* [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects @ 2020-10-30 0:21 Wei Huang 2020-10-30 0:21 ` [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null Wei Huang ` (2 more replies) 0 siblings, 3 replies; 6+ messages in thread From: Wei Huang @ 2020-10-30 0:21 UTC (permalink / raw) To: dev, rosen.xu, qi.z.zhang; +Cc: Wei Huang These two patches fix defects found by coverity scan. Main changes from v2: - Fix coding style issue Wei Huang (2): raw/ifpga: terminate string filled by readlink with null raw/ifpga: use trusted buffer to free drivers/raw/ifpga/ifpga_rawdev.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) -- 2.7.3 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null 2020-10-30 0:21 [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Wei Huang @ 2020-10-30 0:21 ` Wei Huang 2020-10-30 6:56 ` Zhang, Tianfei 2020-10-30 0:21 ` [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free Wei Huang 2020-11-02 12:23 ` [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Zhang, Qi Z 2 siblings, 1 reply; 6+ messages in thread From: Wei Huang @ 2020-10-30 0:21 UTC (permalink / raw) To: dev, rosen.xu, qi.z.zhang; +Cc: Wei Huang readlink() does not terminate string, add a null character at the end of the string if readlink() succeeds. Fixes: 9c006c45d0c5 ("raw/ifpga: scan PCIe BDF device tree") Signed-off-by: Wei Huang <wei.huang@intel.com> --- v2: fix coding style issue --- drivers/raw/ifpga/ifpga_rawdev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/raw/ifpga/ifpga_rawdev.c b/drivers/raw/ifpga/ifpga_rawdev.c index 0385514..f9de167 100644 --- a/drivers/raw/ifpga/ifpga_rawdev.c +++ b/drivers/raw/ifpga/ifpga_rawdev.c @@ -230,8 +230,9 @@ static int ifpga_rawdev_fill_info(struct ifpga_rawdev *ifpga_dev, memset(link, 0, sizeof(link)); memset(link1, 0, sizeof(link1)); ret = readlink(path, link, (sizeof(link)-1)); - if (ret == -1) + if ((ret < 0) || ((unsigned int)ret > (sizeof(link)-1))) return -1; + link[ret] = 0; /* terminate string with null character */ strlcpy(link1, link, sizeof(link1)); memset(ifpga_dev->parent_bdf, 0, 16); point = strlen(link); -- 2.7.3 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null 2020-10-30 0:21 ` [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null Wei Huang @ 2020-10-30 6:56 ` Zhang, Tianfei 0 siblings, 0 replies; 6+ messages in thread From: Zhang, Tianfei @ 2020-10-30 6:56 UTC (permalink / raw) To: Huang, Wei, dev, Xu, Rosen, Zhang, Qi Z; +Cc: Huang, Wei > -----Original Message----- > From: dev <dev-bounces@dpdk.org> On Behalf Of Wei Huang > Sent: 2020年10月30日 8:22 > To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z > <qi.z.zhang@intel.com> > Cc: Huang, Wei <wei.huang@intel.com> > Subject: [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by > readlink with null > > readlink() does not terminate string, add a null character at the end of the > string if readlink() succeeds. > > Fixes: 9c006c45d0c5 ("raw/ifpga: scan PCIe BDF device tree") It is better add Coverity issue number , like "Coverity issue: xxxx ". Missing “Cc: stable@dpdk.org” > > Signed-off-by: Wei Huang <wei.huang@intel.com> > --- > v2: fix coding style issue > --- > drivers/raw/ifpga/ifpga_rawdev.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/raw/ifpga/ifpga_rawdev.c > b/drivers/raw/ifpga/ifpga_rawdev.c > index 0385514..f9de167 100644 > --- a/drivers/raw/ifpga/ifpga_rawdev.c > +++ b/drivers/raw/ifpga/ifpga_rawdev.c > @@ -230,8 +230,9 @@ static int ifpga_rawdev_fill_info(struct ifpga_rawdev > *ifpga_dev, > memset(link, 0, sizeof(link)); > memset(link1, 0, sizeof(link1)); > ret = readlink(path, link, (sizeof(link)-1)); > - if (ret == -1) > + if ((ret < 0) || ((unsigned int)ret > (sizeof(link)-1))) > return -1; > + link[ret] = 0; /* terminate string with null character */ link[ret] = '\0'; > strlcpy(link1, link, sizeof(link1)); > memset(ifpga_dev->parent_bdf, 0, 16); > point = strlen(link); > -- > 2.7.3 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free 2020-10-30 0:21 [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Wei Huang 2020-10-30 0:21 ` [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null Wei Huang @ 2020-10-30 0:21 ` Wei Huang 2020-10-30 6:56 ` Zhang, Tianfei 2020-11-02 12:23 ` [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Zhang, Qi Z 2 siblings, 1 reply; 6+ messages in thread From: Wei Huang @ 2020-10-30 0:21 UTC (permalink / raw) To: dev, rosen.xu, qi.z.zhang; +Cc: Wei Huang In rte_fpga_do_pr, calling function read() may taints argument buffer which turn to an untrusted value as argumen of rte_free(). Fixes: ef1e8ede3da5 ("raw/ifpga: add Intel FPGA bus rawdev driver") Signed-off-by: Wei Huang <wei.huang@intel.com> --- v2: add fixes information to log --- drivers/raw/ifpga/ifpga_rawdev.