* Re: [dpdk-stable] [PATCH] raw/ifpga: fix use of untrusted scalar value
2019-05-17 9:05 [dpdk-stable] [PATCH] raw/ifpga: fix use of untrusted scalar value Zhang, Tianfei
@ 2019-05-17 4:46 ` Xu, Rosen
2019-05-17 5:43 ` Zhang, Tianfei
0 siblings, 1 reply; 3+ messages in thread
From: Xu, Rosen @ 2019-05-17 4:46 UTC (permalink / raw)
To: Zhang, Tianfei; +Cc: Pei, Andy, stable
Hi Tianfei,
For Coverity issue: 279449, my opinion is to check buffer size not only take const to project content of buffer.
> -----Original Message-----
> From: Zhang, Tianfei
> Sent: Friday, May 17, 2019 17:06
> To: Xu, Rosen <rosen.xu@intel.com>
> Cc: Pei, Andy <andy.pei@intel.com>; Zhang, Tianfei
> <tianfei.zhang@intel.com>; stable@dpdk.org; Zhang
> Subject: [PATCH] raw/ifpga: fix use of untrusted scalar value
>
> Add checking the buffer size and use
> const char * for buffer declaration.
>
> Coverity issue: 279449
> Cc: stable@dpdk.org
>
> Signed-off-by: Zhang, Tianfei <tianfei.zhang@intel.com>
> ---
> drivers/raw/ifpga_rawdev/base/ifpga_api.c | 4 +--
> drivers/raw/ifpga_rawdev/base/ifpga_api.h | 2 +-
> .../raw/ifpga_rawdev/base/ifpga_feature_dev.h | 2 +-
> drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c | 27 +++++++++++--------
> drivers/raw/ifpga_rawdev/base/opae_hw_api.c | 4 +--
> drivers/raw/ifpga_rawdev/base/opae_hw_api.h | 4 +--
> drivers/raw/ifpga_rawdev/ifpga_rawdev.c | 7 ++++-
> 7 files changed, 30 insertions(+), 20 deletions(-)
>
> diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> b/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> index 3ddbcdc2a..53d101daf 100644
> --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> @@ -182,7 +182,7 @@ struct opae_bridge_ops ifpga_br_ops = { };
>
> /* Manager APIs */
> -static int ifpga_mgr_flash(struct opae_manager *mgr, int id, void *buf,
> +static int ifpga_mgr_flash(struct opae_manager *mgr, int id, const char
> +*buf,
> u32 size, u64 *status)
> {
> struct ifpga_fme_hw *fme = mgr->data;
> @@ -324,7 +324,7 @@ struct opae_adapter_ops ifpga_adapter_ops = {
> * - 0: Success, partial reconfiguration finished.
> * - <0: Error code returned in partial reconfiguration.
> **/
> -int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> +int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32
> +size,
> u64 *status)
> {
> if (!is_valid_port_id(hw, port_id))
> diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> b/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> index 4a247698c..051ab8276 100644
> --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> @@ -23,7 +23,7 @@ int ifpga_set_irq(struct ifpga_hw *hw, u32 fiu_id, u32
> port_id,
> u32 feature_id, void *irq_set);
>
> /* FME APIs */
> -int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> +int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32
> +size,
> u64 *status);
>
> #endif /* _IFPGA_API_H_ */
> diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> index bb9fcc289..e243d4273 100644
> --- a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> +++ b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> @@ -149,7 +149,7 @@ static inline int fpga_port_reset(struct ifpga_port_hw
> *port)
> return ret;
> }
>
> -int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> +int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32
> +size,
> u64 *status);
>
> int fme_get_prop(struct ifpga_fme_hw *fme, struct feature_prop *prop);
> diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> index efa72660f..9997942d2 100644
> --- a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> +++ b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> @@ -223,8 +223,8 @@ static int fpga_pr_buf_load(struct ifpga_fme_hw
> *fme_dev,
> return 0;
> }
>
> -static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> - u64 *status)
> +static int fme_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
> + u32 size, u64 *status)
> {
> struct feature_fme_header *fme_hdr;
> struct feature_fme_capability fme_capability; @@ -269,7 +269,7 @@
> static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> /* Disable Port before PR */
> fpga_port_disable(port);
>
> - ret = fpga_pr_buf_load(fme, &info, (void *)buffer, size);
> + ret = fpga_pr_buf_load(fme, &info, buffer, size);
>
> *status = info.pr_err;
>
> @@ -280,27 +280,32 @@ static int fme_pr(struct ifpga_hw *hw, u32 port_id,
> void *buffer, u32 size,
