From patchwork Fri Sep 11 01:55:58 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ajit Khaparde <ajit.khaparde@broadcom.com>
X-Patchwork-Id: 77282
X-Patchwork-Delegate: ajit.khaparde@broadcom.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id D3B95A04B5;
	Fri, 11 Sep 2020 03:59:47 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 6E4741C1C4;
	Fri, 11 Sep 2020 03:57:36 +0200 (CEST)
Received: from mail-pj1-f98.google.com (mail-pj1-f98.google.com
 [209.85.216.98]) by dpdk.org (Postfix) with ESMTP id A927C1C1C4
 for <dev@dpdk.org>; Fri, 11 Sep 2020 03:57:34 +0200 (CEST)
Received: by mail-pj1-f98.google.com with SMTP id s2so933129pjr.4
 for <dev@dpdk.org>; Thu, 10 Sep 2020 18:57:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com;
 s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=4Pznu3iXuYLQS0EHpuaTsmcMCqmXA0PKR0Vx/qF+mEQ=;
 b=DJHMqkc7XcpwxqD3Msjg40rGjFSCNvNjWiRSti7oeh1UkTf+gVRf+iKc2uXS1GcfwU
 aD+8sGcRUVj5iHUnkoNyORFOtPHNfbb1VdBfWmvRkQt0IiU4KOW8xEUu/ViEdaRy0HfE
 VEPepd4fBCnVpdcS/C+C5bPDKvlTRIzCosPxM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=4Pznu3iXuYLQS0EHpuaTsmcMCqmXA0PKR0Vx/qF+mEQ=;
 b=QqgaI6UfdkqAZSBTeLGG24irZ5hAWotMGn0XFH3KLT6J1b8CqkSqtgjH+CWcz+8Eg3
 +BGlUKyWC7J6ouYC1VdDh6lXkps7/opsBmUcrRz5VvIL9XJPRdfhKFY1przxWjEBqDpS
 mkvypHqep3KJIHdRh6DztngsJ2/BujKepLk7Sri4fHex/BflP/fZ16u3iGvs02RpDKIk
 rySoeTkKq5EHovHt43wOSqYhU4M3epB1xXstcOaxo37EzEIqK7xI90GagYV345htOB+d
 2oF93lLrVkimKuWQ8rWjWhIPGfONAjxgfguv2ABm3WjnwAWRvRhcOYHSIKH2Kk6GPt0o
 Op7A==
X-Gm-Message-State: AOAM533xhCv/5Bj3/a9Vbnv4bas2pC5/8Ncd/PVjMgOPzGUJRGc/ppZc
 N0mGUlMLOP8tQrEOrY7I4ScJ6ZVFAMBxkhaReDHBenJgomQxsDEYy21p+bco+JKtRJc9ZqXcH58
 m2No0LeSqnBNHjCEkZXbo9P5WOAVobOYUJhXQ2DOiB5uRiBBh2kCPTlV0lX4IBjLw92HcooghD5
 ezLg==
X-Google-Smtp-Source: 
 ABdhPJwCO0/v1xpCF7rHx8UqqXbPpt1XwwhSUYQFn0QY+kaGa1dWufy+hqxZGY+knTGByTiNoucPpelS7zPC
X-Received: by 2002:a17:90b:46d3:: with SMTP id
 jx19mr33620pjb.165.1599789453520;
 Thu, 10 Sep 2020 18:57:33 -0700 (PDT)
Received: from localhost.localdomain ([192.19.223.252])
 by smtp-relay.gmail.com with ESMTPS id cl6sm80986pjb.15.2020.09.10.18.57.31
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 10 Sep 2020 18:57:33 -0700 (PDT)
X-Relaying-Domain: broadcom.com
From: Ajit Khaparde <ajit.khaparde@broadcom.com>
To: dev@dpdk.org
Cc: Kishore Padmanabha <kishore.padmanabha@broadcom.com>,
 Shahaji Bhosle <sbhosle@broadcom.com>,
 Mike Baucom <michael.baucom@broadcom.com>
Date: Thu, 10 Sep 2020 18:55:58 -0700
Message-Id: <20200911015603.88359-21-ajit.khaparde@broadcom.com>
X-Mailer: git-send-email 2.21.1 (Apple Git-122.3)
In-Reply-To: <20200911015603.88359-1-ajit.khaparde@broadcom.com>
References: <20200911015603.88359-1-ajit.khaparde@broadcom.com>
MIME-Version: 1.0
Subject: [dpdk-dev] [PATCH 20/25] net/bnxt: fix out of bound access in
	action bit handling
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

From: Kishore Padmanabha <kishore.padmanabha@broadcom.com>

The act_val is changed to be array to resolve out of bound access issue

Fixes: 52799debdf1c ("net/bnxt: support action bitmap opcode")

Signed-off-by: Kishore Padmanabha <kishore.padmanabha@broadcom.com>
Reviewed-by: Shahaji Bhosle <sbhosle@broadcom.com>
Reviewed-by: Mike Baucom <michael.baucom@broadcom.com>
---
 drivers/net/bnxt/tf_ulp/ulp_mapper.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/drivers/net/bnxt/tf_ulp/ulp_mapper.c b/drivers/net/bnxt/tf_ulp/ulp_mapper.c
index 15682673d..732141166 100644
--- a/drivers/net/bnxt/tf_ulp/ulp_mapper.c
+++ b/drivers/net/bnxt/tf_ulp/ulp_mapper.c
@@ -782,7 +782,7 @@ ulp_mapper_result_field_process(struct bnxt_ulp_mapper_parms *parms,
 	uint64_t regval;
 	uint32_t val_size = 0, field_size = 0;
 	uint64_t act_bit;
-	uint8_t act_val;
+	uint8_t act_val[16];
 	uint64_t hdr_bit;
 
 	switch (fld->result_opcode) {
@@ -824,19 +824,18 @@ ulp_mapper_result_field_process(struct bnxt_ulp_mapper_parms *parms,
 			return -EINVAL;
 		}
 		act_bit = tfp_be_to_cpu_64(act_bit);
+		memset(act_val, 0, sizeof(act_val));
 		if (ULP_BITMAP_ISSET(parms->act_bitmap->bits, act_bit))
-			act_val = 1;
-		else
-			act_val = 0;
+			act_val[0] = 1;
 		if (fld->field_bit_size > ULP_BYTE_2_BITS(sizeof(act_val))) {
 			BNXT_TF_DBG(ERR, "%s field size is incorrect\n", name);
 			return -EINVAL;
 		}
-		if (!ulp_blob_push(blob, &act_val, fld->field_bit_size)) {
+		if (!ulp_blob_push(blob, act_val, fld->field_bit_size)) {
 			BNXT_TF_DBG(ERR, "%s push field failed\n", name);
 			return -EINVAL;
 		}
-		val = &act_val;
+		val = act_val;
 		break;
 	case BNXT_ULP_MAPPER_OPC_SET_TO_ENCAP_ACT_PROP_SZ:
 		if (!ulp_operand_read(fld->result_operand,