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/raw/ifpga/ifpga_rawdev.c b/drivers/raw/ifpga/ifpga_rawdev.c index f9de167..27129b1 100644 --- a/drivers/raw/ifpga/ifpga_rawdev.c +++ b/drivers/raw/ifpga/ifpga_rawdev.c @@ -786,7 +786,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id, int file_fd; int ret = 0; ssize_t buffer_size; - void *buffer; + void *buffer, *buf_to_free; u64 pr_error; if (!file_name) @@ -818,6 +818,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id, ret = -ENOMEM; goto close_fd; } + buf_to_free = buffer; /*read the raw data*/ if (buffer_size != read(file_fd, (void *)buffer, buffer_size)) { @@ -835,8 +836,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id, } free_buffer: - if (buffer) - rte_free(buffer); + if (buf_to_free) + rte_free(buf_to_free); close_fd: close(file_fd); file_fd = 0; -- 2.7.3 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free 2020-10-30 0:21 ` [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free Wei Huang @ 2020-10-30 6:56 ` Zhang, Tianfei 0 siblings, 0 replies; 6+ messages in thread From: Zhang, Tianfei @ 2020-10-30 6:56 UTC (permalink / raw) To: Huang, Wei, dev, Xu, Rosen, Zhang, Qi Z; +Cc: Huang, Wei > -----Original Message----- > From: dev <dev-bounces@dpdk.org> On Behalf Of Wei Huang > Sent: 2020年10月30日 8:22 > To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z > <qi.z.zhang@intel.com> > Cc: Huang, Wei <wei.huang@intel.com> > Subject: [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free > > In rte_fpga_do_pr, calling function read() may taints argument buffer which > turn to an untrusted value as argumen of rte_free(). > > Fixes: ef1e8ede3da5 ("raw/ifpga: add Intel FPGA bus rawdev driver") It is better add Coverity issue number , like "Coverity issue: xxxx ". Missing “Cc: stable@dpdk.org”. > > Signed-off-by: Wei Huang <wei.huang@intel.com> > --- > v2: add fixes information to log > --- > drivers/raw/ifpga/ifpga_rawdev.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/drivers/raw/ifpga/ifpga_rawdev.c > b/drivers/raw/ifpga/ifpga_rawdev.c > index f9de167..27129b1 100644 > --- a/drivers/raw/ifpga/ifpga_rawdev.c > +++ b/drivers/raw/ifpga/ifpga_rawdev.c > @@ -786,7 +786,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int > port_id, > int file_fd; > int ret = 0; > ssize_t buffer_size; > - void *buffer; > + void *buffer, *buf_to_free; > u64 pr_error; > > if (!file_name) > @@ -818,6 +818,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int > port_id, > ret = -ENOMEM; > goto close_fd; > } > + buf_to_free = buffer; > > /*read the raw data*/ > if (buffer_size != read(file_fd, (void *)buffer, buffer_size)) { @@ -835,8 > +836,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id, > } > > free_buffer: > - if (buffer) > - rte_free(buffer); > + if (buf_to_free) > + rte_free(buf_to_free); > close_fd: > close(file_fd); > file_fd = 0; > -- > 2.7.3 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects 2020-10-30 0:21 [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Wei Huang 2020-10-30 0:21 ` [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null Wei Huang 2020-10-30 0:21 ` [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free Wei Huang @ 2020-11-02 12:23 ` Zhang, Qi Z 2 siblings, 0 replies; 6+ messages in thread From: Zhang, Qi Z @ 2020-11-02 12:23 UTC (permalink / raw) To: Huang, Wei, dev, Xu, Rosen > -----Original Message----- > From: Huang, Wei <wei.huang@intel.com> > Sent: Friday, October 30, 2020 8:22 AM > To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z > <qi.z.zhang@intel.com> > Cc: Huang, Wei <wei.huang@intel.com> > Subject: [PATCH v2 0/2] raw/ifpga: fix coverity defects > > These two patches fix defects found by coverity scan. > > Main changes from v2: > - Fix coding style issue > > Wei Huang (2): > raw/ifpga: terminate string filled by readlink with null > raw/ifpga: use trusted buffer to free > > drivers/raw/ifpga/ifpga_rawdev.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > -- > 2.7.3 Acked-by: Qi Zhang <qi.z.zhang@intel.com> Applied to dpdk-next-net-intel. Thanks Qi ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-11-02 12:23 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-10-30 0:21 [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Wei Huang 2020-10-30 0:21 ` [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null Wei Huang 2020-10-30 6:56 ` Zhang, Tianfei 2020-10-30 0:21 ` [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free Wei Huang 2020-10-30 6:56 ` Zhang, Tianfei 2020-11-02 12:23 ` [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Zhang, Qi Z
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).