> return ret;
> }
>
> -int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, u64
> *status)
> +int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
> + u32 size, u64 *status)
> {
> - struct bts_header *bts_hdr;
> - void *buf;
> + const struct bts_header *bts_hdr;
> + const char *buf;
> struct ifpga_port_hw *port;
> int ret;
> + u32 header_size;
>
> if (!buffer || size == 0) {
> dev_err(hw, "invalid parameter\n");
> return -EINVAL;
> }
>
> - bts_hdr = (struct bts_header *)buffer;
> + bts_hdr = (const struct bts_header *)buffer;
>
> if (is_valid_bts(bts_hdr)) {
> dev_info(hw, "this is a valid bitsteam..\n");
> - size -= (sizeof(struct bts_header) +
> - bts_hdr->metadata_len);
> - buf = (u8 *)buffer + sizeof(struct bts_header) +
> - bts_hdr->metadata_len;
> + header_size = sizeof(struct bts_header) +
> + bts_hdr->metadata_len;
> + if (size < header_size)
> + return -EINVAL;
> + size -= header_size;
> + buf = buffer + header_size;
> } else {
> + dev_err(hw, "this is an invalid bitstream..\n");
> return -EINVAL;
> }
>
> diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> index 0e117d05e..8964e7984 100644
> --- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> +++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> @@ -244,8 +244,8 @@ opae_manager_alloc(const char *name, struct
> opae_manager_ops *ops,
> *
> * Return: 0 on success, otherwise error code.
> */
> -int opae_manager_flash(struct opae_manager *mgr, int id, void *buf, u32
> size,
> - u64 *status)
> +int opae_manager_flash(struct opae_manager *mgr, int id, const char *buf,
> + u32 size, u64 *status)
> {
> if (!mgr)
> return -EINVAL;
> diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> index 383e751cb..63405a471 100644
> --- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> +++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> @@ -44,7 +44,7 @@ struct opae_manager {
>
> /* FIXME: add more management ops, e.g power/thermal and etc */ struct
> opae_manager_ops {
> - int (*flash)(struct opae_manager *mgr, int id, void *buffer,
> + int (*flash)(struct opae_manager *mgr, int id, const char *buffer,
> u32 size, u64 *status);
> int (*get_eth_group_region_info)(struct opae_manager *mgr,
> struct opae_eth_group_region_info *info); @@ -74,7
> +74,7 @@ struct opae_manager * opae_manager_alloc(const char *name,
> struct opae_manager_ops *ops,
> struct opae_manager_networking_ops *network_ops, void
> *data); #define opae_manager_free(mgr) opae_free(mgr) -int
> opae_manager_flash(struct opae_manager *mgr, int acc_id, void *buf,
> +int opae_manager_flash(struct opae_manager *mgr, int acc_id, const char
> +*buf,
> u32 size, u64 *status);
> int opae_manager_get_eth_group_region_info(struct opae_manager *mgr,
> u8 group_id, struct opae_eth_group_region_info *info); diff -
> -git a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> index 41be1a205..01aa917de 100644
> --- a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> +++ b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> @@ -225,7 +225,7 @@ ifpga_rawdev_reset(struct rte_rawdev *dev) }
>
> static int
> -fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, u64 *buffer, u32 size,
> +fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, const char *buffer,
> +u32 size,
> u64 *status)
> {
>
> @@ -296,6 +296,11 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> port_id,
> goto close_fd;
> }
> buffer_size = file_stat.st_size;
> + if (buffer_size <= 0) {
> + ret = -EINVAL;
> + goto close_fd;
> + }
> +
> IFPGA_RAWDEV_PMD_INFO("bitstream file size: %zu\n", buffer_size);
> buffer = rte_malloc(NULL, buffer_size, 0);
> if (!buffer) {
> --
> 2.17.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-stable] [PATCH] raw/ifpga: fix use of untrusted scalar value
2019-05-17 4:46 ` Xu, Rosen
@ 2019-05-17 5:43 ` Zhang, Tianfei
0 siblings, 0 replies; 3+ messages in thread
From: Zhang, Tianfei @ 2019-05-17 5:43 UTC (permalink / raw)
To: Xu, Rosen; +Cc: Pei, Andy, stable
> -----Original Message-----
> From: Xu, Rosen
> Sent: Friday, May 17, 2019 12:46 PM
> To: Zhang, Tianfei <tianfei.zhang@intel.com>
> Cc: Pei, Andy <andy.pei@intel.com>; stable@dpdk.org
> Subject: RE: [PATCH] raw/ifpga: fix use of untrusted scalar value
>
> Hi Tianfei,
>
> For Coverity issue: 279449, my opinion is to check buffer size not only take
> const to project content of buffer.
