From: "Pei, Andy" <andy.pei@intel.com>
To: "christian.ehrhardt@canonical.com" <christian.ehrhardt@canonical.com>
Cc: Maxime Coquelin <maxime.coquelin@redhat.com>,
dpdk stable <stable@dpdk.org>
Subject: RE: patch 'vdpa/ifc/base: fix null pointer dereference' has been queued to stable release 19.11.13
Date: Tue, 12 Jul 2022 07:47:02 +0000 [thread overview]
Message-ID: <DM5PR11MB1739D8E48F0810A5A576CE378F869@DM5PR11MB1739.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20220712074522.3704914-2-christian.ehrhardt@canonical.com>
Hi Christian,
Thanks.
> -----Original Message-----
> From: christian.ehrhardt@canonical.com <christian.ehrhardt@canonical.com>
> Sent: Tuesday, July 12, 2022 3:45 PM
> To: Pei, Andy <andy.pei@intel.com>
> Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; dpdk stable
> <stable@dpdk.org>
> Subject: patch 'vdpa/ifc/base: fix null pointer dereference' has been queued to
> stable release 19.11.13
>
> Hi,
>
> FYI, your patch has been queued to stable release 19.11.13
>
> Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
> It will be pushed if I get no objections before 07/14/22. So please shout if
> anyone has objections.
>
> Also note that after the patch there's a diff of the upstream commit vs the patch
> applied to the branch. This will indicate if there was any rebasing needed to
> apply to the stable branch. If there were code changes for rebasing
> (ie: not only metadata diffs), please double check that the rebase was correctly
> done.
>
> Queued patches are on a temporary branch at:
> https://github.com/cpaelzer/dpdk-stable-queue
>
> This queued commit can be viewed at:
> https://github.com/cpaelzer/dpdk-stable-
> queue/commit/d8cf14f38336b9dadd39f5d68be25f7a6d310f95
>
> Thanks.
>
> Christian Ehrhardt <christian.ehrhardt@canonical.com>
>
> ---
> From d8cf14f38336b9dadd39f5d68be25f7a6d310f95 Mon Sep 17 00:00:00 2001
> From: Andy Pei <andy.pei@intel.com>
> Date: Fri, 8 Jul 2022 13:57:41 +0800
> Subject: [PATCH] vdpa/ifc/base: fix null pointer dereference
>
> [ upstream commit 60600018d3c6ae9ab4c24f9acb5c213bf9a21aaf ]
>
> Fix null pointer dereference reported in coverity scan.
> Output some log information when lm_cfg is null.
> Make sure lm_cfg is not null before operate on lm_cfg.
>
> Coverity issue: 378882
> Fixes: d7fe5a2861e7 ("net/ifc: support live migration")
>
> Signed-off-by: Andy Pei <andy.pei@intel.com>
> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> ---
> drivers/net/ifc/base/ifcvf.c | 17 +++++++++++++----
> drivers/net/ifc/base/ifcvf_osdep.h | 1 +
> 2 files changed, 14 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/ifc/base/ifcvf.c b/drivers/net/ifc/base/ifcvf.c index
> d10c1fd6a4..f3c29f94b3 100644
> --- a/drivers/net/ifc/base/ifcvf.c
> +++ b/drivers/net/ifc/base/ifcvf.c
> @@ -87,6 +87,8 @@ next:
> }
>
> hw->lm_cfg = hw->mem_resource[4].addr;
> + if (!hw->lm_cfg)
> + WARNINGOUT("HW support live migration not support!\n");
