Hello Paul Blakey,
The patch bc562be9674b: "net/mlx5e: CT: Save ct entries tuples in
hashtables" from Mar 29, 2020, leads to the following static checker
warning:
drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:246 mlx5_tc_ct_rule_to_tuple_nat()
error: buffer overflow 'tuple->ip.src_v6.in6_u.u6_addr32' 4 <= 7
drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
229
230 offset = act->mangle.offset;
231 val = act->mangle.val;
232 switch (act->mangle.htype) {
233 case FLOW_ACT_MANGLE_HDR_TYPE_IP4:
234 if (offset == offsetof(struct iphdr, saddr))
235 tuple->ip.src_v4 = cpu_to_be32(val);
236 else if (offset == offsetof(struct iphdr, daddr))
237 tuple->ip.dst_v4 = cpu_to_be32(val);
238 else
239 return -EOPNOTSUPP;
240 break;
241
242 case FLOW_ACT_MANGLE_HDR_TYPE_IP6:
243 ip6_offset = (offset - offsetof(struct ipv6hdr, saddr));
244 ip6_offset /= 4;
245 if (ip6_offset < 8)
^^^^^^^^^^^^^^
246 tuple->ip.src_v6.s6_addr32[ip6_offset] = cpu_to_be32(val);
^^^^^^^^^^^^^^^^^^^^^
This is a 4 element array.
247 else
248 return -EOPNOTSUPP;
249 break;
250
251 case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
252 if (offset == offsetof(struct tcphdr, source))
253 tuple->port.src = cpu_to_be16(val);
254 else if (offset == offsetof(struct tcphdr, dest))
255 tuple->port.dst = cpu_to_be16(val);
256 else
257 return -EOPNOTSUPP;
258 break;
regards,
dan carpenter
