* [dpdk-stable] [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value @ 2019-06-10 15:51 Tianfei zhang 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 2/4] raw/ifpga_rawdev: fix logically dead code Tianfei zhang ` (3 more replies) 0 siblings, 4 replies; 8+ messages in thread From: Tianfei zhang @ 2019-06-10 15:51 UTC (permalink / raw) To: dev, rosen.xu, stable; +Cc: Tianfei zhang Add checking the buffer size and use const char * for buffer declaration. Coverity issue: 279449 Fixes: ef1e8ede ("raw/ifpga: add Intel FPGA bus rawdev driver") Cc: stable@dpdk.org Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> --- drivers/raw/ifpga_rawdev/base/ifpga_api.c | 4 +-- drivers/raw/ifpga_rawdev/base/ifpga_api.h | 2 +- .../raw/ifpga_rawdev/base/ifpga_feature_dev.h | 2 +- drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c | 27 +++++++++++-------- drivers/raw/ifpga_rawdev/base/opae_hw_api.c | 4 +-- drivers/raw/ifpga_rawdev/base/opae_hw_api.h | 4 +-- drivers/raw/ifpga_rawdev/ifpga_rawdev.c | 7 ++++- 7 files changed, 30 insertions(+), 20 deletions(-) diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.c b/drivers/raw/ifpga_rawdev/base/ifpga_api.c index 3ddbcdc2a..53d101daf 100644 --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.c +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.c @@ -182,7 +182,7 @@ struct opae_bridge_ops ifpga_br_ops = { }; /* Manager APIs */ -static int ifpga_mgr_flash(struct opae_manager *mgr, int id, void *buf, +static int ifpga_mgr_flash(struct opae_manager *mgr, int id, const char *buf, u32 size, u64 *status) { struct ifpga_fme_hw *fme = mgr->data; @@ -324,7 +324,7 @@ struct opae_adapter_ops ifpga_adapter_ops = { * - 0: Success, partial reconfiguration finished. * - <0: Error code returned in partial reconfiguration. **/ -int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, +int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32 size, u64 *status) { if (!is_valid_port_id(hw, port_id)) diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.h b/drivers/raw/ifpga_rawdev/base/ifpga_api.h index 4a247698c..051ab8276 100644 --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.h +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.h @@ -23,7 +23,7 @@ int ifpga_set_irq(struct ifpga_hw *hw, u32 fiu_id, u32 port_id, u32 feature_id, void *irq_set); /* FME APIs */ -int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, +int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32 size, u64 *status); #endif /* _IFPGA_API_H_ */ diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h index bb9fcc289..e243d4273 100644 --- a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h +++ b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h @@ -149,7 +149,7 @@ static inline int fpga_port_reset(struct ifpga_port_hw *port) return ret; } -int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, +int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32 size, u64 *status); int fme_get_prop(struct ifpga_fme_hw *fme, struct feature_prop *prop); diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c index efa72660f..9997942d2 100644 --- a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c +++ b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c @@ -223,8 +223,8 @@ static int fpga_pr_buf_load(struct ifpga_fme_hw *fme_dev, return 0; } -static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, - u64 *status) +static int fme_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, + u32 size, u64 *status) { struct feature_fme_header *fme_hdr; struct feature_fme_capability fme_capability; @@ -269,7 +269,7 @@ static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, /* Disable Port before PR */ fpga_port_disable(port); - ret = fpga_pr_buf_load(fme, &info, (void *)buffer, size); + ret = fpga_pr_buf_load(fme, &info, buffer, size); *status = info.pr_err; @@ -280,27 +280,32 @@ static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, return ret; } -int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, u64 *status) +int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, + u32 size, u64 *status) { - struct bts_header *bts_hdr; - void *buf; + const struct bts_header *bts_hdr; + const char *buf; struct ifpga_port_hw *port; int ret; + u32 header_size; if (!buffer || size == 0) { dev_err(hw, "invalid parameter\n"); return -EINVAL; } - bts_hdr = (struct bts_header *)buffer; + bts_hdr = (const struct bts_header *)buffer; if (is_valid_bts(bts_hdr)) { dev_info(hw, "this is a valid bitsteam..\n"); - size -= (sizeof(struct bts_header) + - bts_hdr->metadata_len); - buf = (u8 *)buffer + sizeof(struct bts_header) + - bts_hdr->metadata_len; + header_size = sizeof(struct bts_header) + + bts_hdr->metadata_len; + if (size < header_size) + return -EINVAL; + size -= header_size; + buf = buffer + header_size; } else { + dev_err(hw, "this is an invalid bitstream..\n"); return -EINVAL; } diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c index 0e117d05e..8964e7984 100644 --- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c +++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c @@ -244,8 +244,8 @@ opae_manager_alloc(const char *name, struct opae_manager_ops *ops, * * Return: 0 on success, otherwise error code. */ -int opae_manager_flash(struct opae_manager *mgr, int id, void *buf, u32 size, - u64 *status) +int opae_manager_flash(struct opae_manager *mgr, int id, const char *buf, + u32 size, u64 *status) { if (!mgr) return -EINVAL; diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h index 383e751cb..63405a471 100644 --- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h +++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h @@ -44,7 +44,7 @@ struct opae_manager { /* FIXME: add more management ops, e.g power/thermal and etc */ struct opae_manager_ops { - int (*flash)(struct opae_manager *mgr, int id, void *buffer, + int (*flash)(struct opae_manager *mgr, int id, const char *buffer, u32 size, u64 *status); int (*get_eth_group_region_info)(struct opae_manager *mgr, struct opae_eth_group_region_info *info); @@ -74,7 +74,7 @@ struct opae_manager * opae_manager_alloc(const char *name, struct opae_manager_ops *ops, struct opae_manager_networking_ops *network_ops, void *data); #define opae_manager_free(mgr) opae_free(mgr) -int opae_manager_flash(struct opae_manager *mgr, int acc_id, void *buf, +int opae_manager_flash(struct opae_manager *mgr, int acc_id, const char *buf, u32 size, u64 *status); int opae_manager_get_eth_group_region_info(struct opae_manager *mgr, u8 group_id, struct opae_eth_group_region_info *info); diff --git a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c index 41be1a205..01aa917de 100644 --- a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c +++ b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c @@ -225,7 +225,7 @@ ifpga_rawdev_reset(struct rte_rawdev *dev) } static int -fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, u64 *buffer, u32 size, +fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, const char *buffer, u32 size, u64 *status) { @@ -296,6 +296,11 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id, goto close_fd; } buffer_size = file_stat.st_size; + if (buffer_size <= 0) { + ret = -EINVAL; + goto close_fd; + } + IFPGA_RAWDEV_PMD_INFO("bitstream file size: %zu\n", buffer_size); buffer = rte_malloc(NULL, buffer_size, 0); if (!buffer) { -- 2.17.