From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 62A1A5922 for ; Tue, 5 Jul 2016 15:26:23 +0200 (CEST) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga103.jf.intel.com with ESMTP; 05 Jul 2016 06:26:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,579,1459839600"; d="scan'208";a="840936725" Received: from bricha3-mobl3.ger.corp.intel.com ([10.237.220.53]) by orsmga003.jf.intel.com with SMTP; 05 Jul 2016 06:26:19 -0700 Received: by (sSMTP sendmail emulation); Tue, 05 Jul 2016 14:26:18 +0025 Date: Tue, 5 Jul 2016 14:26:18 +0100 From: Bruce Richardson To: Beilei Xing Cc: jingjing.wu@intel.com, michalx.k.jastrzebski@intel.com, dev@dpdk.org Message-ID: <20160705132618.GC23500@bricha3-MOBL3> References: <1467272056-14388-1-git-send-email-beilei.xing@intel.com> <1467699005-16235-1-git-send-email-beilei.xing@intel.com> <1467699005-16235-4-git-send-email-beilei.xing@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1467699005-16235-4-git-send-email-beilei.xing@intel.com> Organization: Intel Research and =?iso-8859-1?Q?De=ACvel?= =?iso-8859-1?Q?opment?= Ireland Ltd. User-Agent: Mutt/1.5.23 (2014-03-12) Subject: Re: [dpdk-dev] [PATCH v2 3/3] i40e: fix out-of-bounds access X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jul 2016 13:26:23 -0000 On Tue, Jul 05, 2016 at 02:10:05PM +0800, Beilei Xing wrote: > When calling i40e_flowtype_to_pctype in > i40e_get_hash_filter_global_config and > i40e_set_hash_filter_global_config, function > i40e_flowtype_to_pctype will be possibly > out-of-bounds accessed, because size of callee's array > is 15. So judge flow type before calling > i40e_flowtype_to_pctype. > Meanwhile do the same change in other functions. > > Coverity issue: 37793, 37794 > > Fixes: 782c8c92f13f ("i40e: add hash configuration") > Fixes: f2b2e2354bbd ("i40e: split function for hash and flow director input") > Fixes: 98f055707685 ("i40e: configure input fields for RSS or flow director") > > Signed-off-by: Beilei Xing > --- > drivers/net/i40e/i40e_ethdev.c | 21 ++++++++++++--------- > 1 file changed, 12 insertions(+), 9 deletions(-) > > diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c > index a1cad37..111a552 100644 > --- a/drivers/net/i40e/i40e_ethdev.c > +++ b/drivers/net/i40e/i40e_ethdev.c > @@ -6908,6 +6908,9 @@ i40e_get_hash_filter_global_config(struct i40e_hw *hw, > mask &= ~(1UL << i); > /* Bit set indicats the coresponding flow type is supported */ > g_cfg->valid_bit_mask[0] |= (1UL << i); > + /* if flowtype is invalid, continue */ > + if (!I40E_VALID_FLOW(i)) > + continue; > pctype = i40e_flowtype_to_pctype(i); > reg = i40e_read_rx_ctl(hw, I40E_GLQF_HSYM(pctype)); > if (reg & I40E_GLQF_HSYM_SYMH_ENA_MASK) Rather than having the same check done in multiple places, is there a reason why we can't just put the check once in i40e_flowtype_to_pctype? /Bruce