[dpdk-stable] patch 'common/sfc_efx/base: limit reported MCDI response length' has been queued to stable release 19.11.9
Christian Ehrhardt
christian.ehrhardt at canonical.com
Thu Jun 10 14:06:38 CEST 2021
Hi,
FYI, your patch has been queued to stable release 19.11.9
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/12/21. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue
This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/86711365045ebac0a4db403e17cb46b653ef1db9
Thanks.
Christian Ehrhardt <christian.ehrhardt at canonical.com>
---
>From 86711365045ebac0a4db403e17cb46b653ef1db9 Mon Sep 17 00:00:00 2001
From: Andy Moreton <amoreton at xilinx.com>
Date: Tue, 18 May 2021 18:10:11 +0300
Subject: [PATCH] common/sfc_efx/base: limit reported MCDI response length
[ upstream commit e1c9fcab3f17b050793d1e771d33448027a15ae1 ]
MCDI helper routines in libefx include length checks for response
messages, to ensure that short replies and optional fields are
handled correctly.
If the MCDI response message from the firmware is larger than the
caller's buffer then the response length reported to the caller
should be limited to the buffer size. Otherwise length checks in
the caller may allow reading past the end of the buffer.
Fixes: 6f619653b9b1 ("net/sfc/base: import MCDI implementation")
Signed-off-by: Andy Moreton <amoreton at xilinx.com>
Signed-off-by: Ivan Malov <ivan.malov at oktetlabs.ru>
Reviewed-by: Andrew Rybchenko <andrew.rybchenko at oktetlabs.ru>
---
drivers/net/sfc/base/efx_mcdi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/sfc/base/efx_mcdi.c b/drivers/net/sfc/base/efx_mcdi.c
index 477b128686..db143294d9 100644
--- a/drivers/net/sfc/base/efx_mcdi.c
+++ b/drivers/net/sfc/base/efx_mcdi.c
@@ -495,6 +495,9 @@ efx_mcdi_finish_response(
bytes = MIN(emrp->emr_out_length_used, emrp->emr_out_length);
efx_mcdi_read_response(enp, emrp->emr_out_buf, resp_off, bytes);
+ /* Report bytes copied to caller (response message may be larger) */
+ emrp->emr_out_length_used = bytes;
+
#if EFSYS_OPT_MCDI_LOGGING
if (emtp->emt_logger != NULL) {
emtp->emt_logger(emtp->emt_context,
--
2.31.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2021-06-10 14:05:00.416644900 +0200
+++ 0050-common-sfc_efx-base-limit-reported-MCDI-response-len.patch 2021-06-10 14:04:58.106024940 +0200
@@ -1 +1 @@
-From e1c9fcab3f17b050793d1e771d33448027a15ae1 Mon Sep 17 00:00:00 2001
+From 86711365045ebac0a4db403e17cb46b653ef1db9 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit e1c9fcab3f17b050793d1e771d33448027a15ae1 ]
+
@@ -16 +17,0 @@
-Cc: stable at dpdk.org
@@ -22 +23 @@
- drivers/common/sfc_efx/base/efx_mcdi.c | 3 +++
+ drivers/net/sfc/base/efx_mcdi.c | 3 +++
@@ -25,5 +26,5 @@
-diff --git a/drivers/common/sfc_efx/base/efx_mcdi.c b/drivers/common/sfc_efx/base/efx_mcdi.c
-index ff676f8a01..f4e1384d09 100644
---- a/drivers/common/sfc_efx/base/efx_mcdi.c
-+++ b/drivers/common/sfc_efx/base/efx_mcdi.c
-@@ -516,6 +516,9 @@ efx_mcdi_finish_response(
+diff --git a/drivers/net/sfc/base/efx_mcdi.c b/drivers/net/sfc/base/efx_mcdi.c
+index 477b128686..db143294d9 100644
+--- a/drivers/net/sfc/base/efx_mcdi.c
++++ b/drivers/net/sfc/base/efx_mcdi.c
+@@ -495,6 +495,9 @@ efx_mcdi_finish_response(
More information about the stable
mailing list