This content of buffer cannot be change, so use const is better.
>
> > -----Original Message-----
> > From: Zhang, Tianfei
> > Sent: Friday, May 17, 2019 17:06
> > To: Xu, Rosen <rosen.xu@intel.com>
> > Cc: Pei, Andy <andy.pei@intel.com>; Zhang, Tianfei
> > <tianfei.zhang@intel.com>; stable@dpdk.org; Zhang
> > Subject: [PATCH] raw/ifpga: fix use of untrusted scalar value
> >
> > Add checking the buffer size and use
> > const char * for buffer declaration.
> >
> > Coverity issue: 279449
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Zhang, Tianfei <tianfei.zhang@intel.com>
> > ---
> > drivers/raw/ifpga_rawdev/base/ifpga_api.c | 4 +--
> > drivers/raw/ifpga_rawdev/base/ifpga_api.h | 2 +-
> > .../raw/ifpga_rawdev/base/ifpga_feature_dev.h | 2 +-
> > drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c | 27 +++++++++++--------
> > drivers/raw/ifpga_rawdev/base/opae_hw_api.c | 4 +--
> > drivers/raw/ifpga_rawdev/base/opae_hw_api.h | 4 +--
> > drivers/raw/ifpga_rawdev/ifpga_rawdev.c | 7 ++++-
> > 7 files changed, 30 insertions(+), 20 deletions(-)
> >
> > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> > b/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> > index 3ddbcdc2a..53d101daf 100644
> > --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> > @@ -182,7 +182,7 @@ struct opae_bridge_ops ifpga_br_ops = { };
> >
> > /* Manager APIs */
> > -static int ifpga_mgr_flash(struct opae_manager *mgr, int id, void
> > *buf,
> > +static int ifpga_mgr_flash(struct opae_manager *mgr, int id, const
> > +char *buf,
> > u32 size, u64 *status)
> > {
> > struct ifpga_fme_hw *fme = mgr->data; @@ -324,7 +324,7 @@ struct
> > opae_adapter_ops ifpga_adapter_ops = {
> > * - 0: Success, partial reconfiguration finished.
> > * - <0: Error code returned in partial reconfiguration.