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [dpdk-stable] [PATCH v3 2/4] raw/ifpga_rawdev: fix logically dead code 2019-06-10 15:51 [dpdk-stable] [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value Tianfei zhang @ 2019-06-10 15:51 ` Tianfei zhang 2019-06-11 2:30 ` Xu, Rosen 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 3/4] raw/ifpga_rawdev/base: fix bit fields definition Tianfei zhang ` (2 subsequent siblings) 3 siblings, 1 reply; 8+ messages in thread From: Tianfei zhang @ 2019-06-10 15:51 UTC (permalink / raw) To: dev, rosen.xu, stable; +Cc: Tianfei zhang add temporary variable in max10_reg_write(). Coverity issue: 337927 Fixes: 96ebfcf ("raw/ifpga/base: add SPI and MAX10 device driver") Cc: stable@dpdk.org Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> --- drivers/raw/ifpga_rawdev/base/opae_intel_max10.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/raw/ifpga_rawdev/base/opae_intel_max10.c b/drivers/raw/ifpga_rawdev/base/opae_intel_max10.c index f354ee4b6..3ff6575d7 100644 --- a/drivers/raw/ifpga_rawdev/base/opae_intel_max10.c +++ b/drivers/raw/ifpga_rawdev/base/opae_intel_max10.c @@ -17,11 +17,13 @@ int max10_reg_read(unsigned int reg, unsigned int *val) int max10_reg_write(unsigned int reg, unsigned int val) { + unsigned int tmp = val; + if (!g_max10) return -ENODEV; return spi_transaction_write(g_max10->spi_tran_dev, - reg, 4, (unsigned char *)&val); + reg, 4, (unsigned char *)&tmp); } struct intel_max10_device * @@ -57,7 +59,7 @@ intel_max10_device_probe(struct altera_spi_device *spi, /* set PKVL Polling manually in BBS */ ret = max10_reg_write(PKVL_POLLING_CTRL, 0x3); - if (ret) { + if (ret != 0) { dev_err(dev, "%s set PKVL polling fail\n", __func__); goto spi_tran_fail; } -- 2.17.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [PATCH v3 2/4] raw/ifpga_rawdev: fix logically dead code 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 2/4] raw/ifpga_rawdev: fix logically dead code Tianfei zhang @ 2019-06-11 2:30 ` Xu, Rosen 0 siblings, 0 replies; 8+ messages in thread From: Xu, Rosen @ 2019-06-11 2:30 UTC (permalink / raw) To: Zhang, Tianfei, dev, stable > -----Original Message----- > From: Zhang, Tianfei > Sent: Monday, June 10, 2019 23:52 > To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; stable@dpdk.org > Cc: Zhang, Tianfei <tianfei.zhang@intel.com> > Subject: [PATCH v3 2/4] raw/ifpga_rawdev: fix logically dead code > > add temporary variable in max10_reg_write(). > > Coverity issue: 337927 > Fixes: 96ebfcf ("raw/ifpga/base: add SPI and MAX10 device driver") > Cc: stable@dpdk.org > > Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> > --- > drivers/raw/ifpga_rawdev/base/opae_intel_max10.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/raw/ifpga_rawdev/base/opae_intel_max10.c > b/drivers/raw/ifpga_rawdev/base/opae_intel_max10.c > index f354ee4b6..3ff6575d7 100644 > --- a/drivers/raw/ifpga_rawdev/base/opae_intel_max10.c > +++ b/drivers/raw/ifpga_rawdev/base/opae_intel_max10.c > @@ -17,11 +17,13 @@ int max10_reg_read(unsigned int reg, unsigned int > *val) > > int max10_reg_write(unsigned int reg, unsigned int val) { > + unsigned int tmp = val; > + > if (!g_max10) > return -ENODEV; > > return spi_transaction_write(g_max10->spi_tran_dev, > - reg, 4, (unsigned char *)&val); > + reg, 4, (unsigned char *)&tmp); > } > > struct intel_max10_device * > @@ -57,7 +59,7 @@ intel_max10_device_probe(struct altera_spi_device > *spi, > > /* set PKVL Polling manually in BBS */ > ret = max10_reg_write(PKVL_POLLING_CTRL, 0x3); > - if (ret) { > + if (ret != 0) { > dev_err(dev, "%s set PKVL polling fail\n", __func__); > goto spi_tran_fail; > } > -- > 2.17.1 Acked-by: Rosen Xu <rosen.xu@intel.com> ^ permalink raw reply [flat|nested] 8+ messages in thread
