Author: arybchik Date: Tue Dec 25 07:23:33 2018 New Revision: 342444 URL: https://svnweb.freebsd.org/changeset/base/342444
Log: MFC r341295 sfxge(4): avoid usage of too big arrays on stack Found by PreFAST static analysis. Submitted by: Martin Harvey <mharvey at solarflare.com> Sponsored by: Solarflare Communications, Inc. Differential Revision: https://reviews.freebsd.org/D18257 Modified: stable/11/sys/dev/sfxge/common/ef10_phy.c stable/11/sys/dev/sfxge/common/efx_nvram.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/sfxge/common/ef10_phy.c ============================================================================== --- stable/11/sys/dev/sfxge/common/ef10_phy.c Tue Dec 25 07:23:04 2018 (r342443) +++ stable/11/sys/dev/sfxge/common/ef10_phy.c Tue Dec 25 07:23:33 2018 (r342444) @@ -528,14 +528,26 @@ ef10_bist_poll( unsigned long *valuesp, __in size_t count) { + /* + * MCDI_CTL_SDU_LEN_MAX_V1 is large enough cover all BIST results, + * whilst not wasting stack. + */ + uint8_t payload[MAX(MC_CMD_POLL_BIST_IN_LEN, MCDI_CTL_SDU_LEN_MAX_V1)]; efx_nic_cfg_t *encp = &(enp->en_nic_cfg); efx_mcdi_req_t req; - uint8_t payload[MAX(MC_CMD_POLL_BIST_IN_LEN, - MCDI_CTL_SDU_LEN_MAX)]; uint32_t value_mask = 0; uint32_t result; efx_rc_t rc; + EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_LEN <= + MCDI_CTL_SDU_LEN_MAX_V1); + EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_SFT9001_LEN <= + MCDI_CTL_SDU_LEN_MAX_V1); + EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_MRSFP_LEN <= + MCDI_CTL_SDU_LEN_MAX_V1); + EFX_STATIC_ASSERT(MC_CMD_POLL_BIST_OUT_MEM_LEN <= + MCDI_CTL_SDU_LEN_MAX_V1); + _NOTE(ARGUNUSED(type)) (void) memset(payload, 0, sizeof (payload)); @@ -543,7 +555,7 @@ ef10_bist_poll( req.emr_in_buf = payload; req.emr_in_length = MC_CMD_POLL_BIST_IN_LEN; req.emr_out_buf = payload; - req.emr_out_length = MCDI_CTL_SDU_LEN_MAX; + req.emr_out_length = MCDI_CTL_SDU_LEN_MAX_V1; efx_mcdi_execute(enp, &req); Modified: stable/11/sys/dev/sfxge/common/efx_nvram.c ============================================================================== --- stable/11/sys/dev/sfxge/common/efx_nvram.c Tue Dec 25 07:23:04 2018 (r342443) +++ stable/11/sys/dev/sfxge/common/efx_nvram.c Tue Dec 25 07:23:33 2018 (r342444) @@ -862,23 +862,27 @@ efx_mcdi_nvram_write( __in size_t size) { efx_mcdi_req_t req; - uint8_t payload[MAX(MCDI_CTL_SDU_LEN_MAX_V1, - MCDI_CTL_SDU_LEN_MAX_V2)]; + uint8_t *payload; efx_rc_t rc; size_t max_data_size; + size_t payload_len = enp->en_nic_cfg.enc_mcdi_max_payload_length; - max_data_size = enp->en_nic_cfg.enc_mcdi_max_payload_length - - MC_CMD_NVRAM_WRITE_IN_LEN(0); - EFSYS_ASSERT3U(enp->en_nic_cfg.enc_mcdi_max_payload_length, >, 0); - EFSYS_ASSERT3U(max_data_size, <, - enp->en_nic_cfg.enc_mcdi_max_payload_length); + max_data_size = payload_len - MC_CMD_NVRAM_WRITE_IN_LEN(0); + EFSYS_ASSERT3U(payload_len, >, 0); + EFSYS_ASSERT3U(max_data_size, <, payload_len); if (size > max_data_size) { rc = EINVAL; goto fail1; } - (void) memset(payload, 0, sizeof (payload)); + EFSYS_KMEM_ALLOC(enp->en_esip, payload_len, payload); + if (payload == NULL) { + rc = ENOMEM; + goto fail2; + } + + (void) memset(payload, 0, payload_len); req.emr_cmd = MC_CMD_NVRAM_WRITE; req.emr_in_buf = payload; req.emr_in_length = MC_CMD_NVRAM_WRITE_IN_LEN(size); @@ -896,11 +900,16 @@ efx_mcdi_nvram_write( if (req.emr_rc != 0) { rc = req.emr_rc; - goto fail2; + goto fail3; } + EFSYS_KMEM_FREE(enp->en_esip, payload_len, payload); + return (0); +fail3: + EFSYS_PROBE(fail3); + EFSYS_KMEM_FREE(enp->en_esip, payload_len, payload); fail2: EFSYS_PROBE(fail2); fail1: _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"