From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 210EAA0032
	for <public@inbox.dpdk.org>; Tue, 12 Jul 2022 09:45:32 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 19DF5427EE;
	Tue, 12 Jul 2022 09:45:32 +0200 (CEST)
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
 by mails.dpdk.org (Postfix) with ESMTP id 22B12427EE
 for <stable@dpdk.org>; Tue, 12 Jul 2022 09:45:31 +0200 (CEST)
Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com
 [209.85.218.70])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id DFE0A40A63
 for <stable@dpdk.org>; Tue, 12 Jul 2022 07:45:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1657611930;
 bh=KaO1Bfa1qH1+J8kdoYukk/qDcMFqJqa1C/szPGPkkJM=;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=qkcNg8GRmC1WJo00IS7aoxhSTXAC6PhW6/WRcVkLailOU32onGcjgAb7pq8yjrIXt
 70u8wvdQjaNJ47UJtTaa6aD6gnHRPmm53wpz0fhyeV3L8MqbMX1t0gtbu0Fe1PslIt
 fPWxuYgUnkLDByc7/8xQGNNA+pAC4Yiau7bPRmDZMRB8lcLszjmw5kB5WUvzRtVNQR
 oOr1EzS508GFUxbjlcDJfEskIPvRm6wKF/zcKabzQ6G+u/PfLVvcGCkrV3mzLyEBrS
 lzjFaU1v3Y6smtOupKRvYCnmB0eKIjd0Pptd7ZDGgC1nsw9zKUDwlW8Ug5XhRzqHnT
 2CluPHGR9o8Og==
Received: by mail-ej1-f70.google.com with SMTP id
 jg29-20020a170907971d00b0072b5acf30e7so1612562ejc.8
 for <stable@dpdk.org>; Tue, 12 Jul 2022 00:45:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=KaO1Bfa1qH1+J8kdoYukk/qDcMFqJqa1C/szPGPkkJM=;
 b=tw7bUYRK80i24G5megbAgqtpXJv6RXNpIErLiTVzlB3J/Jh/bU+PlKyqiFQdyysGM0
 TUjSeGzBAT082bD6wUUdlfcE4oAGy7MwglVZcHzD9v0O56X09/MnkcwHYDPrF8taTKuW
 pqAcBAWuxu1KQqeuZKjpovMbzh/f8IaKSdQ4gTvbRlMcGcSmFhXgd1D3ntWFbvJurQjD
 PJ0+3STXCAjzOa7fkD4W3yGv+hXrJ2Nidj++sryGs0qs7ghWyRHk95Wp9W8rQ2MxVkUx
 cJ3OlibO+M7tmZilsdAfwSO6n4Bk1FSu9e9SmK95KFPuAwOtxqF7FIKiQZ1K/WRoDQTe
 BEpg==
X-Gm-Message-State: AJIora/VeGlzl9Mw3O4qK4ddS2fX6Up5wyZWkploM4lF2ZBNOFeVeqqR
 I9Z/vKpblZV6A4iTYfPL8mztodSFboprX9oA17R+cOtkbY0gNwgCyvv/8q5LU4aebTFBZ6aiViG
 VmmZIdt4cXWXjV8vEw45XbSD3
X-Received: by 2002:a05:6402:695:b0:435:65f3:38c2 with SMTP id
 f21-20020a056402069500b0043565f338c2mr30843078edy.347.1657611930048; 
 Tue, 12 Jul 2022 00:45:30 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1uGSAl4azvGyQY8w+VOo7PqGQ/gqAgbfNhotcHbV3/UwPOawc+vpIeqwMu4ilWooPcHMw/sIw==
X-Received: by 2002:a05:6402:695:b0:435:65f3:38c2 with SMTP id
 f21-20020a056402069500b0043565f338c2mr30843061edy.347.1657611929849; 
 Tue, 12 Jul 2022 00:45:29 -0700 (PDT)
Received: from Keschdeichel.fritz.box
 ([2a02:6d40:3a4f:7b00:782f:b1cc:ad02:593b])
 by smtp.gmail.com with ESMTPSA id
 en19-20020a056402529300b0043aecea29a6sm617661edb.3.2022.07.12.00.45.29
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 12 Jul 2022 00:45:29 -0700 (PDT)
From: christian.ehrhardt@canonical.com
To: Andy Pei <andy.pei@intel.com>
Cc: Maxime Coquelin <maxime.coquelin@redhat.com>, dpdk stable <stable@dpdk.org>
Subject: patch 'vdpa/ifc/base: fix null pointer dereference' has been queued
 to stable release 19.11.13
Date: Tue, 12 Jul 2022 09:45:22 +0200
Message-Id: <20220712074522.3704914-2-christian.ehrhardt@canonical.com>
X-Mailer: git-send-email 2.37.0
In-Reply-To: <20220712074522.3704914-1-christian.ehrhardt@canonical.com>
References: <20220712074522.3704914-1-christian.ehrhardt@canonical.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 19.11.13

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 07/14/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/d8cf14f38336b9dadd39f5d68be25f7a6d310f95

Thanks.

