From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stephen@networkplumber.org>
Received: from mail-pa0-f48.google.com (mail-pa0-f48.google.com
 [209.85.220.48]) by dpdk.org (Postfix) with ESMTP id 3D34A8D89
 for <dev@dpdk.org>; Fri, 28 Aug 2015 18:23:34 +0200 (CEST)
Received: by pabzx8 with SMTP id zx8so67500146pab.1
 for <dev@dpdk.org>; Fri, 28 Aug 2015 09:23:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=FGrFOk8i7Pw7xmgWFWXMWNdFSLXr8jg4AsOM/GYhi+Q=;
 b=cdJsXi13SWE0JHQvW/DkCqwHQtrcUV0pBi5g0RmRXHv0HE1kVBxfwOywkcpLIwc8TD
 pI4iXinakj/00mL2VllCsSFcKugg+jcHHJuR3e0AL1LXU6f5Dly31/DUtW1r/IMjYJfO
 ZNgdm9h9lK/lGzzn7VZb93ZVi7s6mWZAzpbG79WvN3qGxX1oONBkJRA9H3jUHwDyawwr
 37pVjhI2iaG0+cMs0HrNfof7rm60VxtmAl4WCH3sxsahSU74CJwikuM0xuMgXki6wHgE
 IAvH9MQrMzT+ykoCTKfh8GFNS3guZOZJGhiX/jkhMc1I2OAjsaD/OjjTKv9SP34xZVrd
 lRlw==
X-Gm-Message-State: ALoCoQlU2Cs/CKc5fx7L1cUsZ7JQbpTpZazwX1EKRIHADuK99uJiCfIIW3UTkT5GoAuzLFEFu3ae
X-Received: by 10.66.219.163 with SMTP id pp3mr23780437pac.8.1440779013632;
 Fri, 28 Aug 2015 09:23:33 -0700 (PDT)
Received: from urahara.home.lan (static-50-53-82-155.bvtn.or.frontiernet.net.
 [50.53.82.155])
 by smtp.gmail.com with ESMTPSA id gs2sm6221755pbc.15.2015.08.28.09.23.32
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Fri, 28 Aug 2015 09:23:33 -0700 (PDT)
From: Stephen Hemminger <stephen@networkplumber.org>
To: huawei.xie@intel.com,
	changchun.ouyang@intel.com
Date: Fri, 28 Aug 2015 09:23:39 -0700
Message-Id: <1440779019-10793-4-git-send-email-stephen@networkplumber.org>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1440779019-10793-1-git-send-email-stephen@networkplumber.org>
References: <1440779019-10793-1-git-send-email-stephen@networkplumber.org>
Cc: dev@dpdk.org
Subject: [dpdk-dev] [PATCH 3/3] virtio: fix possible NULL dereference
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Aug 2015 16:23:35 -0000

Found by Coverity. In virtio_dev_queue_release if the queue pointer is
NULL, then driver is dereferencing it to get hw pointer.
Also, don't do useless assignment

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 drivers/net/virtio/virtio_ethdev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/virtio/virtio_ethdev.c b/drivers/net/virtio/virtio_ethdev.c
index 338d891..914c73d 100644
--- a/drivers/net/virtio/virtio_ethdev.c
+++ b/drivers/net/virtio/virtio_ethdev.c
@@ -239,15 +239,15 @@ virtio_set_multiple_queues(struct rte_eth_dev *dev, uint16_t nb_queues)
 
 void
 virtio_dev_queue_release(struct virtqueue *vq) {
-	struct virtio_hw *hw = vq->hw;
 
 	if (vq) {
+		struct virtio_hw *hw = vq->hw;
+
 		/* Select and deactivate the queue */
 		VIRTIO_WRITE_REG_2(hw, VIRTIO_PCI_QUEUE_SEL, vq->queue_id);
 		VIRTIO_WRITE_REG_4(hw, VIRTIO_PCI_QUEUE_PFN, 0);
 
 		rte_free(vq);
-		vq = NULL;
 	}
 }
 
-- 
2.1.4