> > **/
> > -int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32
> > size,
> > +int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
> > +u32 size,
> > u64 *status)
> > {
> > if (!is_valid_port_id(hw, port_id))
> > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> > b/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> > index 4a247698c..051ab8276 100644
> > --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> > @@ -23,7 +23,7 @@ int ifpga_set_irq(struct ifpga_hw *hw, u32 fiu_id,
> > u32 port_id,
> > u32 feature_id, void *irq_set);
> >
> > /* FME APIs */
> > -int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32
> > size,
> > +int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
> > +u32 size,
> > u64 *status);
> >
> > #endif /* _IFPGA_API_H_ */
> > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> > b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> > index bb9fcc289..e243d4273 100644
> > --- a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> > @@ -149,7 +149,7 @@ static inline int fpga_port_reset(struct
> > ifpga_port_hw
> > *port)
> > return ret;
> > }
> >
> > -int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> > +int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32
> > +size,
> > u64 *status);
> >
> > int fme_get_prop(struct ifpga_fme_hw *fme, struct feature_prop
> > *prop); diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> > b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> > index efa72660f..9997942d2 100644
> > --- a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> > @@ -223,8 +223,8 @@ static int fpga_pr_buf_load(struct ifpga_fme_hw
> > *fme_dev,
> > return 0;
> > }
> >
> > -static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> > - u64 *status)
> > +static int fme_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
> > + u32 size, u64 *status)
> > {
> > struct feature_fme_header *fme_hdr;
> > struct feature_fme_capability fme_capability; @@ -269,7 +269,7 @@
> > static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> > /* Disable Port before PR */
> > fpga_port_disable(port);
> >
> > - ret = fpga_pr_buf_load(fme, &info, (void *)buffer, size);
> > + ret = fpga_pr_buf_load(fme, &info, buffer, size);
> >
> > *status = info.pr_err;
> >
> > @@ -280,27 +280,32 @@ static int fme_pr(struct ifpga_hw *hw, u32
> > port_id, void *buffer, u32 size,
> > return ret;
> > }
> >
> > -int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> > u64
> > *status)
> > +int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
> > + u32 size, u64 *status)
> > {
> > - struct bts_header *bts_hdr;
> > - void *buf;
> > + const struct bts_header *bts_hdr;
> > + const char *buf;
> > struct ifpga_port_hw *port;
> > int ret;
> > + u32 header_size;
> >
> > if (!buffer || size == 0) {
> > dev_err(hw, "invalid parameter\n");
> > return -EINVAL;
> > }
> >
> > - bts_hdr = (struct bts_header *)buffer;
> > + bts_hdr = (const struct bts_header *)buffer;
> >
> > if (is_valid_bts(bts_hdr)) {
> > dev_info(hw, "this is a valid bitsteam..\n");
> > - size -= (sizeof(struct bts_header) +
> > - bts_hdr->metadata_len);
> > - buf = (u8 *)buffer + sizeof(struct bts_header) +
> > - bts_hdr->metadata_len;
> > + header_size = sizeof(struct bts_header) +
> > + bts_hdr->metadata_len;
> > + if (size < header_size)
> > + return -EINVAL;
> > + size -= header_size;
> > + buf = buffer + header_size;
> > } else {
> > + dev_err(hw, "this is an invalid bitstream..\n");
> > return -EINVAL;
> > }
> >
> > diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> > b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> > index 0e117d05e..8964e7984 100644
> > --- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> > +++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> > @@ -244,8 +244,8 @@ opae_manager_alloc(const char *name, struct
> > opae_manager_ops *ops,
> > *
> > * Return: 0 on success, otherwise error code.
> > */
> > -int opae_manager_flash(struct opae_manager *mgr, int id, void *buf,
> > u32 size,
> > - u64 *status)
> > +int opae_manager_flash(struct opae_manager *mgr, int id, const char
> *buf,
> > + u32 size, u64 *status)
> > {
> > if (!mgr)
> > return -EINVAL;
> > diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> > b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> > index 383e751cb..63405a471 100644
> > --- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> > +++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> > @@ -44,7 +44,7 @@ struct opae_manager {
> >
> > /* FIXME: add more management ops, e.g power/thermal and etc */
> > struct opae_manager_ops {
> > - int (*flash)(struct opae_manager *mgr, int id, void *buffer,
> > + int (*flash)(struct opae_manager *mgr, int id, const char *buffer,
> > u32 size, u64 *status);
> > int (*get_eth_group_region_info)(struct opae_manager *mgr,
> > struct opae_eth_group_region_info *info); @@ -74,7
> > +74,7 @@ struct opae_manager * opae_manager_alloc(const char
> *name,
> > struct opae_manager_ops *ops,
> > struct opae_manager_networking_ops *network_ops, void *data);
> > #define opae_manager_free(mgr) opae_free(mgr) -int
> > opae_manager_flash(struct opae_manager *mgr, int acc_id, void *buf,
> > +int opae_manager_flash(struct opae_manager *mgr, int acc_id, const
> > +char *buf,
> > u32 size, u64 *status);
> > int opae_manager_get_eth_group_region_info(struct opae_manager
> *mgr,
> > u8 group_id, struct opae_eth_group_region_info *info); diff - -git
> > a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> > b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> > index 41be1a205..01aa917de 100644
> > --- a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> > +++ b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> > @@ -225,7 +225,7 @@ ifpga_rawdev_reset(struct rte_rawdev *dev) }
> >
> > static int
> > -fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, u64 *buffer, u32
> > size,
> > +fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, const char *buffer,
> > +u32 size,
> > u64 *status)
> > {
> >
> > @@ -296,6 +296,11 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> > port_id,
> > goto close_fd;
> > }
> > buffer_size = file_stat.st_size;
> > + if (buffer_size <= 0) {
> > + ret = -EINVAL;
> > + goto close_fd;
> > + }
> > +
> > IFPGA_RAWDEV_PMD_INFO("bitstream file size: %zu\n", buffer_size);
> > buffer = rte_malloc(NULL, buffer_size, 0);
> > if (!buffer) {
> > --
> > 2.17.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [dpdk-stable] [PATCH] raw/ifpga: fix use of untrusted scalar value
@ 2019-05-17 9:05 Zhang, Tianfei
2019-05-17 4:46 ` Xu, Rosen
0 siblings, 1 reply; 3+ messages in thread
From: Zhang, Tianfei @ 2019-05-17 9:05 UTC (permalink / raw)
To: rosen.xu; +Cc: andy.pei, Zhang, Tianfei, stable, Zhang
Add checking the buffer size and use
const char * for buffer declaration.