Christian Ehrhardt <christian.ehrhardt@canonical.com>

---
>From d8cf14f38336b9dadd39f5d68be25f7a6d310f95 Mon Sep 17 00:00:00 2001
From: Andy Pei <andy.pei@intel.com>
Date: Fri, 8 Jul 2022 13:57:41 +0800
Subject: [PATCH] vdpa/ifc/base: fix null pointer dereference

[ upstream commit 60600018d3c6ae9ab4c24f9acb5c213bf9a21aaf ]

Fix null pointer dereference reported in coverity scan.
Output some log information when lm_cfg is null.
Make sure lm_cfg is not null before operate on lm_cfg.

Coverity issue: 378882
Fixes: d7fe5a2861e7 ("net/ifc: support live migration")

Signed-off-by: Andy Pei <andy.pei@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
 drivers/net/ifc/base/ifcvf.c       | 17 +++++++++++++----
 drivers/net/ifc/base/ifcvf_osdep.h |  1 +
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/drivers/net/ifc/base/ifcvf.c b/drivers/net/ifc/base/ifcvf.c
index d10c1fd6a4..f3c29f94b3 100644
--- a/drivers/net/ifc/base/ifcvf.c
+++ b/drivers/net/ifc/base/ifcvf.c
@@ -87,6 +87,8 @@ next:
 	}
 
 	hw->lm_cfg = hw->mem_resource[4].addr;
+	if (!hw->lm_cfg)
+		WARNINGOUT("HW support live migration not support!\n");
 
 	if (hw->common_cfg == NULL || hw->notify_base == NULL ||
 			hw->isr == NULL || hw->dev_cfg == NULL) {
@@ -218,10 +220,12 @@ ifcvf_hw_enable(struct ifcvf_hw *hw)
 				&cfg->queue_used_hi);
 		IFCVF_WRITE_REG16(hw->vring[i].size, &cfg->queue_size);
 
-		*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
-				(i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) * 4) =
-			(u32)hw->vring[i].last_avail_idx |
-			((u32)hw->vring[i].last_used_idx << 16);
+		if (lm_cfg) {
+			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
+					(i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) * 4) =
+				(u32)hw->vring[i].last_avail_idx |
+				((u32)hw->vring[i].last_used_idx << 16);
+		}
 
 		IFCVF_WRITE_REG16(i + 1, &cfg->queue_msix_vector);
 		if (IFCVF_READ_REG16(&cfg->queue_msix_vector) ==
@@ -291,6 +295,8 @@ ifcvf_enable_logging(struct ifcvf_hw *hw, u64 log_base, u64 log_size)
 	u8 *lm_cfg;
 
 	lm_cfg = hw->lm_cfg;
+	if (!lm_cfg)
+		return;
 
 	*(u32 *)(lm_cfg + IFCVF_LM_BASE_ADDR_LOW) =
 		log_base & IFCVF_32_BIT_MASK;
@@ -313,6 +319,9 @@ ifcvf_disable_logging(struct ifcvf_hw *hw)
 	u8 *lm_cfg;
 
 	lm_cfg = hw->lm_cfg;
+	if (!lm_cfg)
+		return;
+
 	*(u32 *)(lm_cfg + IFCVF_LM_LOGGING_CTRL) = IFCVF_LM_DISABLE;
 }
 
diff --git a/drivers/net/ifc/base/ifcvf_osdep.h b/drivers/net/ifc/base/ifcvf_osdep.h
index 6aef25ea45..3d567695cc 100644
--- a/drivers/net/ifc/base/ifcvf_osdep.h
+++ b/drivers/net/ifc/base/ifcvf_osdep.h
@@ -14,6 +14,7 @@
 #include <rte_log.h>
 #include <rte_io.h>
 
+#define WARNINGOUT(S, args...)  RTE_LOG(WARNING, PMD, S, ##args)
 #define DEBUGOUT(S, args...)    RTE_LOG(DEBUG, PMD, S, ##args)
 #define STATIC                  static
 