* [dpdk-stable] [PATCH v3 3/4] raw/ifpga_rawdev/base: fix bit fields definition 2019-06-10 15:51 [dpdk-stable] [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value Tianfei zhang 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 2/4] raw/ifpga_rawdev: fix logically dead code Tianfei zhang @ 2019-06-10 15:51 ` Tianfei zhang 2019-06-11 2:31 ` Xu, Rosen 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 4/4] raw/ifpga_rawdev/base: fix miss physical address Tianfei zhang 2019-06-11 2:29 ` [dpdk-stable] [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value Xu, Rosen 3 siblings, 1 reply; 8+ messages in thread From: Tianfei zhang @ 2019-06-10 15:51 UTC (permalink / raw) To: dev, rosen.xu, stable; +Cc: Tianfei zhang Fix CTRL_DEV_SELECT bit fields definition about eth_group devices. Fixes: 8a256bef32 ("raw/ifpga/base: add eth group driver") Cc: stable@dpdk.org Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> --- drivers/raw/ifpga_rawdev/base/opae_eth_group.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/raw/ifpga_rawdev/base/opae_eth_group.h b/drivers/raw/ifpga_rawdev/base/opae_eth_group.h index 8d695cc8e..a66d77e27 100644 --- a/drivers/raw/ifpga_rawdev/base/opae_eth_group.h +++ b/drivers/raw/ifpga_rawdev/base/opae_eth_group.h @@ -31,7 +31,7 @@ #define CMD_NOP 0ULL #define CMD_RD 1ULL #define CMD_WR 2ULL -#define CTRL_DEV_SELECT GENMASK_ULL(52, 49) +#define CTRL_DEV_SELECT GENMASK_ULL(53, 49) #define CTRL_DS_SHIFT 49 #define CTRL_FEAT_SELECT BIT_ULL(48) #define SELECT_IP 0 -- 2.17.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [PATCH v3 3/4] raw/ifpga_rawdev/base: fix bit fields definition 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 3/4] raw/ifpga_rawdev/base: fix bit fields definition Tianfei zhang @ 2019-06-11 2:31 ` Xu, Rosen 0 siblings, 0 replies; 8+ messages in thread From: Xu, Rosen @ 2019-06-11 2:31 UTC (permalink / raw) To: Zhang, Tianfei, dev, stable > -----Original Message----- > From: Zhang, Tianfei > Sent: Monday, June 10, 2019 23:52 > To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; stable@dpdk.org > Cc: Zhang, Tianfei <tianfei.zhang@intel.com> > Subject: [PATCH v3 3/4] raw/ifpga_rawdev/base: fix bit fields definition > > Fix CTRL_DEV_SELECT bit fields definition about eth_group devices. > > Fixes: 8a256bef32 ("raw/ifpga/base: add eth group driver") > Cc: stable@dpdk.org > > Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> > --- > drivers/raw/ifpga_rawdev/base/opae_eth_group.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/raw/ifpga_rawdev/base/opae_eth_group.h > b/drivers/raw/ifpga_rawdev/base/opae_eth_group.h > index 8d695cc8e..a66d77e27 100644 > --- a/drivers/raw/ifpga_rawdev/base/opae_eth_group.h > +++ b/drivers/raw/ifpga_rawdev/base/opae_eth_group.h > @@ -31,7 +31,7 @@ > #define CMD_NOP 0ULL > #define CMD_RD 1ULL > #define CMD_WR 2ULL > -#define CTRL_DEV_SELECT GENMASK_ULL(52, 49) > +#define CTRL_DEV_SELECT GENMASK_ULL(53, 49) > #define CTRL_DS_SHIFT 49 > #define CTRL_FEAT_SELECT BIT_ULL(48) > #define SELECT_IP 0 > -- > 2.17.1 Acked-by: Rosen Xu <rosen.xu@intel.com> ^ permalink raw reply [flat|nested] 8+ messages in thread
* [dpdk-stable] [PATCH v3 4/4] raw/ifpga_rawdev/base: fix miss physical address 2019-06-10 15:51 [dpdk-stable] [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value Tianfei zhang 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 2/4] raw/ifpga_rawdev: fix logically dead code Tianfei zhang 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 3/4] raw/ifpga_rawdev/base: fix bit fields definition Tianfei zhang @ 2019-06-10 15:51 ` Tianfei zhang 2019-06-11 2:31 ` Xu, Rosen 2019-06-11 2:29 ` [dpdk-stable] [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value Xu, Rosen 3 siblings, 1 reply; 8+ messages in thread From: Tianfei zhang @ 2019-06-10 15:51 UTC (permalink / raw) To: dev, rosen.xu, stable; +Cc: Tianfei zhang Fix miss phy_addr on ifpga_acc_get_region_info() function. Fixes: 56bb54ea1bd ("raw/ifpga/base: add Intel FPGA OPAE share code") Cc: stable@dpdk.org Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> --- drivers/raw/ifpga_rawdev/base/ifpga_api.