[dpdk-stable] patch 'net/qede/base: fix Rx queue access by malicious VFs' has been queued to stable release 16.11.1

Yuanhan Liu yuanhan.liu at linux.intel.com
Mon Jan 23 08:47:21 CET 2017

Previous message: [dpdk-stable] patch 'net/qede/base: fix mutex in freeing context manager' has been queued to stable release 16.11.1
Next message: [dpdk-stable] patch 'net/qede/base: fix to handle acquire request from VF' has been queued to stable release 16.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 16.11.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable
yet. It will be pushed if I get no objections before 01/28/17.
So please shout if anyone has objections.

---

Note 16.11 is a LTS release. v16.11.1 is planned to be released
shortly (about 2-3 weeks) after v17.02.

---

Thanks.

	--yliu

---
>From b97ae1650f140e7e14d8d497ead4f2c117b8dab2 Mon Sep 17 00:00:00 2001
From: Rasesh Mody <rasesh.mody at cavium.com>
Date: Thu, 22 Dec 2016 16:50:02 -0800
Subject: [PATCH] net/qede/base: fix Rx queue access by malicious VFs

[ upstream commit 917ce8bd36f8fca277b09c0717fccb6ec60f4f1d ]

Rx queue access is still done prior to the index being validated by PF.
Hence move Rx queue and status block validation check before accessing
Rx queue to prevent malicious VFs from using out-of-bound queue indices.

Fixes: 98bc693e1938 ("net/qede/base: change queue start")

Signed-off-by: Rasesh Mody <rasesh.mody at cavium.com>
---
 drivers/net/qede/base/ecore_sriov.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/net/qede/base/ecore_sriov.c b/drivers/net/qede/base/ecore_sriov.c
index de54b9a..1255296 100644
--- a/drivers/net/qede/base/ecore_sriov.c
+++ b/drivers/net/qede/base/ecore_sriov.c
@@ -1968,6 +1968,11 @@ static void ecore_iov_vf_mbx_start_rxq(struct ecore_hwfn *p_hwfn,
 	enum _ecore_status_t rc;
 
 	req = &mbx->req_virt->start_rxq;
+
+	if (!ecore_iov_validate_rxq(p_hwfn, vf, req->rx_qid) ||
+	    !ecore_iov_validate_sb(p_hwfn, vf, req->hw_sb))
+		goto out;
+
 	OSAL_MEMSET(&p_params, 0, sizeof(p_params));
 	p_params.queue_id = (u8)vf->vf_queues[req->rx_qid].fw_rx_qid;
 	p_params.vf_qid = req->rx_qid;
@@ -1976,10 +1981,6 @@ static void ecore_iov_vf_mbx_start_rxq(struct ecore_hwfn *p_hwfn,
 	p_params.sb = req->hw_sb;
 	p_params.sb_idx = req->sb_index;
 
-	if (!ecore_iov_validate_rxq(p_hwfn, vf, req->rx_qid) ||
-	    !ecore_iov_validate_sb(p_hwfn, vf, req->hw_sb))
-		goto out;
-
 	/* Legacy VFs have their Producers in a different location, which they
 	 * calculate on their own and clean the producer prior to this.
 	 */
-- 
1.9.0

Previous message: [dpdk-stable] patch 'net/qede/base: fix mutex in freeing context manager' has been queued to stable release 16.11.1
Next message: [dpdk-stable] patch 'net/qede/base: fix to handle acquire request from VF' has been queued to stable release 16.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list