The cnxk telemetry handlers parse their command parameters with strtok(), which keeps non-reentrant internal state and races when telemetry callbacks run on per-connection threads. Both handlers also trust the parsed integers more than they should: values are narrowed to the destination width or aliased to a valid index before any range check, so an out-of-range port or queue id can slip through and read past the backing array.
These two patches replace the strtok() walks with strtoul()/endptr parsing, range-check each value before it is used, and drop the strdup()/free() that the old SA-info path needed. The NIX handler additionally copies the full parameter string rather than capping it at PCI_PRI_STR_SIZE + 1, which had been truncating the queue id for longer device addresses. Stephen Hemminger (2): net/cnxk: fix telemetry SA info parameter parsing common/cnxk: fix thread-unsafe NIX telemetry parsing drivers/common/cnxk/cnxk_telemetry_nix.c | 80 ++++++++------------ drivers/net/cnxk/cnxk_ethdev_sec_telemetry.c | 50 ++++++------ 2 files changed, 54 insertions(+), 76 deletions(-) -- 2.53.0