Coverity issue: 279449
Cc: stable@dpdk.org
Signed-off-by: Zhang, Tianfei <tianfei.zhang@intel.com>
---
drivers/raw/ifpga_rawdev/base/ifpga_api.c | 4 +--
drivers/raw/ifpga_rawdev/base/ifpga_api.h | 2 +-
.../raw/ifpga_rawdev/base/ifpga_feature_dev.h | 2 +-
drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c | 27 +++++++++++--------
drivers/raw/ifpga_rawdev/base/opae_hw_api.c | 4 +--
drivers/raw/ifpga_rawdev/base/opae_hw_api.h | 4 +--
drivers/raw/ifpga_rawdev/ifpga_rawdev.c | 7 ++++-
7 files changed, 30 insertions(+), 20 deletions(-)
diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.c b/drivers/raw/ifpga_rawdev/base/ifpga_api.c
index 3ddbcdc2a..53d101daf 100644
--- a/drivers/raw/ifpga_rawdev/base/ifpga_api.c
+++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.c
@@ -182,7 +182,7 @@ struct opae_bridge_ops ifpga_br_ops = {
};
/* Manager APIs */
-static int ifpga_mgr_flash(struct opae_manager *mgr, int id, void *buf,
+static int ifpga_mgr_flash(struct opae_manager *mgr, int id, const char *buf,
u32 size, u64 *status)
{
struct ifpga_fme_hw *fme = mgr->data;
@@ -324,7 +324,7 @@ struct opae_adapter_ops ifpga_adapter_ops = {
* - 0: Success, partial reconfiguration finished.
* - <0: Error code returned in partial reconfiguration.
**/
-int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
+int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32 size,
u64 *status)
{
if (!is_valid_port_id(hw, port_id))
diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.h b/drivers/raw/ifpga_rawdev/base/ifpga_api.h
index 4a247698c..051ab8276 100644
--- a/drivers/raw/ifpga_rawdev/base/ifpga_api.h
+++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.h
@@ -23,7 +23,7 @@ int ifpga_set_irq(struct ifpga_hw *hw, u32 fiu_id, u32 port_id,
u32 feature_id, void *irq_set);
/* FME APIs */
-int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
+int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32 size,
u64 *status);
#endif /* _IFPGA_API_H_ */
diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
index bb9fcc289..e243d4273 100644
--- a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
+++ b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
@@ -149,7 +149,7 @@ static inline int fpga_port_reset(struct ifpga_port_hw *port)
return ret;
}
-int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
+int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32 size,
u64 *status);
int fme_get_prop(struct ifpga_fme_hw *fme, struct feature_prop *prop);
diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
index efa72660f..9997942d2 100644
--- a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
+++ b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
@@ -223,8 +223,8 @@ static int fpga_pr_buf_load(struct ifpga_fme_hw *fme_dev,
return 0;
}
-static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
- u64 *status)
+static int fme_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
+ u32 size, u64 *status)
{
struct feature_fme_header *fme_hdr;
struct feature_fme_capability fme_capability;
@@ -269,7 +269,7 @@ static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
/* Disable Port before PR */
fpga_port_disable(port);
- ret = fpga_pr_buf_load(fme, &info, (void *)buffer, size);
+ ret = fpga_pr_buf_load(fme, &info, buffer, size);
*status = info.pr_err;
@@ -280,27 +280,32 @@ static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
return ret;
}
-int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size, u64 *status)
+int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
+ u32 size, u64 *status)
{