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.c b/drivers/raw/ifpga_rawdev/base/ifpga_api.c index 53d101daf..7ae626d64 100644 --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.c +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.c @@ -76,6 +76,7 @@ static int ifpga_acc_get_region_info(struct opae_accelerator *acc, info->flags = ACC_REGION_READ | ACC_REGION_WRITE | ACC_REGION_MMIO; info->len = afu_info->region[info->index].len; info->addr = afu_info->region[info->index].addr; + info->phys_addr = afu_info->region[info->index].phys_addr; return 0; } -- 2.17.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [PATCH v3 4/4] raw/ifpga_rawdev/base: fix miss physical address 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 4/4] raw/ifpga_rawdev/base: fix miss physical address Tianfei zhang @ 2019-06-11 2:31 ` Xu, Rosen 0 siblings, 0 replies; 8+ messages in thread From: Xu, Rosen @ 2019-06-11 2:31 UTC (permalink / raw) To: Zhang, Tianfei, dev, stable > -----Original Message----- > From: Zhang, Tianfei > Sent: Monday, June 10, 2019 23:52 > To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; stable@dpdk.org > Cc: Zhang, Tianfei <tianfei.zhang@intel.com> > Subject: [PATCH v3 4/4] raw/ifpga_rawdev/base: fix miss physical address > > Fix miss phy_addr on ifpga_acc_get_region_info() function. > > Fixes: 56bb54ea1bd ("raw/ifpga/base: add Intel FPGA OPAE share code") > Cc: stable@dpdk.org > > Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> > --- > drivers/raw/ifpga_rawdev/base/ifpga_api.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.c > b/drivers/raw/ifpga_rawdev/base/ifpga_api.c > index 53d101daf..7ae626d64 100644 > --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.c > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.c > @@ -76,6 +76,7 @@ static int ifpga_acc_get_region_info(struct > opae_accelerator *acc, > info->flags = ACC_REGION_READ | ACC_REGION_WRITE | > ACC_REGION_MMIO; > info->len = afu_info->region[info->index].len; > info->addr = afu_info->region[info->index].addr; > + info->phys_addr = afu_info->region[info->index].phys_addr; > > return 0; > } > -- > 2.17.1 Acked-by: Rosen Xu <rosen.xu@intel.com> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-stable] [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value 2019-06-10 15:51 [dpdk-stable] [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value Tianfei zhang ` (2 preceding siblings ...) 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 4/4] raw/ifpga_rawdev/base: fix miss physical address Tianfei zhang @ 2019-06-11 2:29 ` Xu, Rosen 3 siblings, 0 replies; 8+ messages in thread From: Xu, Rosen @ 2019-06-11 2:29 UTC (permalink / raw) To: Zhang, Tianfei, dev, stable > -----Original Message----- > From: Zhang, Tianfei > Sent: Monday, June 10, 2019 23:52 > To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; stable@dpdk.org > Cc: Zhang, Tianfei <tianfei.zhang@intel.com> > Subject: [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value > > Add checking the buffer size and use > const char * for buffer declaration. > > Coverity issue: 279449 > Fixes: ef1e8ede ("raw/ifpga: add Intel FPGA bus rawdev driver") > Cc: stable@dpdk.org > > Signed-off-by: Tianfei zhang <tianfei.zhang@intel.com> > --- > drivers/raw/ifpga_rawdev/base/ifpga_api.c | 4 +-- > drivers/raw/ifpga_rawdev/base/ifpga_api.h | 2 +- > .../raw/ifpga_rawdev/base/ifpga_feature_dev.h | 2 +- > drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c | 27 +++++++++++-------- > drivers/raw/ifpga_rawdev/base/opae_hw_api.c | 4 +-- > drivers/raw/ifpga_rawdev/base/opae_hw_api.h | 4 +-- > drivers/raw/ifpga_rawdev/ifpga_rawdev.c | 7 ++++- > 7 files changed, 30 insertions(+), 20 deletions(-) > > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.c > b/drivers/raw/ifpga_rawdev/base/ifpga_api.c > index 3ddbcdc2a..53d101daf 100644 > --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.c > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.c > @@ -182,7 +182,7 @@ struct opae_bridge_ops ifpga_br_ops = { }; > > /* Manager APIs */ > -static int ifpga_mgr_flash(struct opae_manager *mgr, int id, void *buf, > +static int ifpga_mgr_flash(struct opae_manager *mgr, int id, const char > +*buf, > u32 size, u64 *status) > { > struct ifpga_fme_hw *fme = mgr->data; > @@ -324,7 +324,7 @@ struct opae_adapter_ops ifpga_adapter_ops = { > * - 0: Success, partial reconfiguration finished. > * - <0: Error code returned in partial reconfiguration. > **/ > -int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, > +int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32 > +size, > u64 *status) > { > if (!is_valid_port_id(hw, port_id)) > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.h > b/drivers/raw/ifpga_rawdev/base/ifpga_api.h > index 4a247698c..051ab8276 100644 > --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.h > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.h > @@ -23,7 +23,7 @@ int ifpga_set_irq(struct ifpga_hw *hw, u32 fiu_id, u32 > port_id, > u32 feature_id, void *irq_set); > > /* FME APIs */ > -int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, > +int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32 > +size, > u64 *status); > > #endif /* _IFPGA_API_H_ */ > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h > b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h > index bb9fcc289..e243d4273 100644 > --- a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h > @@ -149,7 +149,7 @@ static inline int fpga_port_reset(struct ifpga_port_hw > *port) > return ret; > } > > -int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, > +int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32 > +size, > u64 *status); > > int fme_get_prop(struct ifpga_fme_hw *fme, struct feature_prop *prop); > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c > b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c > index efa72660f..9997942d2 100644 > --- a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c > @@ -223,8 +223,8 @@ static int fpga_pr_buf_load(struct ifpga_fme_hw > *fme_dev, > return 0; > } > > -static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, > - u64 *status) > +static int fme_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, > + u32 size, u64 *status) > { > struct feature_fme_header *fme_hdr; > struct feature_fme_capability fme_capability; @@ -269,7 +269,7 @@ > static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, > /* Disable Port before PR */ > fpga_port_disable(port); > > - ret = fpga_pr_buf_load(fme, &info, (void *)buffer, size); > + ret = fpga_pr_buf_load(fme, &info, buffer, size); > > *status = info.pr_err; > > @@ -280,27 +280,32 @@ static int fme_pr(struct ifpga_hw *hw, u32 port_id, > void *buffer, u32 size, > return ret; > } > > -int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, u64 > *status) > +int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, > + u32 size, u64 *status) > { > - struct bts_header *bts_hdr; > - void *buf; > + const struct bts_header *bts_hdr; > + const char *buf; > struct ifpga_port_hw *port; > int ret; > + u32 header_size; > > if (!buffer || size == 0) { > dev_err(hw, "invalid parameter\n"); > return -EINVAL; > } > > - bts_hdr = (struct bts_header *)buffer; > + bts_hdr = (const struct bts_header *)buffer; > > if (is_valid_bts(bts_hdr)) { > dev_info(hw, "this is a valid bitsteam..\n"); > - size -= (sizeof(struct bts_header) + > - bts_hdr->metadata_len); > - buf = (u8 *)buffer + sizeof(struct bts_header) + > - bts_hdr->metadata_len; > + header_size = sizeof(struct bts_header) + > + bts_hdr->metadata_len; > + if (size < header_size) > + return -EINVAL; > + size -= header_size; > + buf = buffer + header_size; > } else { > + dev_err(hw, "this is an invalid bitstream..