-- 
2.37.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-07-12 09:44:11.761243494 +0200
+++ 0002-vdpa-ifc-base-fix-null-pointer-dereference.patch	2022-07-12 09:44:11.676834710 +0200
@@ -1 +1 @@
-From 60600018d3c6ae9ab4c24f9acb5c213bf9a21aaf Mon Sep 17 00:00:00 2001
+From d8cf14f38336b9dadd39f5d68be25f7a6d310f95 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 60600018d3c6ae9ab4c24f9acb5c213bf9a21aaf ]
+
@@ -12 +13,0 @@
-Cc: stable@dpdk.org
@@ -17,3 +18,3 @@
- drivers/vdpa/ifc/base/ifcvf.c       | 31 +++++++++++++++++++----------
- drivers/vdpa/ifc/base/ifcvf_osdep.h |  1 +
- 2 files changed, 21 insertions(+), 11 deletions(-)
+ drivers/net/ifc/base/ifcvf.c       | 17 +++++++++++++----
+ drivers/net/ifc/base/ifcvf_osdep.h |  1 +
+ 2 files changed, 14 insertions(+), 4 deletions(-)
@@ -21,4 +22,4 @@
-diff --git a/drivers/vdpa/ifc/base/ifcvf.c b/drivers/vdpa/ifc/base/ifcvf.c
-index 0a9f71a960..f1e1474447 100644
---- a/drivers/vdpa/ifc/base/ifcvf.c
-+++ b/drivers/vdpa/ifc/base/ifcvf.c
+diff --git a/drivers/net/ifc/base/ifcvf.c b/drivers/net/ifc/base/ifcvf.c
+index d10c1fd6a4..f3c29f94b3 100644
+--- a/drivers/net/ifc/base/ifcvf.c
++++ b/drivers/net/ifc/base/ifcvf.c
@@ -34 +35 @@
-@@ -218,17 +220,19 @@ ifcvf_hw_enable(struct ifcvf_hw *hw)
+@@ -218,10 +220,12 @@ ifcvf_hw_enable(struct ifcvf_hw *hw)
@@ -38,11 +39,4 @@
--		if (hw->device_type == IFCVF_BLK)
--			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
--				i * IFCVF_LM_CFG_SIZE) =
--				(u32)hw->vring[i].last_avail_idx |
--				((u32)hw->vring[i].last_used_idx << 16);
--		else
--			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
--				(i / 2) * IFCVF_LM_CFG_SIZE +
--				(i % 2) * 4) =
--				(u32)hw->vring[i].last_avail_idx |
--				((u32)hw->vring[i].last_used_idx << 16);
+-		*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
+-				(i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) * 4) =
+-			(u32)hw->vring[i].last_avail_idx |
+-			((u32)hw->vring[i].last_used_idx << 16);
@@ -50,11 +44,4 @@
-+			if (hw->device_type == IFCVF_BLK)
-+				*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
-+					i * IFCVF_LM_CFG_SIZE) =
-+					(u32)hw->vring[i].last_avail_idx |
-+					((u32)hw->vring[i].last_used_idx << 16);
-+			else
-+				*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
-+					(i / 2) * IFCVF_LM_CFG_SIZE +
-+					(i % 2) * 4) =
-+					(u32)hw->vring[i].last_avail_idx |
-+					((u32)hw->vring[i].last_used_idx << 16);
++			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
++					(i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) * 4) =
++				(u32)hw->vring[i].last_avail_idx |
++				((u32)hw->vring[i].last_used_idx << 16);
@@ -65 +52 @@
-@@ -320,6 +324,8 @@ ifcvf_enable_logging(struct ifcvf_hw *hw, u64 log_base, u64 log_size)
+@@ -291,6 +295,8 @@ ifcvf_enable_logging(struct ifcvf_hw *hw, u64 log_base, u64 log_size)
@@ -74 +61 @@
-@@ -342,6 +348,9 @@ ifcvf_disable_logging(struct ifcvf_hw *hw)
+@@ -313,6 +319,9 @@ ifcvf_disable_logging(struct ifcvf_hw *hw)
@@ -84 +71 @@
-diff --git a/drivers/vdpa/ifc/base/ifcvf_osdep.h b/drivers/vdpa/ifc/base/ifcvf_osdep.h
+diff --git a/drivers/net/ifc/base/ifcvf_osdep.h b/drivers/net/ifc/base/ifcvf_osdep.h
@@ -86,2 +73,2 @@
---- a/drivers/vdpa/ifc/base/ifcvf_osdep.h
-+++ b/drivers/vdpa/ifc/base/ifcvf_osdep.h
+--- a/drivers/net/ifc/base/ifcvf_osdep.h
++++ b/drivers/net/ifc/base/ifcvf_osdep.h