From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <johndale@cisco.com>
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80])
by dpdk.org (Postfix) with ESMTP id EEB909A87
for <dev@dpdk.org>; Mon, 20 Jun 2016 21:28:06 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=cisco.com; i=@cisco.com; l=1830; q=dns/txt; s=iport;
t=1466450886; x=1467660486;
h=from:to:cc:subject:date:message-id:in-reply-to: references;
bh=/NoTvgsj+ho5aG+L703VY3ByFLPyVya8nLG5LRqMMU4=;
b=QdUG8gSqs+r7ER7J6SsQJ43P0YF0MjooTDbOSx4k3u43S+KSyuxbTe/v
dtP5Ex+3IUrj+JU2RBiugOHahidqabR030pw1XA2Kvxd2y0FPPRP23Qw4
ACghDykSEYSFwzRn3n/0xNV+kHUB9e0/rtFBxy3aC5xkTwNwMaxSoF9Cb g=;
X-IronPort-AV: E=Sophos;i="5.26,500,1459814400"; d="scan'208";a="114921995"
Received: from alln-core-1.cisco.com ([173.36.13.131])
by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA;
20 Jun 2016 19:28:06 +0000
Received: from cisco.com (savbu-usnic-a.cisco.com [10.193.184.48])
by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u5KJS6k3017071;
Mon, 20 Jun 2016 19:28:06 GMT
Received: by cisco.com (Postfix, from userid 392789)
id 0E63C3FAADF8; Mon, 20 Jun 2016 12:28:06 -0700 (PDT)
From: John Daley <johndale@cisco.com>
To: slawomirx.mrozowicz@intel.com, ferruh.yigit@intel.com
Cc: dev@dpdk.org, John Daley <johndale@cisco.com>
Date: Mon, 20 Jun 2016 12:27:46 -0700
Message-Id: <1466450866-23095-1-git-send-email-johndale@cisco.com>
X-Mailer: git-send-email 2.7.0
In-Reply-To: <5767FF37.1050404@intel.com>
References: <5767FF37.1050404@intel.com>
Subject: [dpdk-dev] [PATCH v2] enic: negative array index write
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2016 19:28:07 -0000
Negative array index write using variable pos as an index to array
enic->fdir.nodes. Fixed by add array index check.
Fixes: fefed3d1e62c ("enic: new driver") Coverity ID 13270
Signed-off-by: John Daley <johndale@cisco.com>
---
Here is a version 2. Differences with fix proposed by Slawomir Mrozowicz:
- handle the return code error condition for both calls to rte_hash_add_key()
not just the the 2nd one.
- no need to check for pos >= ENICPMD_FDIR_MAX since it should already be
validated by rte_hash_add_key(). rte_hash_create() takes an 'entries'
parameter which is used to cap the max return value of rte_hash_add_key().
- when pos is < 0, return the actual error (pos), instead of -EINVAL.
drivers/net/enic/enic_clsf.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/net/enic/enic_clsf.c b/drivers/net/enic/enic_clsf.c
index edb56e1..7d2bb78 100644
--- a/drivers/net/enic/enic_clsf.c
+++ b/drivers/net/enic/enic_clsf.c
@@ -148,9 +148,13 @@ int enic_fdir_add_fltr(struct enic *enic, struct rte_eth_fdir_filter *params)
enic->fdir.nodes[pos] = NULL;
if (unlikely(key->rq_index == queue)) {
/* Nothing to be done */
+ enic->fdir.stats.f_add++;
pos = rte_hash_add_key(enic->fdir.hash, params);
+ if (pos < 0) {
+ dev_err(enic, "Add hash key failed\n");
+ return pos;
+ }
enic->fdir.nodes[pos] = key;
- enic->fdir.stats.f_add++;
dev_warning(enic,
"FDIR rule is already present\n");
return 0;
@@ -213,6 +217,11 @@ int enic_fdir_add_fltr(struct enic *enic, struct rte_eth_fdir_filter *params)
}
pos = rte_hash_add_key(enic->fdir.hash, params);
+ if (pos < 0) {
+ dev_err(enic, "Add hash key failed\n");
+ return pos;
+ }
+
enic->fdir.nodes[pos] = key;
return 0;
}
--
2.7.0