net/bonding: fix OOB access in other aggregator modes

slave aggregator_port_id is in [0, RTE_MAX_ETHPORTS-1] range.
If RTE_MAX_ETHPORTS is > 8, we can hit out of bound accesses on
agg_bandwidth[] and agg_count[] arrays.

Fixes: 6d72657ce379 ("net/bonding: add other aggregator modes")
Cc: stable@dpdk.org
Signed-off-by: Hui Zhao <zhaohui8@huawei.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Chas Williams <chas3@att.com>

diff --git a/drivers/net/bonding/rte_eth_bond_8023ad.c b/drivers/net/bonding/rte_eth_bond_8023ad.c
index c6a645a..7d8da2b 100644 (file)
--- a/drivers/net/bonding/rte_eth_bond_8023ad.c
+++ b/drivers/net/bonding/rte_eth_bond_8023ad.c
@@ -670,8 +670,8 @@ selection_logic(struct bond_dev_private *internals, uint16_t slave_id)
        struct port *agg, *port;
        uint16_t slaves_count, new_agg_id, i, j = 0;
        uint16_t *slaves;
-       uint64_t agg_bandwidth[8] = {0};
-       uint64_t agg_count[8] = {0};
+       uint64_t agg_bandwidth[RTE_MAX_ETHPORTS] = {0};
+       uint64_t agg_count[RTE_MAX_ETHPORTS] = {0};
        uint16_t default_slave = 0;
        uint16_t mode_count_id;
        uint16_t mode_band_id;