18134-1-git-send-email-arybchenko@solarflare.com> MIME-Version: 1.0 X-TM-AS-Product-Ver: SMEX-12.5.0.1300-8.5.1010-24084.005 X-TM-AS-Result: No-0.078400-4.000000-10 X-TMASE-MatchedRID: bCexVCeAAegcRhEjx02trsy6PPK75b2Bh+w9Wz/xXDp8vx8dQICa63B4 4IkzjfYy5yqn9lwStLQdVH0mm1n6eXVkgEm9JWcdt1AhvyEKdj4z2D5h92okoT9zwv61WVRWG/+ uOKd48QdWRiTC9kBY19lvJAfOnLVeQF24kZp9Ww9xgZi4qPpiYDVPM/rRSR0du6qThyrnanNzk0 IMokNJUFYJIpN1DYJ5gDLqnrRlXrZLA5JD98yI6t0H8LFZNFG7CKFCmhdu5cVsmdlru1Te+d4O1 lY1um9IMy6jLOoUPfRKT+XtJWcTTqZM+7qcL7KLZqM6OE0nzDxaHAJn4lNzgo67Dhyk3FBbGi8w TA3XNvcPXLxHfxLeXVRHOSKs7RDUXmH0pBaurgG+4xOvsJAknvqy+VVvqH2X X-TM-AS-User-Approved-Sender: No X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 10-0.078400-4.000000 X-TMASE-Version: SMEX-12.5.0.1300-8.5.1010-24084.005 X-MDID: 1536572034-jqKyVT37mzu8 Subject: [dpdk-dev] [PATCH 32/37] net/sfc/base: check buffer size for hash flags X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Ivan Malov The efx_rx_scale_hash_flags_get interface is unsafe, as it does not have an argument for the size of the output buffer used to return the flags. While the only caller currently supplies a sufficiently large buffer, this should be checked at runtime to avoid writing past the end of the buffer. Signed-off-by: Ivan Malov Signed-off-by: Andrew Rybchenko --- drivers/net/sfc/base/efx.h | 3 +- drivers/net/sfc/base/efx_annote.h | 1 + drivers/net/sfc/base/efx_rx.c | 120 +++++++++++++++++++----------- drivers/net/sfc/sfc_rx.c | 2 +- 4 files changed, 81 insertions(+), 45 deletions(-) diff --git a/drivers/net/sfc/base/efx.h b/drivers/net/sfc/base/efx.h index cc68f744e..de62b7d50 100644 --- a/drivers/net/sfc/base/efx.h +++ b/drivers/net/sfc/base/efx.h @@ -2368,7 +2368,8 @@ extern __checkReturn efx_rc_t efx_rx_scale_hash_flags_get( __in efx_nic_t *enp, __in efx_rx_hash_alg_t hash_alg, - __inout_ecount(EFX_RX_HASH_NFLAGS) unsigned int *flagsp, + __out_ecount_part(max_nflags, *nflagsp) unsigned int *flagsp, + __in unsigned int max_nflags, __out unsigned int *nflagsp); extern __checkReturn efx_rc_t diff --git a/drivers/net/sfc/base/efx_annote.h b/drivers/net/sfc/base/efx_annote.h index 671aaed3b..607b43c77 100644 --- a/drivers/net/sfc/base/efx_annote.h +++ b/drivers/net/sfc/base/efx_annote.h @@ -33,6 +33,7 @@ #define __out_opt #define __out_ecount(_n) #define __out_ecount_opt(_n) +#define __out_ecount_part(_n, _l) #define __out_bcount(_n) #define __out_bcount_opt(_n) #define __out_bcount_part(_n, _l) diff --git a/drivers/net/sfc/base/efx_rx.c b/drivers/net/sfc/base/efx_rx.c index dfd3974da..bb0c144d7 100644 --- a/drivers/net/sfc/base/efx_rx.c +++ b/drivers/net/sfc/base/efx_rx.c @@ -298,13 +298,12 @@ efx_rx_scatter_enable( efx_rx_scale_hash_flags_get( __in efx_nic_t *enp, __in efx_rx_hash_alg_t hash_alg, - __inout_ecount(EFX_RX_HASH_NFLAGS) unsigned int *flagsp, + __out_ecount_part(max_nflags, *nflagsp) unsigned int *flagsp, + __in unsigned int max_nflags, __out unsigned int *nflagsp) { efx_nic_cfg_t *encp = &enp->en_nic_cfg; - boolean_t l4; - boolean_t additional_modes; - unsigned int *entryp = flagsp; + unsigned int nflags = 0; efx_rc_t rc; if (flagsp == NULL || nflagsp == NULL) { @@ -313,56 +312,90 @@ efx_rx_scale_hash_flags_get( } if ((encp->enc_rx_scale_hash_alg_mask & (1U << hash_alg)) == 0) { - *nflagsp = 0; - return 0; + nflags = 0; + goto done; } - l4 = encp->enc_rx_scale_l4_hash_supported; - additional_modes = encp->enc_rx_scale_additional_modes_supported; - -#define LIST_FLAGS(_entryp, _class, _l4_hashing, _additional_modes) \ - do { \ - if (_l4_hashing) { \ - *(_entryp++) = EFX_RX_HASH(_class, 4TUPLE); \ - \ - if (_additional_modes) { \ - *(_entryp++) = \ - EFX_RX_HASH(_class, 2TUPLE_DST); \ - *(_entryp++) = \ - EFX_RX_HASH(_class, 2TUPLE_SRC); \ - } \ - } \ - \ - *(_entryp++) = EFX_RX_HASH(_class, 2TUPLE); \ - \ - if (_additional_modes) { \ - *(_entryp++) = EFX_RX_HASH(_class, 1TUPLE_DST); \ - *(_entryp++) = EFX_RX_HASH(_class, 1TUPLE_SRC); \ - } \ - \ - *(_entryp++) = EFX_RX_HASH(_class, DISABLE); \ - \ - _NOTE(CONSTANTCONDITION) \ + /* Helper to add flags word to flags