* [PATCH 1/2] net/nfp: fix checking return value
[not found] <20231010061727.205886-1-chaoyong.he@corigine.com>
@ 2023-10-10 6:17 ` Chaoyong He
2023-10-10 6:17 ` [PATCH 2/2] net/nfp: fix illegal memory accesses Chaoyong He
1 sibling, 0 replies; 2+ messages in thread
From: Chaoyong He @ 2023-10-10 6:17 UTC (permalink / raw)
To: dev; +Cc: oss-drivers, Long Wu, chaoyong.he, stable, Peng Zhang
From: Long Wu <long.wu@corigine.com>
CI found that calling "rte_pci_write_config" without
checking return value.
Coverity issue: 403100
Fixes: 1fbe51cd9c3a ("net/nfp: extend usage of BAR from 8 to 24")
Cc: chaoyong.he@corigine.com
Cc: stable@dpdk.org
Signed-off-by: Long Wu <long.wu@corigine.com>
Reviewed-by: Chaoyong He <chaoyong.he@corigine.com>
Reviewed-by: Peng Zhang <peng.zhang@corigine.com>
---
drivers/net/nfp/nfpcore/nfp6000_pcie.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/net/nfp/nfpcore/nfp6000_pcie.c b/drivers/net/nfp/nfpcore/nfp6000_pcie.c
index 13cf523506..a6fd89b6c8 100644
--- a/drivers/net/nfp/nfpcore/nfp6000_pcie.c
+++ b/drivers/net/nfp/nfpcore/nfp6000_pcie.c
@@ -214,8 +214,9 @@ nfp_bar_write(struct nfp_pcie_user *nfp,
rte_read32(nfp->csr + xbar);
} else {
xbar += nfp->dev_info->pcie_cfg_expbar_offset;
- rte_pci_write_config(nfp->pci_dev, &newcfg, sizeof(uint32_t),
- xbar);
+ if (rte_pci_write_config(nfp->pci_dev, &newcfg, sizeof(uint32_t),
+ xbar) < 0)
+ return -EIO;
}
bar->barcfg = newcfg;
@@ -379,7 +380,8 @@ nfp_enable_bars(struct nfp_pcie_user *nfp)
bar = &nfp->bar[0];
bar->lock = true;
- nfp_bar_write(nfp, bar, barcfg_msix_general);
+ if (nfp_bar_write(nfp, bar, barcfg_msix_general) < 0)
+ return -EIO;
/* Sort bars by bit size - use the smallest possible first. */
qsort(&nfp->bar[0], nfp->bars, sizeof(nfp->bar[0]), nfp_cmp_bars);
--
2.39.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 2/2] net/nfp: fix illegal memory accesses
[not found] <20231010061727.205886-1-chaoyong.he@corigine.com>
2023-10-10 6:17 ` [PATCH 1/2] net/nfp: fix checking return value Chaoyong He
@ 2023-10-10 6:17 ` Chaoyong He
1 sibling, 0 replies; 2+ messages in thread
From: Chaoyong He @ 2023-10-10 6:17 UTC (permalink / raw)
To: dev; +Cc: oss-drivers, Long Wu, chaoyong.he, stable, Peng Zhang
From: Long Wu <long.wu@corigine.com>
CI found that overrunning array of 8 bytes at byte
offset 8 by dereferencing pointer.
Coverity issue: 403098
Fixes: 9641a2d ("net/nfp: refactor rtsym module")
Cc: chaoyong.he@corigine.com
Cc: stable@dpdk.org
Signed-off-by: Long Wu <long.wu@corigine.com>
Reviewed-by: Chaoyong He <chaoyong.he@corigine.com>
Reviewed-by: Peng Zhang <peng.zhang@corigine.com>
---
drivers/net/nfp/nfpcore/nfp_rtsym.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/nfp/nfpcore/nfp_rtsym.c b/drivers/net/nfp/nfpcore/nfp_rtsym.c
index 022753f98a..5cefbace96 100644
--- a/drivers/net/nfp/nfpcore/nfp_rtsym.c
+++ b/drivers/net/nfp/nfpcore/nfp_rtsym.c
@@ -337,7 +337,7 @@ nfp_rtsym_read_real(struct nfp_cpp *cpp,
size_t length = len;
uint64_t sym_size = nfp_rtsym_size(sym);
- if (offset > sym_size) {
+ if (offset >= sym_size) {
PMD_DRV_LOG(ERR, "rtsym '%s' read out of bounds", sym->name);
return -ENXIO;
}
--
2.39.1
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-10-10 6:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20231010061727.205886-1-chaoyong.he@corigine.com>
2023-10-10 6:17 ` [PATCH 1/2] net/nfp: fix checking return value Chaoyong He
2023-10-10 6:17 ` [PATCH 2/2] net/nfp: fix illegal memory accesses Chaoyong He
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).