From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 65131A0527
	for <public@inbox.dpdk.org>; Mon,  9 Nov 2020 19:45:30 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 595406A6F;
	Mon,  9 Nov 2020 19:45:29 +0100 (CET)
Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com
 [209.85.128.52]) by dpdk.org (Postfix) with ESMTP id B36BE69A4
 for <stable@dpdk.org>; Mon,  9 Nov 2020 19:45:27 +0100 (CET)
Received: by mail-wm1-f52.google.com with SMTP id w24so462818wmi.0
 for <stable@dpdk.org>; Mon, 09 Nov 2020 10:45:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=vI5k2AtbLkgjhV9CK5n9UkGhvDugmPkEx2IzoCWy1os=;
 b=Jj+YMGMKZKmEidKFoiuXdZJbDonShsgUNMnfV8JVab6XGqAa7ltiYOPmTIvnaqDUyH
 5Z/TcJKHD1ABoNCPU8T/IR6sAhs4il5jbilf6lVX23f1/PFV75E57JXOKJby3AeN0PVg
 ciuvWuQokMqb57VZd8OramGV0arpMXIEgbzSOtTkEUFHPjMKSE60oTvKzyOU+sdkDEzi
 49bVOT3FGhAsO+fXqphfhwho9Mg+7IEmB4x1xxcyyud8i1CTKsndlrrqnYWj4P+Z1DPE
 a5VhrXZ+d4Noa4E7pXPxIvABbQPSpCjnkeKwCMIWNFUfzz1j+b1KamgIXS+Z9HGl6K4K
 QBjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=vI5k2AtbLkgjhV9CK5n9UkGhvDugmPkEx2IzoCWy1os=;
 b=V7o1LYTISojYTUbId6A1Y40s8ChX3BktdEiXN4r3GWwRElJwBJ0rveVQY/1Z0J0e/4
 m9oEtwf62u8x6zd7k3rJjO7kHvLCczwHadzwyu//fFVgMjPMAdIGw8CaZ9IxaQOVEGbO
 cdm0xdHXXVxmCurzbBht4YyN9tx9Oav4DONmCviJybs55NFKy5ywfOa59XNLXncTG/GM
 n+f3S6OQXtWLEJWv1HLBjjQIUIRo87VraGBkXYxfUFi7q8W/4+/onviyLzvf0FqB80Wz
 B11sdjH+Dpr8WYAJp1Z9goDxfjjNxFKsP9NJRZ4aaRN9b6tKIeqGMKVY+sazy0I2Z3q2
 nl0g==
X-Gm-Message-State: AOAM533nL4xOrhUzUMi9CGWjODo9qxRlVT+u6whdiPmEcagaKmV4bAjT
 jbirdNZSjB6Bbb19AFkK7oQ=
X-Google-Smtp-Source: ABdhPJxzT6FmTrBxscTvJs3B8fXREdiMjNK4PebebC3GThQ0yag1MtXr4LB1tTX2Gmsx7UWX/ZJSFw==
X-Received: by 2002:a1c:b041:: with SMTP id z62mr546569wme.183.1604947526458; 
 Mon, 09 Nov 2020 10:45:26 -0800 (PST)
Received: from localhost ([88.98.246.218])
 by smtp.gmail.com with ESMTPSA id y2sm14568095wrh.0.2020.11.09.10.45.25
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 09 Nov 2020 10:45:25 -0800 (PST)
From: luca.boccassi@gmail.com
To: Wei Huang <wei.huang@intel.com>
Cc: Qi Zhang <qi.z.zhang@intel.com>,
	dpdk stable <stable@dpdk.org>
Date: Mon,  9 Nov 2020 18:41:01 +0000
Message-Id: <20201109184111.3463090-73-luca.boccassi@gmail.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20201109184111.3463090-1-luca.boccassi@gmail.com>
References: <20201028104606.3504127-207-luca.boccassi@gmail.com>
 <20201109184111.3463090-1-luca.boccassi@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-stable] patch 'raw/ifpga: use trusted buffer to free' has
	been queued to stable release 19.11.6
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

Hi,

FYI, your patch has been queued to stable release 19.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/11/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/df2ceeafd3b44d66ffc416019a1fdeedc3c68a32

Thanks.

Luca Boccassi

---
>From df2ceeafd3b44d66ffc416019a1fdeedc3c68a32 Mon Sep 17 00:00:00 2001
From: Wei Huang <wei.huang@intel.com>
Date: Fri, 30 Oct 2020 03:35:07 -0400
Subject: [PATCH] raw/ifpga: use trusted buffer to free

[ upstream commit ceccbcd73829c495e148e3380de916ef4874c104 ]

In rte_fpga_do_pr, calling function read() may taints argument buffer
which turn to an untrusted value as argument of rte_free().

Coverity issue: 279449
Fixes: ef1e8ede3da5 ("raw/ifpga: add Intel FPGA bus rawdev driver")

Signed-off-by: Wei Huang <wei.huang@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
---
 drivers/raw/ifpga/ifpga_rawdev.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/raw/ifpga/ifpga_rawdev.c b/drivers/raw/ifpga/ifpga_rawdev.c
index 05b6de6312..0c5392d082 100644
--- a/drivers/raw/ifpga/ifpga_rawdev.c
+++ b/drivers/raw/ifpga/ifpga_rawdev.c
@@ -780,7 +780,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
 	int file_fd;
 	int ret = 0;
 	ssize_t buffer_size;
-	void *buffer;
+	void *buffer, *buf_to_free;
 	u64 pr_error;
 
 	if (!file_name)
@@ -812,6 +812,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
 		ret = -ENOMEM;
 		goto close_fd;
 	}
+	buf_to_free = buffer;
 
 	/*read the raw data*/
 	if (buffer_size != read(file_fd, (void *)buffer, buffer_size)) {
@@ -829,8 +830,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
 	}
 
 free_buffer:
-	if (buffer)
-		rte_free(buffer);
+	if (buf_to_free)
+		rte_free(buf_to_free);
 close_fd:
 	close(file_fd);
 	file_fd = 0;
-- 
2.27.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-11-09 18:40:13.893459938 +0000
+++ 0073-raw-ifpga-use-trusted-buffer-to-free.patch	2020-11-09 18:40:11.215312589 +0000
@@ -1 +1 @@
-From ceccbcd73829c495e148e3380de916ef4874c104 Mon Sep 17 00:00:00 2001
+From df2ceeafd3b44d66ffc416019a1fdeedc3c68a32 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit ceccbcd73829c495e148e3380de916ef4874c104 ]
+
@@ -11 +12,0 @@
-Cc: stable@dpdk.org
@@ -20 +21 @@
-index f9de1677b4..27129b133e 100644
+index 05b6de6312..0c5392d082 100644
@@ -23 +24 @@
-@@ -786,7 +786,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
+@@ -780,7 +780,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
@@ -32 +33 @@
-@@ -818,6 +818,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
+@@ -812,6 +812,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
@@ -40 +41 @@
-@@ -835,8 +836,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
+@@ -829,8 +830,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,