[PATCH 19.11 8/8] net/bnxt: fix xstats names query overrun
Kalesh A P
kalesh-anakkur.purayil at broadcom.com
Mon Mar 7 16:10:36 CET 2022
From: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>
[ upstream commit 8dcee14fbfca8c90cd09c88e0fda65819d82ded6 ]
When the xstats_names parameter to rte_eth_xstats_get_names()
is non-NULL and the size parameter is less than the required
number of entries, the driver must return the required size
without modifying (and over-running) the caller's xstats_names
array.
Update bnxt_dev_xstats_get_names_op() in accordance with this
requirement.
Fixes: bfb9c2260be2 ("net/bnxt: support xstats get/reset")
Signed-off-by: Lance Richardson <lance.richardson at broadcom.com>
Signed-off-by: Kalesh AP <kalesh-anakkur.purayil at broadcom.com>
Acked-by: Ajit Khaparde <ajit.khaparde at broadcom.com>
---
drivers/net/bnxt/bnxt_stats.c | 61 ++++++++++++++++++++-----------------------
1 file changed, 29 insertions(+), 32 deletions(-)
diff --git a/drivers/net/bnxt/bnxt_stats.c b/drivers/net/bnxt/bnxt_stats.c
index ca66ce1..39fd100 100644
--- a/drivers/net/bnxt/bnxt_stats.c
+++ b/drivers/net/bnxt/bnxt_stats.c
@@ -597,7 +597,7 @@ int bnxt_dev_xstats_get_op(struct rte_eth_dev *eth_dev,
int bnxt_dev_xstats_get_names_op(__rte_unused struct rte_eth_dev *eth_dev,
struct rte_eth_xstat_name *xstats_names,
- __rte_unused unsigned int limit)
+ unsigned int size)
{
/* Account for the Tx drop pkts aka the Anti spoof counter */
const unsigned int stat_cnt = RTE_DIM(bnxt_rx_stats_strings) +
@@ -605,52 +605,49 @@ int bnxt_dev_xstats_get_names_op(__rte_unused struct rte_eth_dev *eth_dev,
RTE_DIM(bnxt_rx_ext_stats_strings) +
RTE_DIM(bnxt_tx_ext_stats_strings);
struct bnxt *bp = (struct bnxt *)eth_dev->data->dev_private;
- unsigned int i, count;
+ unsigned int i, count = 0;
int rc;
rc = is_bnxt_in_error(bp);
if (rc)
return rc;
- if (xstats_names != NULL) {
- count = 0;
-
- for (i = 0; i < RTE_DIM(bnxt_rx_stats_strings); i++) {
- strlcpy(xstats_names[count].name,
- bnxt_rx_stats_strings[i].name,
- sizeof(xstats_names[count].name));
- count++;
- }
-
- for (i = 0; i < RTE_DIM(bnxt_tx_stats_strings); i++) {
- strlcpy(xstats_names[count].name,
- bnxt_tx_stats_strings[i].name,
- sizeof(xstats_names[count].name));
- count++;
- }
+ if (xstats_names != NULL || size < stat_cnt)
+ return stat_cnt;
+ for (i = 0; i < RTE_DIM(bnxt_rx_stats_strings); i++) {
strlcpy(xstats_names[count].name,
- bnxt_func_stats_strings[4].name,
+ bnxt_rx_stats_strings[i].name,
sizeof(xstats_names[count].name));
count++;
+ }
- for (i = 0; i < RTE_DIM(bnxt_rx_ext_stats_strings); i++) {
- strlcpy(xstats_names[count].name,
- bnxt_rx_ext_stats_strings[i].name,
- sizeof(xstats_names[count].name));
-
- count++;
- }
+ for (i = 0; i < RTE_DIM(bnxt_tx_stats_strings); i++) {
+ strlcpy(xstats_names[count].name,
+ bnxt_tx_stats_strings[i].name,
+ sizeof(xstats_names[count].name));
+ count++;
+ }
- for (i = 0; i < RTE_DIM(bnxt_tx_ext_stats_strings); i++) {
- strlcpy(xstats_names[count].name,
- bnxt_tx_ext_stats_strings[i].name,
- sizeof(xstats_names[count].name));
+ strlcpy(xstats_names[count].name,
+ bnxt_func_stats_strings[4].name,
+ sizeof(xstats_names[count].name));
+ count++;
- count++;
- }
+ for (i = 0; i < RTE_DIM(bnxt_rx_ext_stats_strings); i++) {
+ strlcpy(xstats_names[count].name,
+ bnxt_rx_ext_stats_strings[i].name,
+ sizeof(xstats_names[count].name));
+ count++;
+ }
+ for (i = 0; i < RTE_DIM(bnxt_tx_ext_stats_strings); i++) {
+ strlcpy(xstats_names[count].name,
+ bnxt_tx_ext_stats_strings[i].name,
+ sizeof(xstats_names[count].name));
+ count++;
}
+
return stat_cnt;
}
--
2.10.1
More information about the stable
mailing list