From: Bruce Richardson <bruce.richardson@intel.com>
To: Beilei Xing <beilei.xing@intel.com>
Cc: jingjing.wu@intel.com, michalx.k.jastrzebski@intel.com, dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH v2 3/3] i40e: fix out-of-bounds access
Date: Tue, 5 Jul 2016 14:26:18 +0100 [thread overview]
Message-ID: <20160705132618.GC23500@bricha3-MOBL3> (raw)
In-Reply-To: <1467699005-16235-4-git-send-email-beilei.xing@intel.com>
On Tue, Jul 05, 2016 at 02:10:05PM +0800, Beilei Xing wrote:
> When calling i40e_flowtype_to_pctype in
> i40e_get_hash_filter_global_config and
> i40e_set_hash_filter_global_config, function
> i40e_flowtype_to_pctype will be possibly
> out-of-bounds accessed, because size of callee's array
> is 15. So judge flow type before calling
> i40e_flowtype_to_pctype.
> Meanwhile do the same change in other functions.
>
> Coverity issue: 37793, 37794
>
> Fixes: 782c8c92f13f ("i40e: add hash configuration")
> Fixes: f2b2e2354bbd ("i40e: split function for hash and flow director input")
> Fixes: 98f055707685 ("i40e: configure input fields for RSS or flow director")
>
> Signed-off-by: Beilei Xing <beilei.xing@intel.com>
> ---
> drivers/net/i40e/i40e_ethdev.c | 21 ++++++++++++---------
> 1 file changed, 12 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index a1cad37..111a552 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -6908,6 +6908,9 @@ i40e_get_hash_filter_global_config(struct i40e_hw *hw,
> mask &= ~(1UL << i);
> /* Bit set indicats the coresponding flow type is supported */
> g_cfg->valid_bit_mask[0] |= (1UL << i);
> + /* if flowtype is invalid, continue */
> + if (!I40E_VALID_FLOW(i))
> + continue;
> pctype = i40e_flowtype_to_pctype(i);
> reg = i40e_read_rx_ctl(hw, I40E_GLQF_HSYM(pctype));
> if (reg & I40E_GLQF_HSYM_SYMH_ENA_MASK)
Rather than having the same check done in multiple places, is there a reason
why we can't just put the check once in i40e_flowtype_to_pctype?
/Bruce
next prev parent reply other threads:[~2016-07-05 13:26 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-30 7:34 [dpdk-dev] [PATCH 0/4] i40e: fix coverity defects Beilei Xing
2016-07-04 13:58 ` Bruce Richardson
2016-07-05 1:47 ` Xing, Beilei
2016-07-05 6:10 ` [dpdk-dev] [PATCH v2 0/3] " Beilei Xing
2016-07-05 6:10 ` [dpdk-dev] [PATCH v2 1/3] i40e: fix log error Beilei Xing
2016-07-05 13:24 ` Bruce Richardson
2016-07-05 6:10 ` [dpdk-dev] [PATCH v2 2/3] i40e: fix dereference before null check Beilei Xing
2016-07-05 13:24 ` Bruce Richardson
2016-07-05 6:10 ` [dpdk-dev] [PATCH v2 3/3] i40e: fix out-of-bounds access Beilei Xing
2016-07-05 13:26 ` Bruce Richardson [this message]
2016-07-06 2:00 ` Xing, Beilei
2016-07-08 15:23 ` Bruce Richardson
2016-07-08 15:33 ` [dpdk-dev] [PATCH v2 0/3] fix coverity defects Bruce Richardson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160705132618.GC23500@bricha3-MOBL3 \
--to=bruce.richardson@intel.com \
--cc=beilei.xing@intel.com \
--cc=dev@dpdk.org \
--cc=jingjing.wu@intel.com \
--cc=michalx.k.jastrzebski@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).