- struct bts_header *bts_hdr;
- void *buf;
+ const struct bts_header *bts_hdr;
+ const char *buf;
struct ifpga_port_hw *port;
int ret;
+ u32 header_size;
if (!buffer || size == 0) {
dev_err(hw, "invalid parameter\n");
return -EINVAL;
}
- bts_hdr = (struct bts_header *)buffer;
+ bts_hdr = (const struct bts_header *)buffer;
if (is_valid_bts(bts_hdr)) {
dev_info(hw, "this is a valid bitsteam..\n");
- size -= (sizeof(struct bts_header) +
- bts_hdr->metadata_len);
- buf = (u8 *)buffer + sizeof(struct bts_header) +
- bts_hdr->metadata_len;
+ header_size = sizeof(struct bts_header) +
+ bts_hdr->metadata_len;
+ if (size < header_size)
+ return -EINVAL;
+ size -= header_size;
+ buf = buffer + header_size;
} else {
+ dev_err(hw, "this is an invalid bitstream..\n");
return -EINVAL;
}
diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
index 0e117d05e..8964e7984 100644
--- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
+++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
@@ -244,8 +244,8 @@ opae_manager_alloc(const char *name, struct opae_manager_ops *ops,
*
* Return: 0 on success, otherwise error code.
*/
-int opae_manager_flash(struct opae_manager *mgr, int id, void *buf, u32 size,
- u64 *status)
+int opae_manager_flash(struct opae_manager *mgr, int id, const char *buf,
+ u32 size, u64 *status)
{
if (!mgr)
return -EINVAL;
diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
index 383e751cb..63405a471 100644
--- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
+++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
@@ -44,7 +44,7 @@ struct opae_manager {
/* FIXME: add more management ops, e.g power/thermal and etc */
struct opae_manager_ops {
- int (*flash)(struct opae_manager *mgr, int id, void *buffer,
+ int (*flash)(struct opae_manager *mgr, int id, const char *buffer,
u32 size, u64 *status);
int (*get_eth_group_region_info)(struct opae_manager *mgr,
struct opae_eth_group_region_info *info);
@@ -74,7 +74,7 @@ struct opae_manager *
opae_manager_alloc(const char *name, struct opae_manager_ops *ops,
struct opae_manager_networking_ops *network_ops, void *data);
#define opae_manager_free(mgr) opae_free(mgr)
-int opae_manager_flash(struct opae_manager *mgr, int acc_id, void *buf,
+int opae_manager_flash(struct opae_manager *mgr, int acc_id, const char *buf,
u32 size, u64 *status);
int opae_manager_get_eth_group_region_info(struct opae_manager *mgr,
u8 group_id, struct opae_eth_group_region_info *info);
diff --git a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
index 41be1a205..01aa917de 100644
--- a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
+++ b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
@@ -225,7 +225,7 @@ ifpga_rawdev_reset(struct rte_rawdev *dev)
}
static int
-fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, u64 *buffer, u32 size,
+fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, const char *buffer, u32 size,
u64 *status)
{
@@ -296,6 +296,11 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
goto close_fd;
}
buffer_size = file_stat.st_size;
+ if (buffer_size <= 0) {
+ ret = -EINVAL;
+ goto close_fd;
+ }
+
IFPGA_RAWDEV_PMD_INFO("bitstream file size: %zu\n", buffer_size);
buffer = rte_malloc(NULL, buffer_size, 0);
if (!buffer) {
--
2.17.1
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-05-17 5:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-17 9:05 [dpdk-stable] [PATCH] raw/ifpga: fix use of untrusted scalar value Zhang, Tianfei
2019-05-17 4:46 ` Xu, Rosen
2019-05-17 5:43 ` Zhang, Tianfei
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).