From f905dd62be8853644357044a455f83e63e8c68ef Mon Sep 17 00:00:00 2001 From: Shannon Nelson Date: Thu, 10 Jul 2014 07:58:20 +0000 Subject: i40e/i40evf: add max buf len to aq debug print helper There is at least one case in the Firmware API where the response to a command changes the buffer size field in the AQ descriptor to a larger number than what the request's buffer size started as. This is in addition to setting an error flag and is in order to tell the requester how much larger a buffer is required for the answer. We need to be sure not to use that number when dumping the contents of the data buffer because it can send us into the weeds and generate an invalid pointer exception. This patch adds a max buffer size parameter to the print helper to be sure the code knows when to stop. Change-ID: Ib84f7ed72140fe9d600086d8f2002fc5d8753092 Signed-off-by: Shannon Nelson Tested-by: Jim Young Tested-by: Sibai Li Signed-off-by: Jeff Kirsher --- drivers/net/ethernet/intel/i40evf/i40e_common.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'drivers/net/ethernet/intel/i40evf/i40e_common.c') diff --git a/drivers/net/ethernet/intel/i40evf/i40e_common.c b/drivers/net/ethernet/intel/i40evf/i40e_common.c index 4ea90bf239b..95256055196 100644 --- a/drivers/net/ethernet/intel/i40evf/i40e_common.c +++ b/drivers/net/ethernet/intel/i40evf/i40e_common.c @@ -75,13 +75,15 @@ i40e_status i40e_set_mac_type(struct i40e_hw *hw) * @mask: debug mask * @desc: pointer to admin queue descriptor * @buffer: pointer to command buffer + * @buf_len: max length of buffer * * Dumps debug log about adminq command with descriptor contents. **/ void i40evf_debug_aq(struct i40e_hw *hw, enum i40e_debug_mask mask, void *desc, - void *buffer) + void *buffer, u16 buf_len) { struct i40e_aq_desc *aq_desc = (struct i40e_aq_desc *)desc; + u16 len = le16_to_cpu(aq_desc->datalen); u8 *aq_buffer = (u8 *)buffer; u32 data[4]; u32 i = 0; @@ -105,7 +107,9 @@ void i40evf_debug_aq(struct i40e_hw *hw, enum i40e_debug_mask mask, void *desc, if ((buffer != NULL) && (aq_desc->datalen != 0)) { memset(data, 0, sizeof(data)); i40e_debug(hw, mask, "AQ CMD Buffer:\n"); - for (i = 0; i < le16_to_cpu(aq_desc->datalen); i++) { + if (buf_len < len) + len = buf_len; + for (i = 0; i < len; i++) { data[((i % 16) / 4)] |= ((u32)aq_buffer[i]) << (8 * (i % 4)); if ((i % 16) == 15) { -- cgit v1.2.3-70-g09d2