[PATCH 19.11 8/8] net/bnxt: fix xstats names query overrun

[Kalesh A P]

From: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>

[ upstream commit 8dcee14fbfca8c90cd09c88e0fda65819d82ded6 ]

When the xstats_names parameter to rte_eth_xstats_get_names()
is non-NULL and the size parameter is less than the required
number of entries, the driver must return the required size
without modifying (and over-running) the caller's xstats_names
array.

Update bnxt_dev_xstats_get_names_op() in accordance with this
requirement.

Fixes: bfb9c2260be2 ("net/bnxt: support xstats get/reset")

Signed-off-by: Lance Richardson <lance.richardson at broadcom.com>
Signed-off-by: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>
Acked-by: Ajit Khaparde <ajit.khaparde at broadcom.com>
---
 drivers/net/bnxt/bnxt_stats.c | 61 ++++++++++++++++++++-----------------------
 1 file changed, 29 insertions(+), 32 deletions(-)

diff --git a/drivers/net/bnxt/bnxt_stats.c b/drivers/net/bnxt/bnxt_stats.c
index ca66ce1..39fd100 100644
--- a/drivers/net/bnxt/bnxt_stats.c
+++ b/drivers/net/bnxt/bnxt_stats.c
@@ -597,7 +597,7 @@ int bnxt_dev_xstats_get_op(struct rte_eth_dev *eth_dev,
 
 int bnxt_dev_xstats_get_names_op(__rte_unused struct rte_eth_dev *eth_dev,
 	struct rte_eth_xstat_name *xstats_names,
-	__rte_unused unsigned int limit)
+	unsigned int size)
 {
 	/* Account for the Tx drop pkts aka the Anti spoof counter */
 	const unsigned int stat_cnt = RTE_DIM(bnxt_rx_stats_strings) +
@@ -605,52 +605,49 @@ int bnxt_dev_xstats_get_names_op(__rte_unused struct rte_eth_dev *eth_dev,
 				RTE_DIM(bnxt_rx_ext_stats_strings) +
 				RTE_DIM(bnxt_tx_ext_stats_strings);
 	struct bnxt *bp = (struct bnxt *)eth_dev->data->dev_private;
-	unsigned int i, count;
+	unsigned int i, count = 0;
 	int rc;
 
 	rc = is_bnxt_in_error(bp);
 	if (rc)
 		return rc;
 
-	if (xstats_names != NULL) {
-		count = 0;
-
-		for (i = 0; i < RTE_DIM(bnxt_rx_stats_strings); i++) {
-			strlcpy(xstats_names[count].name,
-				bnxt_rx_stats_strings[i].name,
-				sizeof(xstats_names[count].name));
-			count++;
-		}
-
-		for (i = 0; i < RTE_DIM(bnxt_tx_stats_strings); i++) {
-			strlcpy(xstats_names[count].name,
-				bnxt_tx_stats_strings[i].name,
-				sizeof(xstats_names[count].name));
-			count++;
-		}
+	if (xstats_names != NULL || size < stat_cnt)
+		return stat_cnt;
 
+	for (i = 0; i < RTE_DIM(bnxt_rx_stats_strings); i++) {
 		strlcpy(xstats_names[count].name,
-			bnxt_func_stats_strings[4].name,
+			bnxt_rx_stats_strings[i].name,
 			sizeof(xstats_names[count].name));
 		count++;
+	}
 
-		for (i = 0; i < RTE_DIM(bnxt_rx_ext_stats_strings); i++) {
-			strlcpy(xstats_names[count].name,
-				bnxt_rx_ext_stats_strings[i].name,
-				sizeof(xstats_names[count].name));
-
-			count++;
-		}
+	for (i = 0; i < RTE_DIM(bnxt_tx_stats_strings); i++) {
+		strlcpy(xstats_names[count].name,
+			bnxt_tx_stats_strings[i].name,
+			sizeof(xstats_names[count].name));
+		count++;
+	}
 
-		for (i = 0; i < RTE_DIM(bnxt_tx_ext_stats_strings); i++) {
-			strlcpy(xstats_names[count].name,
-				bnxt_tx_ext_stats_strings[i].name,
-				sizeof(xstats_names[count].name));
+	strlcpy(xstats_names[count].name,
+		bnxt_func_stats_strings[4].name,
+		sizeof(xstats_names[count].name));
+	count++;
 
-			count++;
-		}
+	for (i = 0; i < RTE_DIM(bnxt_rx_ext_stats_strings); i++) {
+		strlcpy(xstats_names[count].name,
+			bnxt_rx_ext_stats_strings[i].name,
+			sizeof(xstats_names[count].name));
+		count++;
+	}
 
+	for (i = 0; i < RTE_DIM(bnxt_tx_ext_stats_strings); i++) {
+		strlcpy(xstats_names[count].name,
+			bnxt_tx_ext_stats_strings[i].name,
+			sizeof(xstats_names[count].name));
+		count++;
 	}
+
 	return stat_cnt;
 }
 
-- 
2.10.1