\n"); > return -EINVAL; > } > > diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c > b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c > index 0e117d05e..8964e7984 100644 > --- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c > +++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c > @@ -244,8 +244,8 @@ opae_manager_alloc(const char *name, struct > opae_manager_ops *ops, > * > * Return: 0 on success, otherwise error code. > */ > -int opae_manager_flash(struct opae_manager *mgr, int id, void *buf, u32 > size, > - u64 *status) > +int opae_manager_flash(struct opae_manager *mgr, int id, const char *buf, > + u32 size, u64 *status) > { > if (!mgr) > return -EINVAL; > diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h > b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h > index 383e751cb..63405a471 100644 > --- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h > +++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h > @@ -44,7 +44,7 @@ struct opae_manager { > > /* FIXME: add more management ops, e.g power/thermal and etc */ struct > opae_manager_ops { > - int (*flash)(struct opae_manager *mgr, int id, void *buffer, > + int (*flash)(struct opae_manager *mgr, int id, const char *buffer, > u32 size, u64 *status); > int (*get_eth_group_region_info)(struct opae_manager *mgr, > struct opae_eth_group_region_info *info); @@ -74,7 > +74,7 @@ struct opae_manager * opae_manager_alloc(const char *name, > struct opae_manager_ops *ops, > struct opae_manager_networking_ops *network_ops, void > *data); #define opae_manager_free(mgr) opae_free(mgr) -int > opae_manager_flash(struct opae_manager *mgr, int acc_id, void *buf, > +int opae_manager_flash(struct opae_manager *mgr, int acc_id, const char > +*buf, > u32 size, u64 *status); > int opae_manager_get_eth_group_region_info(struct opae_manager *mgr, > u8 group_id, struct opae_eth_group_region_info *info); diff - > -git a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c > b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c > index 41be1a205..01aa917de 100644 > --- a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c > +++ b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c > @@ -225,7 +225,7 @@ ifpga_rawdev_reset(struct rte_rawdev *dev) } > > static int > -fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, u64 *buffer, u32 size, > +fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, const char *buffer, > +u32 size, > u64 *status) > { > > @@ -296,6 +296,11 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int > port_id, > goto close_fd; > } > buffer_size = file_stat.st_size; > + if (buffer_size <= 0) { > + ret = -EINVAL; > + goto close_fd; > + } > + > IFPGA_RAWDEV_PMD_INFO("bitstream file size: %zu\n", buffer_size); > buffer = rte_malloc(NULL, buffer_size, 0); > if (!buffer) { > -- > 2.17.1 Acked-by: Rosen Xu <rosen.xu@intel.com> ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-06-11 2:31 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-06-10 15:51 [dpdk-stable] [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value Tianfei zhang 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 2/4] raw/ifpga_rawdev: fix logically dead code Tianfei zhang 2019-06-11 2:30 ` Xu, Rosen 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 3/4] raw/ifpga_rawdev/base: fix bit fields definition Tianfei zhang 2019-06-11 2:31 ` Xu, Rosen 2019-06-10 15:51 ` [dpdk-stable] [PATCH v3 4/4] raw/ifpga_rawdev/base: fix miss physical address Tianfei zhang 2019-06-11 2:31 ` Xu, Rosen 2019-06-11 2:29 ` [dpdk-stable] [PATCH v3 1/4] raw/ifpga_rawdev: fix use of untrusted scalar value Xu, Rosen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).