[PATCH] vdpa/ifc/base: fix null pointer dereference

[PATCH] vdpa/ifc/base: fix null pointer dereference

[Andy Pei]

Fix null pointer dereference reported in coverity scan.
Output some log information when lm_cfg is null.
Make lm_cfg is not null before operate on lm_cfg.

Coverity issue: 378882
Fixes: d7fe5a2861e7 ("net/ifc: support live migration")

Signed-off-by: Andy Pei <andy.pei@intel.com>
---
 drivers/vdpa/ifc/base/ifcvf.c       | 31 ++++++++++++++++++++-----------
 drivers/vdpa/ifc/base/ifcvf_osdep.h |  1 +
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/drivers/vdpa/ifc/base/ifcvf.c b/drivers/vdpa/ifc/base/ifcvf.c
index 0a9f71a..f1e1474 100644
--- a/drivers/vdpa/ifc/base/ifcvf.c
+++ b/drivers/vdpa/ifc/base/ifcvf.c
@@ -87,6 +87,8 @@
 	}
 
 	hw->lm_cfg = hw->mem_resource[4].addr;
+	if (!hw->lm_cfg)
+		WARNINGOUT("HW support live migration not support!\n");
 
 	if (hw->common_cfg == NULL || hw->notify_base == NULL ||
 			hw->isr == NULL || hw->dev_cfg == NULL) {
@@ -218,17 +220,19 @@
 				&cfg->queue_used_hi);
 		IFCVF_WRITE_REG16(hw->vring[i].size, &cfg->queue_size);
 
-		if (hw->device_type == IFCVF_BLK)
-			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
-				i * IFCVF_LM_CFG_SIZE) =
-				(u32)hw->vring[i].last_avail_idx |
-				((u32)hw->vring[i].last_used_idx << 16);
-		else
-			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
-				(i / 2) * IFCVF_LM_CFG_SIZE +
-				(i % 2) * 4) =
-				(u32)hw->vring[i].last_avail_idx |
-				((u32)hw->vring[i].last_used_idx << 16);
+		if (lm_cfg) {
+			if (hw->device_type == IFCVF_BLK)
+				*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
+					i * IFCVF_LM_CFG_SIZE) =
+					(u32)hw->vring[i].last_avail_idx |
+					((u32)hw->vring[i].last_used_idx << 16);
+			else
+				*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
+					(i / 2) * IFCVF_LM_CFG_SIZE +
+					(i % 2) * 4) =
+					(u32)hw->vring[i].last_avail_idx |
+					((u32)hw->vring[i].last_used_idx << 16);
+		}
 
 		IFCVF_WRITE_REG16(i + 1, &cfg->queue_msix_vector);
 		if (IFCVF_READ_REG16(&cfg->queue_msix_vector) ==
@@ -320,6 +324,8 @@
 	u8 *lm_cfg;
 
 	lm_cfg = hw->lm_cfg;
+	if (!lm_cfg)
+		return;
 
 	*(u32 *)(lm_cfg + IFCVF_LM_BASE_ADDR_LOW) =
 		log_base & IFCVF_32_BIT_MASK;
@@ -342,6 +348,9 @@
 	u8 *lm_cfg;
 
 	lm_cfg = hw->lm_cfg;
+	if (!lm_cfg)
+		return;
+
 	*(u32 *)(lm_cfg + IFCVF_LM_LOGGING_CTRL) = IFCVF_LM_DISABLE;
 }
 
diff --git a/drivers/vdpa/ifc/base/ifcvf_osdep.h b/drivers/vdpa/ifc/base/ifcvf_osdep.h
index 6aef25e..8a47fcb 100644
--- a/drivers/vdpa/ifc/base/ifcvf_osdep.h
+++ b/drivers/vdpa/ifc/base/ifcvf_osdep.h
@@ -14,6 +14,7 @@
 #include <rte_log.h>
 #include <rte_io.h>
 
+#define WARNINGOUT(S, args...)    RTE_LOG(WARNING, PMD, S, ##args)
 #define DEBUGOUT(S, args...)    RTE_LOG(DEBUG, PMD, S, ##args)
 #define STATIC                  static
 
-- 
1.8.3.1

Re: [PATCH] vdpa/ifc/base: fix null pointer dereference

[Maxime Coquelin]

On 7/8/22 07:57, Andy Pei wrote:
> Fix null pointer dereference reported in coverity scan.
> Output some log information when lm_cfg is null.
> Make lm_cfg is not null before operate on lm_cfg.

Make sure*

> 
> Coverity issue: 378882
> Fixes: d7fe5a2861e7 ("net/ifc: support live migration")
> 
> Signed-off-by: Andy Pei <andy.pei@intel.com>
> ---
>   drivers/vdpa/ifc/base/ifcvf.c       | 31 ++++++++++++++++++++-----------
>   drivers/vdpa/ifc/base/ifcvf_osdep.h |  1 +
>   2 files changed, 21 insertions(+), 11 deletions(-)

Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

Thanks,
Maxime

Re: [PATCH] vdpa/ifc/base: fix null pointer dereference

[Maxime Coquelin]

On 7/8/22 07:57, Andy Pei wrote:
> Fix null pointer dereference reported in coverity scan.
> Output some log information when lm_cfg is null.
> Make lm_cfg is not null before operate on lm_cfg.
> 
> Coverity issue: 378882
> Fixes: d7fe5a2861e7 ("net/ifc: support live migration")
> 
> Signed-off-by: Andy Pei <andy.pei@intel.com>
> ---
>   drivers/vdpa/ifc/base/ifcvf.c       | 31 ++++++++++++++++++++-----------
>   drivers/vdpa/ifc/base/ifcvf_osdep.h |  1 +
>   2 files changed, 21 insertions(+), 11 deletions(-)
> 

Applied to dpdk-next-virtio/main.

Thanks,
Maxime

RE: [PATCH] vdpa/ifc/base: fix null pointer dereference

[Pei, Andy]

Hi Maxime,
Thanks for your efforts.

> -----Original Message-----
> From: Maxime Coquelin <maxime.coquelin@redhat.com>
> Sent: Friday, July 8, 2022 5:11 PM
> To: Pei, Andy <andy.pei@intel.com>; dev@dpdk.org
> Cc: Xia, Chenbo <chenbo.xia@intel.com>; Wang, Xiao W
> <xiao.w.wang@intel.com>
> Subject: Re: [PATCH] vdpa/ifc/base: fix null pointer dereference
> 
> 
> 
> On 7/8/22 07:57, Andy Pei wrote:
> > Fix null pointer dereference reported in coverity scan.
> > Output some log information when lm_cfg is null.
> > Make lm_cfg is not null before operate on lm_cfg.
> >
> > Coverity issue: 378882
> > Fixes: d7fe5a2861e7 ("net/ifc: support live migration")
> >
> > Signed-off-by: Andy Pei <andy.pei@intel.com>
> > ---
> >   drivers/vdpa/ifc/base/ifcvf.c       | 31 ++++++++++++++++++++-----------
> >   drivers/vdpa/ifc/base/ifcvf_osdep.h |  1 +
> >   2 files changed, 21 insertions(+), 11 deletions(-)
> >
> 
> Applied to dpdk-next-virtio/main.
> 
> Thanks,
> Maxime