diff mbox series

[v2,04/10] net/atlantic: fix buffer overflow

Message ID b4630c7b4e565498c2f16f55030d0de4a43af28a.1552138867.git.igor.russkikh@aquantia.com (mailing list archive)
State Superseded, archived
Delegated to: Ferruh Yigit
Headers
Series net/atlantic: bugfixes and code cleanup |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK

Commit Message

Igor Russkikh March 9, 2019, 2:03 p.m. UTC 
  From: Pavel Belous <Pavel.Belous@aquantia.com>

Found by Coverity scan. This is a real memory corruption.
There is no need in extra RTE_ALIGN macros since the
request/result structures are 4-byte aligned by definition.

Cc: stable@dpdk.org
Fixes: ce4e8d418097 ("net/atlantic: implement EEPROM get/set")
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
Signed-off-by: Pavel Belous <Pavel.Belous@aquantia.com>
---
 drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Stephen Hemminger March 9, 2019, 3:24 p.m. UTC | #1 
On Sat, 9 Mar 2019 14:03:30 +0000
Igor Russkikh <Igor.Russkikh@aquantia.com> wrote:

> From: Pavel Belous <Pavel.Belous@aquantia.com>
> 
> Found by Coverity scan. This is a real memory corruption.
> There is no need in extra RTE_ALIGN macros since the
> request/result structures are 4-byte aligned by definition.

When fixing bugs found by Coverity it is best to mark these with
the Coverity number. The convention (in Linux kernel) is shown
by these examples:

    Addresses-Coverity-ID: 1476095 ("Bad bit shift operation")
    Detected by CoverityScan, CID#1476031 ("Dereference before null check")

Should this go in the style guide somewhere?
diff mbox series

Patch

diff --git a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
index 6841d9bce39c..f90ccfe9e010 100644
--- a/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
+++ b/drivers/net/atlantic/hw_atl/hw_atl_utils_fw2x.c
@@ -501,7 +501,7 @@  static int aq_fw2x_get_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
 	/* Write SMBUS request to cfg memory */
 	err = hw_atl_utils_fw_upload_dwords(self, self->rpc_addr,
 				(u32 *)(void *)&request,
-				RTE_ALIGN(sizeof(request), sizeof(u32)));
+				sizeof(request) / sizeof(u32));
 
 	if (err < 0)
 		return err;
@@ -523,7 +523,7 @@  static int aq_fw2x_get_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
 
 	err = hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32),
 			&result,
-			RTE_ALIGN(sizeof(result), sizeof(u32)));
+			sizeof(result) / sizeof(u32));
 
 	if (err < 0)
 		return err;
@@ -558,7 +558,7 @@  static int aq_fw2x_set_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
 	/* Write SMBUS request to cfg memory */
 	err = hw_atl_utils_fw_upload_dwords(self, self->rpc_addr,
 				(u32 *)(void *)&request,
-				RTE_ALIGN(sizeof(request), sizeof(u32)));
+				sizeof(request) / sizeof(u32));
 
 	if (err < 0)
 		return err;
@@ -589,7 +589,7 @@  static int aq_fw2x_set_eeprom(struct aq_hw_s *self, u32 *data, u32 len)
 	/* Read status of write operation */
 	err = hw_atl_utils_fw_downld_dwords(self, self->rpc_addr + sizeof(u32),
 				&result,
-				RTE_ALIGN(sizeof(result), sizeof(u32)));
+				sizeof(result) / sizeof(u32));
 
 	if (err < 0)
 		return err;