[bnxt] Prevent out-of-bounds memory access#1735
Conversation
|
Is it worth mentioning in the commit message why this is needed? |
|
Same comment as for #1725 - do we have a reason to expect the hardware to DMA invalid values into memory? |
|
We don't have a specific reason to expect the hardware to DMA invalid values, but we are in the process of hardening the driver and this enforces standard software bounds checking before accessing host memory arrays. Validating resp_len against RESP_BUFFER_SIZE ensures we never overflow the allocated DMA buffer, which protects the driver if the buffer sizes change in future HWRM specifications. Similarly, masking rx_cmp->opaque explicitly enforces our power-of-two ring boundaries in software, ensuring safe array access even if we dynamically resize rings or pack additional metadata into the opaque field in the future. |
Add boundary checks to prevent out-of-bounds memory accesses in RX and HWRM paths. Signed-off-by: Joseph Wong <joseph.wong@broadcom.com>
|
Thank you for the explanation. Rebasing and merging now. |
3 participants
Add boundary checks to prevent out-of-bounds memory accesses in RX and HWRM paths.