>
> if (hw->common_cfg == NULL || hw->notify_base == NULL ||
> hw->isr == NULL || hw->dev_cfg == NULL) { @@ -
> 218,10 +220,12 @@ ifcvf_hw_enable(struct ifcvf_hw *hw)
> &cfg->queue_used_hi);
> IFCVF_WRITE_REG16(hw->vring[i].size, &cfg->queue_size);
>
> - *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> - (i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) * 4) =
> - (u32)hw->vring[i].last_avail_idx |
> - ((u32)hw->vring[i].last_used_idx << 16);
> + if (lm_cfg) {
> + *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> + (i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) *
> 4) =
> + (u32)hw->vring[i].last_avail_idx |
> + ((u32)hw->vring[i].last_used_idx << 16);
> + }
>
> IFCVF_WRITE_REG16(i + 1, &cfg->queue_msix_vector);
> if (IFCVF_READ_REG16(&cfg->queue_msix_vector) == @@ -
> 291,6 +295,8 @@ ifcvf_enable_logging(struct ifcvf_hw *hw, u64 log_base, u64
> log_size)
> u8 *lm_cfg;
>
> lm_cfg = hw->lm_cfg;
> + if (!lm_cfg)
> + return;
>
> *(u32 *)(lm_cfg + IFCVF_LM_BASE_ADDR_LOW) =
> log_base & IFCVF_32_BIT_MASK;
> @@ -313,6 +319,9 @@ ifcvf_disable_logging(struct ifcvf_hw *hw)
> u8 *lm_cfg;
>
> lm_cfg = hw->lm_cfg;
> + if (!lm_cfg)
> + return;
> +
> *(u32 *)(lm_cfg + IFCVF_LM_LOGGING_CTRL) = IFCVF_LM_DISABLE; }
>
> diff --git a/drivers/net/ifc/base/ifcvf_osdep.h
> b/drivers/net/ifc/base/ifcvf_osdep.h
> index 6aef25ea45..3d567695cc 100644
> --- a/drivers/net/ifc/base/ifcvf_osdep.h
> +++ b/drivers/net/ifc/base/ifcvf_osdep.h
> @@ -14,6 +14,7 @@
> #include <rte_log.h>
> #include <rte_io.h>
>
> +#define WARNINGOUT(S, args...) RTE_LOG(WARNING, PMD, S, ##args)
> #define DEBUGOUT(S, args...) RTE_LOG(DEBUG, PMD, S, ##args)
> #define STATIC static
>
> --
> 2.37.0
>
> ---
> Diff of the applied patch vs upstream commit (please double-check if non-
> empty:
> ---
> --- - 2022-07-12 09:44:11.761243494 +0200
> +++ 0002-vdpa-ifc-base-fix-null-pointer-dereference.patch 2022-07-12
> 09:44:11.676834710 +0200
> @@ -1 +1 @@
> -From 60600018d3c6ae9ab4c24f9acb5c213bf9a21aaf Mon Sep 17 00:00:00
> 2001
> +From d8cf14f38336b9dadd39f5d68be25f7a6d310f95 Mon Sep 17 00:00:00
> 2001
> @@ -5,0 +6,2 @@
> +[ upstream commit 60600018d3c6ae9ab4c24f9acb5c213bf9a21aaf ]
> +
> @@ -12 +13,0 @@
> -Cc: stable@dpdk.org
> @@ -17,3 +18,3 @@
> - drivers/vdpa/ifc/base/ifcvf.c | 31 +++++++++++++++++++----------
> - drivers/vdpa/ifc/base/ifcvf_osdep.h | 1 +
> - 2 files changed, 21 insertions(+), 11 deletions(-)
> + drivers/net/ifc/base/ifcvf.c | 17 +++++++++++++----
> + drivers/net/ifc/base/ifcvf_osdep.h | 1 +
> + 2 files changed, 14 insertions(+), 4 deletions(-)
> @@ -21,4 +22,4 @@
> -diff --git a/drivers/vdpa/ifc/base/ifcvf.c b/drivers/vdpa/ifc/base/ifcvf.c -index
> 0a9f71a960..f1e1474447 100644
> ---- a/drivers/vdpa/ifc/base/ifcvf.c
> -+++ b/drivers/vdpa/ifc/base/ifcvf.c
> +diff --git a/drivers/net/ifc/base/ifcvf.c
> +b/drivers/net/ifc/base/ifcvf.c index d10c1fd6a4..f3c29f94b3 100644
