From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id DFD4FA0471
	for <public@inbox.dpdk.org>; Mon, 15 Jul 2019 09:39:02 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 309463256;
	Mon, 15 Jul 2019 09:39:01 +0200 (CEST)
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by dpdk.org (Postfix) with ESMTP id 8F1702BF5
 for <dev@dpdk.org>; Mon, 15 Jul 2019 09:38:59 +0200 (CEST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 15 Jul 2019 00:38:42 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,493,1557212400"; d="scan'208";a="342312871"
Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205])
 by orsmga005.jf.intel.com with ESMTP; 15 Jul 2019 00:38:42 -0700
Received: from fmsmsx124.amr.corp.intel.com (10.18.125.39) by
 fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 15 Jul 2019 00:38:42 -0700
Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by
 fmsmsx124.amr.corp.intel.com (10.18.125.39) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 15 Jul 2019 00:38:41 -0700
Received: from shsmsx105.ccr.corp.intel.com ([169.254.11.232]) by
 SHSMSX151.ccr.corp.intel.com ([169.254.3.55]) with mapi id 14.03.0439.000;
 Mon, 15 Jul 2019 15:38:39 +0800
From: "Zhang, Xiao" <xiao.zhang@intel.com>
To: Stephen Hemminger <stephen@networkplumber.org>
CC: "dev@dpdk.org" <dev@dpdk.org>, "Zhang, Qi Z" <qi.z.zhang@intel.com>,
 "Wang, Xiao W" <xiao.w.wang@intel.com>, "Xing, Beilei"
 <beilei.xing@intel.com>, "Lu, Wenzhuo" <wenzhuo.lu@intel.com>, "Yang, Qiming"
 <qiming.yang@intel.com>, "Ananyev, Konstantin"
 <konstantin.ananyev@intel.com>, "Wu, Jingjing" <jingjing.wu@intel.com>
Thread-Topic: [dpdk-dev] [DPDK] drivers/net: fix dereference after null
 check coverity
Thread-Index: AQHVOIWSHQvJ8XREfkyMSzORezk1qKbKjiIAgAC/ilA=
Date: Mon, 15 Jul 2019 07:38:39 +0000
Message-ID: <AF0377F445CB2540BB46FF359C1C1BBE0116824D@SHSMSX105.ccr.corp.intel.com>
References: <1562949587-8308-1-git-send-email-xiao.zhang@intel.com>
 <20190714210614.3da438a5@hermes.lan>
In-Reply-To: <20190714210614.3da438a5@hermes.lan>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [DPDK] drivers/net: fix dereference after null check
 coverity
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>


> -----Original Message-----
> From: Stephen Hemminger [mailto:stephen@networkplumber.org]
> Sent: Monday, July 15, 2019 12:06 PM
> To: Zhang, Xiao <xiao.zhang@intel.com>
> Cc: dev@dpdk.org; Zhang, Qi Z <qi.z.zhang@intel.com>; Wang, Xiao W
> <xiao.w.wang@intel.com>; Xing, Beilei <beilei.xing@intel.com>; Lu, Wenzhu=
o
> <wenzhuo.lu@intel.com>; Yang, Qiming <qiming.yang@intel.com>; Ananyev,
> Konstantin <konstantin.ananyev@intel.com>; Wu, Jingjing
> <jingjing.wu@intel.com>
> Subject: Re: [dpdk-dev] [DPDK] drivers/net: fix dereference after null ch=
eck
> coverity
>=20
> On Sat, 13 Jul 2019 00:39:47 +0800
> Xiao Zhang <xiao.zhang@intel.com> wrote:
>=20
> > This patch tries to fix the coverity issues of dereference after null
> > check.
> >
> > Coverity issue: 343452
> > Coverity issue: 343447
> > Coverity issue: 343422
> > Coverity issue: 343416
> > Coverity issue: 343407
> > Coverity issue: 343403
> > Coverity issue: 13245
> >
> > Signed-off-by: Xiao Zhang <xiao.zhang@intel.com>
>=20
> I think this should be fixed deeper in the vector code.
>=20
> Example for ixgbe.
>=20
>=20
> static inline uint16_t
> reassemble_packets(struct ixgbe_rx_queue *rxq, struct rte_mbuf **rx_bufs,
> 		   uint16_t nb_bufs, uint8_t *split_flags) {
> 	struct rte_mbuf *pkts[nb_bufs]; /*finished pkts*/
> 	struct rte_mbuf *start =3D rxq->pkt_first_seg;
>=20
> So start is rxq->pkt_first_seg.
>=20
> But caller has already checked for NULL here.
> It has iterated across the first packets but not updated rxq->first_seg.

Yes, this seems to be a bug but not a coverity issue. I will fix it.

> 	if (rxq->pkt_first_seg =3D=3D NULL) {
> 		/* find the first split flag, and only reassemble then*/
> 		while (i < nb_bufs && !split_flags[i])
> 			i++;
> 		if (i =3D=3D nb_bufs)
> 			return nb_bufs;
> 	}
> 	return i + reassemble_packets(rxq, &rx_pkts[i], nb_bufs - i,