| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200820143938.21199-2-simon.horman@netronome.com>
Date: Thu, 20 Aug 2020 16:39:37 +0200
From: Simon Horman <simon.horman@...ronome.com>
To: David Miller <davem@...emloft.net>
Cc: Jakub Kicinski <kuba@...nel.org>,
Louis Peens <louis.peens@...ronome.com>,
netdev@...r.kernel.org, oss-drivers@...ronome.com,
Simon Horman <simon.horman@...ronome.com>
Subject: [PATCH net-next 1/2] nfp: flower: check that we don't exceed the FW key size
From: Louis Peens <louis.peens@...ronome.com>
Add a check to make sure the total length of the flow key sent to the
firmware stays within the supported limit.
Signed-off-by: Louis Peens <louis.peens@...ronome.com>
Signed-off-by: Simon Horman <simon.horman@...ronome.com>
---
drivers/net/ethernet/netronome/nfp/flower/main.h | 2 ++
drivers/net/ethernet/netronome/nfp/flower/match.c | 11 +++++++++++
2 files changed, 13 insertions(+)
diff --git a/drivers/net/ethernet/netronome/nfp/flower/main.h b/drivers/net/ethernet/netronome/nfp/flower/main.h
index 3bf9c1afa45e..4924a217f5ba 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/main.h
+++ b/drivers/net/ethernet/netronome/nfp/flower/main.h
@@ -30,6 +30,8 @@ struct nfp_app;
#define NFP_FLOWER_MASK_ELEMENT_RS 1
#define NFP_FLOWER_MASK_HASH_BITS 10
+#define NFP_FLOWER_KEY_MAX_LW 32
+
#define NFP_FL_META_FLAG_MANAGE_MASK BIT(7)
#define NFP_FL_MASK_REUSE_TIME_NS 40000
diff --git a/drivers/net/ethernet/netronome/nfp/flower/match.c b/drivers/net/ethernet/netronome/nfp/flower/match.c
index f7f01e2e3dce..64690511e47b 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/match.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/match.c
@@ -434,6 +434,7 @@ int nfp_flower_compile_flow_match(struct nfp_app *app,
{
struct flow_rule *rule = flow_cls_offload_flow_rule(flow);
u32 port_id;
+ int ext_len;
int err;
u8 *ext;
u8 *msk;
@@ -589,5 +590,15 @@ int nfp_flower_compile_flow_match(struct nfp_app *app,
}
}
+ /* Check that the flow key does not exceed the maximum limit.
+ * All structures in the key is multiples of 4 bytes, so use u32.
+ */
+ ext_len = (u32 *)ext - (u32 *)nfp_flow->unmasked_data;
+ if (ext_len > NFP_FLOWER_KEY_MAX_LW) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "unsupported offload: flow key too long");
+ return -EOPNOTSUPP;
+ }
+
return 0;
}
--
2.20.1
Powered by blists - more mailing lists