> +--- a/drivers/net/ifc/base/ifcvf.c
> ++++ b/drivers/net/ifc/base/ifcvf.c
> @@ -34 +35 @@
> -@@ -218,17 +220,19 @@ ifcvf_hw_enable(struct ifcvf_hw *hw)
> +@@ -218,10 +220,12 @@ ifcvf_hw_enable(struct ifcvf_hw *hw)
> @@ -38,11 +39,4 @@
> -- if (hw->device_type == IFCVF_BLK)
> -- *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> -- i * IFCVF_LM_CFG_SIZE) =
> -- (u32)hw->vring[i].last_avail_idx |
> -- ((u32)hw->vring[i].last_used_idx << 16);
> -- else
> -- *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> -- (i / 2) * IFCVF_LM_CFG_SIZE +
> -- (i % 2) * 4) =
> -- (u32)hw->vring[i].last_avail_idx |
> -- ((u32)hw->vring[i].last_used_idx << 16);
> +- *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> +- (i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) * 4) =
> +- (u32)hw->vring[i].last_avail_idx |
> +- ((u32)hw->vring[i].last_used_idx << 16);
> @@ -50,11 +44,4 @@
> -+ if (hw->device_type == IFCVF_BLK)
> -+ *(u32 *)(lm_cfg +
> IFCVF_LM_RING_STATE_OFFSET +
> -+ i * IFCVF_LM_CFG_SIZE) =
> -+ (u32)hw->vring[i].last_avail_idx |
> -+ ((u32)hw->vring[i].last_used_idx << 16);
> -+ else
> -+ *(u32 *)(lm_cfg +
> IFCVF_LM_RING_STATE_OFFSET +
> -+ (i / 2) * IFCVF_LM_CFG_SIZE +
> -+ (i % 2) * 4) =
> -+ (u32)hw->vring[i].last_avail_idx |
> -+ ((u32)hw->vring[i].last_used_idx << 16);
> ++ *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> ++ (i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) *
> 4) =
> ++ (u32)hw->vring[i].last_avail_idx |
> ++ ((u32)hw->vring[i].last_used_idx << 16);
> @@ -65 +52 @@
> -@@ -320,6 +324,8 @@ ifcvf_enable_logging(struct ifcvf_hw *hw, u64
> log_base, u64 log_size)
> +@@ -291,6 +295,8 @@ ifcvf_enable_logging(struct ifcvf_hw *hw, u64
> +log_base, u64 log_size)
> @@ -74 +61 @@
> -@@ -342,6 +348,9 @@ ifcvf_disable_logging(struct ifcvf_hw *hw)
> +@@ -313,6 +319,9 @@ ifcvf_disable_logging(struct ifcvf_hw *hw)
> @@ -84 +71 @@
> -diff --git a/drivers/vdpa/ifc/base/ifcvf_osdep.h
> b/drivers/vdpa/ifc/base/ifcvf_osdep.h
> +diff --git a/drivers/net/ifc/base/ifcvf_osdep.h
> +b/drivers/net/ifc/base/ifcvf_osdep.h
> @@ -86,2 +73,2 @@
> ---- a/drivers/vdpa/ifc/base/ifcvf_osdep.h
> -+++ b/drivers/vdpa/ifc/base/ifcvf_osdep.h
> +--- a/drivers/net/ifc/base/ifcvf_osdep.h
> ++++ b/drivers/net/ifc/base/ifcvf_osdep.h
prev parent reply other threads:[~2022-07-12 7:47 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-12 7:45 patch 'examples/link_status_interrupt: fix stats refresh rate' " christian.ehrhardt
2022-07-12 7:45 ` patch 'vdpa/ifc/base: fix null pointer dereference' " christian.ehrhardt
2022-07-12 7:47 ` Pei, Andy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM5PR11MB1739D8E48F0810A5A576CE378F869@DM5PR11MB1739.namprd11.prod.outlook.com \
--to=andy.pei@intel.com \
--cc=christian.ehrhardt@canonical.com \
--cc=maxime.coquelin@redhat.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).