re: qed: FW 8.42.2.0 debug features

* re: qed: FW 8.42.2.0 debug features
@ 2020-01-31 10:01 Colin Ian King
  0 siblings, 0 replies; only message in thread
From: Colin Ian King @ 2020-01-31 10:01 UTC (permalink / raw)
  To: Ariel Elior, GR-everest-linux-l2, David S. Miller, netdev,
	Michal Kalderon
  Cc: linux-kernel

Hi,

Static analysis with Coverity detected an issue in the following commit:

commit 2d22bc8354b15abe413dff76cfe0f7aeb88ef9aa
Author: Michal Kalderon <michal.kalderon@marvell.com>
Date:   Mon Jan 27 15:26:19 2020 +0200

    qed: FW 8.42.2.0 debug features

Specifically, DBG_STATUS_NO_MATCHING_FRAMING_MODE was added to the enum
dbg_status in drivers/net/ethernet/qlogic/qed/qed_hsi.h
however the matching error message string was not added to array
s_status_str in drivers/net/ethernet/qlogic/qed/qed_debug.c causing an
out-of-bounds read on the array:

7088 const char *qed_dbg_get_status_str(enum dbg_status status)
7089 {

    1. Condition status < MAX_DBG_STATUS, taking true branch.
    2. cond_at_most: Checking status < MAX_DBG_STATUS implies that
status may be up to 58 on the true branch.
    Out-of-bounds read (OVERRUN)
    3. overrun-local: Overrunning array s_status_str of 58 8-byte
elements at element index 58 (byte offset 471) using index status (which
evaluates to 58).

7090        return (status <
7091                MAX_DBG_STATUS) ? s_status_str[status] : "Invalid
debug status";
7092 }

The array needs DBG_STATUS_NO_MATCHING_FRAMING_MODE added:

        /* DBG_STATUS_INVALID_FILTER_TRIGGER_DWORDS */
        "The filter/trigger constraint dword offsets are not enabled for
recording",

        /* Missing DBG_STATUS_NO_MATCHING_FRAMING_MODE text goes here */

        /* DBG_STATUS_VFC_READ_ERROR */
        "Error reading from VFC",

Colin

^ permalink raw reply	[flat|nested] only message in thread