From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by dpdk.org (Postfix) with ESMTP id EEB909A87 for ; Mon, 20 Jun 2016 21:28:06 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1830; q=dns/txt; s=iport; t=1466450886; x=1467660486; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=/NoTvgsj+ho5aG+L703VY3ByFLPyVya8nLG5LRqMMU4=; b=QdUG8gSqs+r7ER7J6SsQJ43P0YF0MjooTDbOSx4k3u43S+KSyuxbTe/v dtP5Ex+3IUrj+JU2RBiugOHahidqabR030pw1XA2Kvxd2y0FPPRP23Qw4 ACghDykSEYSFwzRn3n/0xNV+kHUB9e0/rtFBxy3aC5xkTwNwMaxSoF9Cb g=; X-IronPort-AV: E=Sophos;i="5.26,500,1459814400"; d="scan'208";a="114921995" Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 20 Jun 2016 19:28:06 +0000 Received: from cisco.com (savbu-usnic-a.cisco.com [10.193.184.48]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u5KJS6k3017071; Mon, 20 Jun 2016 19:28:06 GMT Received: by cisco.com (Postfix, from userid 392789) id 0E63C3FAADF8; Mon, 20 Jun 2016 12:28:06 -0700 (PDT) From: John Daley To: slawomirx.mrozowicz@intel.com, ferruh.yigit@intel.com Cc: dev@dpdk.org, John Daley Date: Mon, 20 Jun 2016 12:27:46 -0700 Message-Id: <1466450866-23095-1-git-send-email-johndale@cisco.com> X-Mailer: git-send-email 2.7.0 In-Reply-To: <5767FF37.1050404@intel.com> References: <5767FF37.1050404@intel.com> Subject: [dpdk-dev] [PATCH v2] enic: negative array index write X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2016 19:28:07 -0000 Negative array index write using variable pos as an index to array enic->fdir.nodes. Fixed by add array index check. Fixes: fefed3d1e62c ("enic: new driver") Coverity ID 13270 Signed-off-by: John Daley --- Here is a version 2. Differences with fix proposed by Slawomir Mrozowicz: - handle the return code error condition for both calls to rte_hash_add_key() not just the the 2nd one. - no need to check for pos >= ENICPMD_FDIR_MAX since it should already be validated by rte_hash_add_key(). rte_hash_create() takes an 'entries' parameter which is used to cap the max return value of rte_hash_add_key(). - when pos is < 0, return the actual error (pos), instead of -EINVAL. drivers/net/enic/enic_clsf.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/net/enic/enic_clsf.c b/drivers/net/enic/enic_clsf.c index edb56e1..7d2bb78 100644 --- a/drivers/net/enic/enic_clsf.c +++ b/drivers/net/enic/enic_clsf.c @@ -148,9 +148,13 @@ int enic_fdir_add_fltr(struct enic *enic, struct rte_eth_fdir_filter *params) enic->fdir.nodes[pos] = NULL; if (unlikely(key->rq_index == queue)) { /* Nothing to be done */ + enic->fdir.stats.f_add++; pos = rte_hash_add_key(enic->fdir.hash, params); + if (pos < 0) { + dev_err(enic, "Add hash key failed\n"); + return pos; + } enic->fdir.nodes[pos] = key; - enic->fdir.stats.f_add++; dev_warning(enic, "FDIR rule is already present\n"); return 0; @@ -213,6 +217,11 @@ int enic_fdir_add_fltr(struct enic *enic, struct rte_eth_fdir_filter *params) } pos = rte_hash_add_key(enic->fdir.hash, params); + if (pos < 0) { + dev_err(enic, "Add hash key failed\n"); + return pos; + } + enic->fdir.nodes[pos] = key; return 0; } -- 2.7.0