From 68cd48d0594aae257e2c5c5e806d36e5ce95b825 Mon Sep 17 00:00:00 2001 From: Rasesh Mody Date: Fri, 17 Mar 2017 23:53:28 -0700 Subject: [PATCH] net/qede/base: fix out-of-bound memory access Fix out-of-bound memory access on Management FW interaction for resource allocation Fixes: 252b88b58f70 ("net/qede/base: add selftest and query sensor info") Signed-off-by: Rasesh Mody --- drivers/net/qede/base/ecore_mcp.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/net/qede/base/ecore_mcp.c b/drivers/net/qede/base/ecore_mcp.c index e0d247bf3c..cb3e0bd277 100644 --- a/drivers/net/qede/base/ecore_mcp.c +++ b/drivers/net/qede/base/ecore_mcp.c @@ -2426,15 +2426,15 @@ enum _ecore_status_t ecore_mcp_get_resc_info(struct ecore_hwfn *p_hwfn, u32 *p_mcp_resp, u32 *p_mcp_param) { struct ecore_mcp_mb_params mb_params; - union drv_union_data *p_union_data; + union drv_union_data union_data; enum _ecore_status_t rc; OSAL_MEM_ZERO(&mb_params, sizeof(mb_params)); mb_params.cmd = DRV_MSG_GET_RESOURCE_ALLOC_MSG; mb_params.param = ECORE_RESC_ALLOC_VERSION; - p_union_data = (union drv_union_data *)p_resc_info; - mb_params.p_data_src = p_union_data; - mb_params.p_data_dst = p_union_data; + OSAL_MEMCPY(&union_data.resource, p_resc_info, sizeof(*p_resc_info)); + mb_params.p_data_src = &union_data; + mb_params.p_data_dst = &union_data; rc = ecore_mcp_cmd_and_union(p_hwfn, p_ptt, &mb_params); if (rc != ECORE_SUCCESS) return rc; @@ -2442,6 +2442,8 @@ enum _ecore_status_t ecore_mcp_get_resc_info(struct ecore_hwfn *p_hwfn, *p_mcp_resp = mb_params.mcp_resp; *p_mcp_param = mb_params.mcp_param; + OSAL_MEMCPY(p_resc_info, &union_data.resource, sizeof(*p_resc_info)); + DP_VERBOSE(p_hwfn, ECORE_MSG_SP, "MFW resource_info: version 0x%x, res_id 0x%x, size 0x%x," " offset 0x%x, vf_size 0x%x, vf_offset 0x%x, flags 0x%x\n", -- 2.20.1