From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6800342E3C; Mon, 10 Jul 2023 19:08:31 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F02F942D1D; Mon, 10 Jul 2023 19:08:10 +0200 (CEST) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mails.dpdk.org (Postfix) with ESMTP id D417E40150 for ; Mon, 10 Jul 2023 19:08:07 +0200 (CEST) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-6686a05bc66so2609965b3a.1 for ; Mon, 10 Jul 2023 10:08:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1689008887; x=1691600887; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R92bKE5RrcnOxuzq2w4Wy8obvQQT5MGY0zBIIbenUk4=; b=sXHrt0nr6ba6KY8uhgr2iiytI+0Jk/e4OxNkd4E0N30SwZqHF3dCuAmbLSnL9x/gX8 gVF2y87QCiRyHrIDYlmlR/exA394j06kMdhu8yQKSdKRnQpOqw2hOCqDWr5njd+k9fkR 5O7E4y1nX6fEvtZVld2/MIpuvGkmsYXZagAG1Zh/WyDDt22Oijamq6QAwda9mDU4tM/V /JntZ+cQ5BNvxTaC7nTK14tr1MNNOK374nx5/26l8m4Toit776HE4wLgUXyuamJyI6qQ mOuU9Bhd7Zs//fbwJizhbmvlcdJ2Yoaz45M7XGeFCkvRsc8dvo1oypt9L20IswxNkC4N 6Y/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689008887; x=1691600887; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R92bKE5RrcnOxuzq2w4Wy8obvQQT5MGY0zBIIbenUk4=; b=F5oZcph9ticpG7kzKcUo8SAU/ze8Fe+gQcHRudP71Aa50AeOLB3oRJOt8xh5Blj+Qz m6hp1D2utW9sw7xHeb5lP8s7KEq2Ap8xohnblgVqvXkEJjXtbvffvo0/k1Pi0kk90Brh OfkCl2e4PqzcY4sDZKMs+ev2pGOmr5VmaWc8Bqv5e3GtidLfafApwUPaSaQsVkP9YoMM Lrq9/x+EgmsoEagZsywTxuLbhcc2tU4clB2EDlmGqNfYwsaYP7OKKI0Yx3gLEBkdflP5 /Gj4RoKmWvgduCzq9neV1m80rbocgb56bmfZg7/jGgUkMwwg1wixQtqEvm4t11/c1ZOz R4eQ== X-Gm-Message-State: ABy/qLZHz7IqM6JAKHf7c4QdVRbTQizLGlO6aPgfdIZU0+vlNWC6iaR7 ORu0oGw0QdyOFzRSaczJh33hsVEMnXMhtdmCAg3gNA== X-Google-Smtp-Source: APBJJlGbEz1oDk7LBo2sQJ2AjjEZpU8J/sZ+at+InrFdZEEa7OGjsYeTzWeNpo43FPbKlEpKTE9mwQ== X-Received: by 2002:a05:6a20:1018:b0:12f:7a6a:7f8e with SMTP id gs24-20020a056a20101800b0012f7a6a7f8emr10416174pzc.13.1689008886796; Mon, 10 Jul 2023 10:08:06 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id q17-20020a62e111000000b00682ed27f99dsm51799pfh.46.2023.07.10.10.08.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 Jul 2023 10:08:06 -0700 (PDT) From: Stephen Hemminger To: dev@dpdk.org Cc: Sinan Kaya , Stephen Hemminger , Anatoly Burakov Subject: [PATCH v4 4/5] malloc: codeql fixes Date: Mon, 10 Jul 2023 10:07:59 -0700 Message-Id: <20230710170800.12478-5-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230710170800.12478-1-stephen@networkplumber.org> References: <20230120044140.95975-1-okaya@kernel.org> <20230710170800.12478-1-stephen@networkplumber.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Sinan Kaya In malloc_heap_add_memory result of call to malloc_elem_join_adjacent_free is dereferenced here and may be null. In alloc_pages_on_heap result of call to rte_mem_virt2memseg_list is dereferenced here and may be null. In eal_memalloc_is_contig result of call to rte_fbarray_get is dereferenced here and may be null. In malloc_elem_find_max_iova_contig result of call to rte_mem_virt2memseg is dereferenced here and may be null. In malloc_heap_free result of call to malloc_elem_free is dereferenced here and may be null. In malloc_elem_alloc result of call to elem_start_pt is dereferenced here and may be null. Signed-off-by: Sinan Kaya Signed-off-by: Stephen Hemminger --- lib/eal/common/eal_common_memalloc.c | 5 ++++- lib/eal/common/malloc_elem.c | 14 +++++++++++--- lib/eal/common/malloc_heap.c | 9 ++++++++- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/lib/eal/common/eal_common_memalloc.c b/lib/eal/common/eal_common_memalloc.c index ab04479c1cc5..24506f8447d7 100644 --- a/lib/eal/common/eal_common_memalloc.c +++ b/lib/eal/common/eal_common_memalloc.c @@ -126,6 +126,9 @@ eal_memalloc_is_contig(const struct rte_memseg_list *msl, void *start, /* skip first iteration */ ms = rte_fbarray_get(&msl->memseg_arr, start_seg); + if (ms == NULL) + return false; + cur = ms->iova; expected = cur + pgsz; @@ -137,7 +140,7 @@ eal_memalloc_is_contig(const struct rte_memseg_list *msl, void *start, cur_seg++, expected += pgsz) { ms = rte_fbarray_get(&msl->memseg_arr, cur_seg); - if (ms->iova != expected) + if ((ms != NULL) && (ms->iova != expected)) return false; } } diff --git a/lib/eal/common/malloc_elem.c b/lib/eal/common/malloc_elem.c index 619c040aa3e8..443ae26d283a 100644 --- a/lib/eal/common/malloc_elem.c +++ b/lib/eal/common/malloc_elem.c @@ -63,6 +63,8 @@ malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align) cur_page = RTE_PTR_ALIGN_FLOOR(contig_seg_start, page_sz); ms = rte_mem_virt2memseg(cur_page, elem->msl); + if (ms == NULL) + return 0; /* do first iteration outside the loop */ page_end = RTE_PTR_ADD(cur_page, page_sz); @@ -91,9 +93,12 @@ malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align) * we're not blowing past data end. */ ms = rte_mem_virt2memseg(contig_seg_start, elem->msl); - cur_page = ms->addr; - /* don't trigger another recalculation */ - expected_iova = ms->iova; + if (ms != NULL) { + cur_page = ms->addr; + + /* don't trigger another recalculation */ + expected_iova = ms->iova; + } continue; } /* cur_seg_end ends on a page boundary or on data end. if we're @@ -430,6 +435,9 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t size, unsigned align, { struct malloc_elem *new_elem = elem_start_pt(elem, size, align, bound, contig); + if (new_elem == NULL) + return NULL; + const size_t old_elem_size = (uintptr_t)new_elem - (uintptr_t)elem; const size_t trailer_size = elem->size - old_elem_size - size - MALLOC_ELEM_OVERHEAD; diff --git a/lib/eal/common/malloc_heap.c b/lib/eal/common/malloc_heap.c index 6b6cf9174cd3..0abaaa8c57f8 100644 --- a/lib/eal/common/malloc_heap.c +++ b/lib/eal/common/malloc_heap.c @@ -97,6 +97,8 @@ malloc_heap_add_memory(struct malloc_heap *heap, struct rte_memseg_list *msl, malloc_elem_insert(elem); elem = malloc_elem_join_adjacent_free(elem); + if (elem == NULL) + return NULL; malloc_elem_free_list_insert(elem); @@ -321,6 +323,8 @@ alloc_pages_on_heap(struct malloc_heap *heap, uint64_t pg_sz, size_t elt_size, map_addr = ms[0]->addr; msl = rte_mem_virt2memseg_list(map_addr); + if (msl == NULL) + return NULL; /* check if we wanted contiguous memory but didn't get it */ if (contig && !eal_memalloc_is_contig(msl, map_addr, alloc_sz)) { @@ -897,6 +901,9 @@ malloc_heap_free(struct malloc_elem *elem) /* anything after this is a bonus */ ret = 0; + if (elem == NULL) + goto free_unlock; + /* ...of which we can't avail if we are in legacy mode, or if this is an * externally allocated segment. */ @@ -935,7 +942,7 @@ malloc_heap_free(struct malloc_elem *elem) const struct rte_memseg *tmp = rte_mem_virt2memseg(aligned_start, msl); - if (tmp->flags & RTE_MEMSEG_FLAG_DO_NOT_FREE) { + if ((tmp != NULL) && (tmp->flags & RTE_MEMSEG_FLAG_DO_NOT_FREE)) { /* this is an unfreeable segment, so move start */ aligned_start = RTE_PTR_ADD(tmp->addr, tmp->len); } -- 2.39.2