From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 8CEACA0C46
	for <public@inbox.dpdk.org>; Fri, 23 Jul 2021 04:23:00 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 7F2C7410E2;
	Fri, 23 Jul 2021 04:23:00 +0200 (CEST)
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mails.dpdk.org (Postfix) with ESMTP id 41AFC40E6E;
 Fri, 23 Jul 2021 04:22:58 +0200 (CEST)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AB4CE113E;
 Thu, 22 Jul 2021 19:22:57 -0700 (PDT)
Received: from wls-arm-cavium06.shanghai.arm.com
 (wls-arm-cavium06.shanghai.arm.com [10.169.206.120])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 20B393F694;
 Thu, 22 Jul 2021 19:22:55 -0700 (PDT)
From: Richael Zhuang <richael.zhuang@arm.com>
To: dev@dpdk.org
Cc: richael.zhuang@arm.com, stable@dpdk.org, David Hunt <david.hunt@intel.com>
Date: Fri, 23 Jul 2021 10:22:42 +0800
Message-Id: <20210723022242.8092-2-richael.zhuang@arm.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20210723022242.8092-1-richael.zhuang@arm.com>
References: <20210723021313.7085-2-richael.zhuang@arm.com>
 <20210723022242.8092-1-richael.zhuang@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-stable] [PATCH v3 1/1] power: check freq count before filling
 the freqs array
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

The freqs array size is RTE_MAX_LCORE_FREQS. Before filling the
array with num_freqs elements, restrict the total num to
RTE_MAX_LCORE_FREQS. This fix aims to fix the coverity scan issue
like:
Overrunning array "pi->freqs" of 256 bytes by passing it to a
function which accesses it at byte offset 464.

Coverity issue: 371913
Fixes: ef1cc88f1837 ("power: support cppc_cpufreq driver")
Cc: richael.zhuang@arm.com
Cc: stable@dpdk.org

Signed-off-by: Richael Zhuang <richael.zhuang@arm.com>
---
 lib/power/power_cppc_cpufreq.c   | 5 +++++
 lib/power/power_pstate_cpufreq.c | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/lib/power/power_cppc_cpufreq.c b/lib/power/power_cppc_cpufreq.c
index e92973ab54..db63c2cc10 100644
--- a/lib/power/power_cppc_cpufreq.c
+++ b/lib/power/power_cppc_cpufreq.c
@@ -246,6 +246,11 @@ power_get_available_freqs(struct cppc_power_info *pi)
 			pi->nominal_perf * UNIT_DIFF : pi->nominal_perf;
 	num_freqs = (nominal_perf - scaling_min_freq) / BUS_FREQ + 1 +
 		pi->turbo_available;
+	if (num_freqs >= RTE_MAX_LCORE_FREQS) {
+		RTE_LOG(ERR, POWER, "Too many available frequencies : %d\n",
+				num_freqs);
+		goto out;
+	}
 
 	/* Generate the freq bucket array. */
 	for (i = 0, pi->nb_freqs = 0; i < num_freqs; i++) {
diff --git a/lib/power/power_pstate_cpufreq.c b/lib/power/power_pstate_cpufreq.c
index 3b607515fd..619090c8d1 100644
--- a/lib/power/power_pstate_cpufreq.c
+++ b/lib/power/power_pstate_cpufreq.c
@@ -419,6 +419,11 @@ power_get_available_freqs(struct pstate_power_info *pi)
 	 */
 	num_freqs = (base_max_freq - sys_min_freq) / BUS_FREQ + 1 +
 		pi->turbo_available;
+	if (num_freqs >= RTE_MAX_LCORE_FREQS) {
+		RTE_LOG(ERR, POWER, "Too many available frequencies : %d\n",
+				num_freqs);
+		goto out;
+	}
 
 	/* Generate the freq bucket array.
 	 * If turbo is available the freq bucket[0] value is base_max +1
-- 
2.20.1