array without buffer overflow */ +#define INSERT_FLAGS(_flags) \ + do { \ + if (nflags >= max_nflags) { \ + rc = E2BIG; \ + goto fail2; \ + } \ + *(flagsp + nflags) = (_flags); \ + nflags++; \ + \ + _NOTE(CONSTANTCONDITION) \ } while (B_FALSE) - LIST_FLAGS(entryp, IPV4_TCP, l4, additional_modes); - LIST_FLAGS(entryp, IPV6_TCP, l4, additional_modes); + if (encp->enc_rx_scale_l4_hash_supported != B_FALSE) { + INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 4TUPLE)); + INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 4TUPLE)); + } + + if ((encp->enc_rx_scale_l4_hash_supported != B_FALSE) && + (encp->enc_rx_scale_additional_modes_supported != B_FALSE)) { + INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 2TUPLE_DST)); + INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 2TUPLE_SRC)); + + INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 2TUPLE_DST)); + INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 2TUPLE_SRC)); - if (additional_modes) { - LIST_FLAGS(entryp, IPV4_UDP, l4, additional_modes); - LIST_FLAGS(entryp, IPV6_UDP, l4, additional_modes); + INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 4TUPLE)); + INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 2TUPLE_DST)); + INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 2TUPLE_SRC)); + + INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 4TUPLE)); + INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 2TUPLE_DST)); + INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 2TUPLE_SRC)); + } + + INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 2TUPLE)); + INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 2TUPLE)); + + INSERT_FLAGS(EFX_RX_HASH(IPV4, 2TUPLE)); + INSERT_FLAGS(EFX_RX_HASH(IPV6, 2TUPLE)); + + if (encp->enc_rx_scale_additional_modes_supported != B_FALSE) { + INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 1TUPLE_DST)); + INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, 1TUPLE_SRC)); + + INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 1TUPLE_DST)); + INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, 1TUPLE_SRC)); + + INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 2TUPLE)); + INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 1TUPLE_DST)); + INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, 1TUPLE_SRC)); + + INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 2TUPLE)); + INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 1TUPLE_DST)); + INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, 1TUPLE_SRC)); + + INSERT_FLAGS(EFX_RX_HASH(IPV4, 1TUPLE_DST)); + INSERT_FLAGS(EFX_RX_HASH(IPV4, 1TUPLE_SRC)); + + INSERT_FLAGS(EFX_RX_HASH(IPV6, 1TUPLE_DST)); + INSERT_FLAGS(EFX_RX_HASH(IPV6, 1TUPLE_SRC)); } - LIST_FLAGS(entryp, IPV4, B_FALSE, additional_modes); - LIST_FLAGS(entryp, IPV6, B_FALSE, additional_modes); + INSERT_FLAGS(EFX_RX_HASH(IPV4_TCP, DISABLE)); + INSERT_FLAGS(EFX_RX_HASH(IPV6_TCP, DISABLE)); + + INSERT_FLAGS(EFX_RX_HASH(IPV4_UDP, DISABLE)); + INSERT_FLAGS(EFX_RX_HASH(IPV6_UDP, DISABLE)); -#undef LIST_FLAGS + INSERT_FLAGS(EFX_RX_HASH(IPV4, DISABLE)); + INSERT_FLAGS(EFX_RX_HASH(IPV6, DISABLE)); - *nflagsp = (unsigned int)(entryp - flagsp); - EFSYS_ASSERT3U(*nflagsp, <=, EFX_RX_HASH_NFLAGS); +#undef INSERT_FLAGS +done: + *nflagsp = nflags; return (0); +fail2: + EFSYS_PROBE(fail2); fail1: EFSYS_PROBE1(fail1, efx_rc_t, rc); @@ -548,7 +581,8 @@ efx_rx_scale_mode_set( /* * Get the list of supported hash flags and sanitise the input. */ - rc = efx_rx_scale_hash_flags_get(enp, alg, type_flags, &type_nflags); + rc = efx_rx_scale_hash_flags_get(enp, alg, type_flags, + EFX_ARRAY_SIZE(type_flags), &type_nflags); if (rc != 0) goto fail2; diff --git a/drivers/net/sfc/sfc_rx.c b/drivers/net/sfc/sfc_rx.c index d8503e201..68d5594ba 100644 --- a/drivers/net/sfc/sfc_rx.c +++ b/drivers/net/sfc/sfc_rx.c @@ -1200,7 +1200,7 @@ sfc_rx_hash_init(struct sfc_adapter *sa) return EINVAL; rc = efx_rx_scale_hash_flags_get(sa->nic, alg, flags_supp, - &nb_flags_supp); + RTE_DIM(flags_supp), &nb_flags_supp); if (rc != 0) return rc;