[dpdk-stable] patch 'net/vmxnet3: fix unintentional integer overflow' has been queued to stable release 17.08.1
Yuanhan Liu
yliu at fridaylinux.org
Tue Nov 21 14:16:31 CET 2017
Hi,
FYI, your patch has been queued to stable release 17.08.1
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/24/17. So please
shout if anyone has objections.
Thanks.
--yliu
---
>From 0048a055720cb389207b138fb9898540654567ea Mon Sep 17 00:00:00 2001
From: Sebastian Basierski <sebastianx.basierski at intel.com>
Date: Tue, 19 Sep 2017 13:47:58 +0200
Subject: [PATCH] net/vmxnet3: fix unintentional integer overflow
[ upstream commit e8c1642a3ce7517d8c974ed16446d5fc2c917e39 ]
Fixed overflow by casting txq->cmd_ring.next2fill to uint64_t type.
Coverity issue: 143457
Fixes: 01fef6e3c181 ("net/vmxnet3: allow variable length Tx data ring")
Signed-off-by: Sebastian Basierski <sebastianx.basierski at intel.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit at intel.com>
---
drivers/net/vmxnet3/vmxnet3_rxtx.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/vmxnet3/vmxnet3_rxtx.c b/drivers/net/vmxnet3/vmxnet3_rxtx.c
index d9cf437..680da17 100644
--- a/drivers/net/vmxnet3/vmxnet3_rxtx.c
+++ b/drivers/net/vmxnet3/vmxnet3_rxtx.c
@@ -504,8 +504,9 @@ vmxnet3_xmit_pkts(void *tx_queue, struct rte_mbuf **tx_pkts,
*/
gdesc = txq->cmd_ring.base + txq->cmd_ring.next2fill;
if (copy_size) {
- uint64 offset = txq->cmd_ring.next2fill *
- txq->txdata_desc_size;
+ uint64 offset =
+ (uint64)txq->cmd_ring.next2fill *
+ txq->txdata_desc_size;
gdesc->txd.addr =
rte_cpu_to_le_64(txq->data_ring.basePA +
offset);
--
2.7.4
More information about the stable
mailing list