From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id B3891A00C5; Thu, 7 May 2020 08:38:01 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C4E001DA5B; Thu, 7 May 2020 08:37:52 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id CB5CE1DA54 for ; Thu, 7 May 2020 08:37:50 +0200 (CEST) IronPort-SDR: DfwmkyLDLEsQO3TJ8sorap8u7SmFM6UTdZGGWPXjJMh9HJRh1CCx4RavK2yAv2fQYS6BxAzXcu ZrAYKCvlRw3w== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2020 23:37:49 -0700 IronPort-SDR: if3CekG1oAdSxq5n3MCh6h+9lL5NA32PLMJJtqxCwDrYgO3r0Zr5trHtwpZiaL4CddBlsfk5dQ +trCfCAW0iXg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,362,1583222400"; d="scan'208";a="263835204" Received: from yexl-server.sh.intel.com (HELO localhost) ([10.67.116.183]) by orsmga006.jf.intel.com with ESMTP; 06 May 2020 23:37:48 -0700 Date: Thu, 7 May 2020 14:30:02 +0800 From: Ye Xiaolong To: "Di, ChenxuX" Cc: "dev@dpdk.org" , "Xing, Beilei" Message-ID: <20200507063002.GD49901@intel.com> References: <20200507030928.42082-1-chenxux.di@intel.com> <20200507051512.GB49901@intel.com> <43808b691dbc487eae5d7a9686e03a29@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43808b691dbc487eae5d7a9686e03a29@intel.com> User-Agent: Mutt/1.9.4 (2018-02-28) Subject: Re: [dpdk-dev] [PATCH] net/i40e: fix out of bounds read issue X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 05/07, Di, ChenxuX wrote: >Hi, xiaolong > >> -----Original Message----- >> From: Ye, Xiaolong >> Sent: Thursday, May 7, 2020 1:15 PM >> To: Di, ChenxuX >> Cc: dev@dpdk.org; Xing, Beilei >> Subject: Re: [dpdk-dev] [PATCH] net/i40e: fix out of bounds read issue >> >> On 05/07, Chenxu Di wrote: >> >This patch fixes (out-of-bounds read) coverity issue. >> > >> >Coverity issue: 357699 >> >Coverity issue: 357694 >> >Fixes: feaae285b342 ("net/i40e: support hash configuration in RSS >> >flow") >> > >> >Signed-off-by: Chenxu Di >> >--- >> > drivers/net/i40e/i40e_ethdev.c | 4 ++-- >> > 1 file changed, 2 insertions(+), 2 deletions(-) >> > >> >diff --git a/drivers/net/i40e/i40e_ethdev.c >> >b/drivers/net/i40e/i40e_ethdev.c index 749d85f54..6c295ac5a 100644 >> >--- a/drivers/net/i40e/i40e_ethdev.c >> >+++ b/drivers/net/i40e/i40e_ethdev.c >> >@@ -13180,7 +13180,7 @@ i40e_rss_config_hash_function(struct i40e_pf *pf, >> > } >> > >> > for (j = I40E_FILTER_PCTYPE_INVALID + 1; >> >- j < I40E_FILTER_PCTYPE_MAX; j++) { >> >+ j < I40E_FILTER_PCTYPE_MAX && i < UINT64_BIT; j++) { >> >> I see i is defined as uint32_t, why compare it to UINT64_BIT here? >> And could you specify where is the out of bounds read before the fix? > >The UINT64_BIT is the define of 64. And i is just used as the index of pctypes_tbl[]. >And the code is just copy the function i40e_set_hash_filter_global_config(), >So I don't why he use the define UINT64_BIT as the value 64. > >> >> > if (pf->adapter->pctypes_tbl[i] & (1ULL << j)) > >the out of bounds read is the pctypes_tbl[i]. the above code is that : > > for (i = RTE_ETH_FLOW_UNKNOWN + 1; i < UINT64_BIT; i++) { > if (mask0 & (1UL << i)) > break; > } >If the loop doesn't break; the value of i will be 64 while the length of pctypes_tbl[] is 64. Got it, can you move the i < UINT64_BIT check before the new for loop, so it doesn't need to check it everytime? Thanks, Xiaolong > >> > i40e_write_global_rx_ctl(hw, >> > I40E_GLQF_HSYM(j), >> >@@ -13312,7 +13312,7 @@ i40e_rss_clear_hash_function(struct i40e_pf *pf, >> > } >> > >> > for (j = I40E_FILTER_PCTYPE_INVALID + 1; >> >- j < I40E_FILTER_PCTYPE_MAX; j++) { >> >+ j < I40E_FILTER_PCTYPE_MAX && i < UINT64_BIT; j++) { >> > if (pf->adapter->pctypes_tbl[i] & (1ULL << j)) >> > i40e_write_global_rx_ctl(hw, >> > I40E_GLQF_HSYM(j), >> >-- >> >2.17.1 >> >