DPDK patches and discussions
 help / color / mirror / Atom feed
From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>
Subject: [dpdk-dev] [RFC 1/5] bus/pci: fix allocation of pci device path
Date: Tue,  6 Nov 2018 13:48:57 -0800	[thread overview]
Message-ID: <20181106214901.1392-2-stephen@networkplumber.org> (raw)
In-Reply-To: <20181106214901.1392-1-stephen@networkplumber.org>

The pci_resource_by_index called strlen() on uninitialized
memory which would lead to the wrong size of memory allocated
for the path portion of the resource map. This would either cause
excessively large allocation, or worse memory corruption.

Coverity Issue: 300868
Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 drivers/bus/pci/linux/pci_uio.c | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/drivers/bus/pci/linux/pci_uio.c b/drivers/bus/pci/linux/pci_uio.c
index a7c14421aa79..112ac51dddcc 100644
--- a/drivers/bus/pci/linux/pci_uio.c
+++ b/drivers/bus/pci/linux/pci_uio.c
@@ -295,14 +295,6 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx,
 	loc = &dev->addr;
 	maps = uio_res->maps;
 
-	/* allocate memory to keep path */
-	maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0);
-	if (maps[map_idx].path == NULL) {
-		RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n",
-				strerror(errno));
-		return -1;
-	}
-
 	/*
 	 * open resource file, to mmap it
 	 */
@@ -335,10 +327,19 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx,
 		if (fd < 0) {
 			RTE_LOG(ERR, EAL, "Cannot open %s: %s\n",
 				devname, strerror(errno));
-			goto error;
+			return -1;
 		}
 	}
 
+	/* allocate memory to keep path */
+	maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0);
+	if (maps[map_idx].path == NULL) {
+		RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n",
+				strerror(errno));
+		close(fd);
+		return -1;
+	}
+
 	/* try mapping somewhere close to the end of hugepages */
 	if (pci_map_addr == NULL)
 		pci_map_addr = pci_find_max_end_va();
@@ -346,8 +347,10 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx,
 	mapaddr = pci_map_resource(pci_map_addr, fd, 0,
 			(size_t)dev->mem_resource[res_idx].len, 0);
 	close(fd);
-	if (mapaddr == MAP_FAILED)
-		goto error;
+	if (mapaddr == MAP_FAILED) {
+		rte_free(maps[map_idx].path);
+		return -1;
+	}
 
 	pci_map_addr = RTE_PTR_ADD(mapaddr,
 			(size_t)dev->mem_resource[res_idx].len);
@@ -360,10 +363,6 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx,
 	dev->mem_resource[res_idx].addr = mapaddr;
 
 	return 0;
-
-error:
-	rte_free(maps[map_idx].path);
-	return -1;
 }
 
 #if defined(RTE_ARCH_X86)
-- 
2.17.1

  reply	other threads:[~2018-11-06 21:49 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-06 21:48 [dpdk-dev] [RFC 0/5] more Coverity related bug fixes Stephen Hemminger
2018-11-06 21:48 ` Stephen Hemminger [this message]
2018-11-18 15:03   ` [dpdk-dev] [RFC 1/5] bus/pci: fix allocation of pci device path Thomas Monjalon
2018-11-22 23:52   ` Ferruh Yigit
2018-11-23  0:29   ` [dpdk-dev] [PATCH] bus/pci: fix allocation of PCI " Ferruh Yigit
2018-11-23 10:45     ` Thomas Monjalon
2018-11-23 10:55       ` Andrew Rybchenko
2018-11-23 11:01     ` Maxime Coquelin
2018-11-25 10:53       ` Thomas Monjalon
2018-11-06 21:48 ` [dpdk-dev] [RFC 2/5] bus/pci: fix TOCTOU issue Stephen Hemminger
2018-11-18 15:04   ` Thomas Monjalon
2018-11-06 21:48 ` [dpdk-dev] [RFC 3/5] bpf: fix validation of eal_divmod Stephen Hemminger
2018-11-07 12:54   ` Ananyev, Konstantin
2018-11-07 19:51     ` Stephen Hemminger
2018-11-07 20:07       ` Ananyev, Konstantin
2018-11-07 23:04       ` Ananyev, Konstantin
2018-11-06 21:49 ` [dpdk-dev] [RFC 4/5] eal/memory: avoid double munmap in error path Stephen Hemminger
2018-11-06 23:10   ` Thomas Monjalon
2018-11-06 21:49 ` [dpdk-dev] [RFC 5/5] pipeline: remove dead code Stephen Hemminger
2018-11-18 15:07   ` Thomas Monjalon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181106214901.1392-2-stephen@networkplumber.org \
    --to=stephen@networkplumber.org \
    --cc=dev@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).