From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bruce.richardson@intel.com>
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 by dpdk.org (Postfix) with ESMTP id 3787E9AA7
 for <dev@dpdk.org>; Fri,  8 Jul 2016 17:23:48 +0200 (CEST)
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by orsmga103.jf.intel.com with ESMTP; 08 Jul 2016 08:23:45 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.28,330,1464678000"; d="scan'208";a="842827462"
Received: from ahaldar-mobl.ger.corp.intel.com ([10.252.24.62])
 by orsmga003.jf.intel.com with SMTP; 08 Jul 2016 08:23:42 -0700
Received: by  (sSMTP sendmail emulation); Fri, 08 Jul 2016 16:23:42 +0025
Date: Fri, 8 Jul 2016 16:23:41 +0100
From: Bruce Richardson <bruce.richardson@intel.com>
To: "Xing, Beilei" <beilei.xing@intel.com>
Cc: "Wu, Jingjing" <jingjing.wu@intel.com>,
 "Jastrzebski, MichalX K" <michalx.k.jastrzebski@intel.com>,
 "dev@dpdk.org" <dev@dpdk.org>
Message-ID: <20160708152341.GA29116@bricha3-MOBL3>
References: <1467272056-14388-1-git-send-email-beilei.xing@intel.com>
 <1467699005-16235-1-git-send-email-beilei.xing@intel.com>
 <1467699005-16235-4-git-send-email-beilei.xing@intel.com>
 <20160705132618.GC23500@bricha3-MOBL3>
 <94479800C636CB44BD422CB454846E013AC228@SHSMSX101.ccr.corp.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <94479800C636CB44BD422CB454846E013AC228@SHSMSX101.ccr.corp.intel.com>
Organization: Intel Research and =?iso-8859-1?Q?De=ACvel?=
 =?iso-8859-1?Q?opment?= Ireland Ltd.
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: Re: [dpdk-dev] [PATCH v2 3/3] i40e: fix out-of-bounds access
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 15:23:48 -0000

On Wed, Jul 06, 2016 at 03:00:17AM +0100, Xing, Beilei wrote:
> 
> 
> > -----Original Message-----
> > From: Richardson, Bruce
> > Sent: Tuesday, July 5, 2016 9:26 PM
> > To: Xing, Beilei <beilei.xing@intel.com>
> > Cc: Wu, Jingjing <jingjing.wu@intel.com>; Jastrzebski, MichalX K
> > <michalx.k.jastrzebski@intel.com>; dev@dpdk.org
> > Subject: Re: [dpdk-dev] [PATCH v2 3/3] i40e: fix out-of-bounds access
> > 
> > On Tue, Jul 05, 2016 at 02:10:05PM +0800, Beilei Xing wrote:
> > > When calling i40e_flowtype_to_pctype in
> > > i40e_get_hash_filter_global_config and
> > > i40e_set_hash_filter_global_config, function i40e_flowtype_to_pctype
> > > will be possibly out-of-bounds accessed, because size of callee's
> > > array is 15. So judge flow type before calling
> > > i40e_flowtype_to_pctype.
> > > Meanwhile do the same change in other functions.
> > >
> > > Coverity issue: 37793, 37794
> > >
> > > Fixes: 782c8c92f13f ("i40e: add hash configuration")
> > > Fixes: f2b2e2354bbd ("i40e: split function for hash and flow director
> > > input")
> > > Fixes: 98f055707685 ("i40e: configure input fields for RSS or flow
> > > director")
> > >
> > > Signed-off-by: Beilei Xing <beilei.xing@intel.com>
> > > ---
> > >  drivers/net/i40e/i40e_ethdev.c | 21 ++++++++++++---------
> > >  1 file changed, 12 insertions(+), 9 deletions(-)
> > >
> > > diff --git a/drivers/net/i40e/i40e_ethdev.c
> > > b/drivers/net/i40e/i40e_ethdev.c index a1cad37..111a552 100644
> > > --- a/drivers/net/i40e/i40e_ethdev.c
> > > +++ b/drivers/net/i40e/i40e_ethdev.c
> > > @@ -6908,6 +6908,9 @@ i40e_get_hash_filter_global_config(struct
> > i40e_hw *hw,
> > >  		mask &= ~(1UL << i);
> > >  		/* Bit set indicats the coresponding flow type is supported */
> > >  		g_cfg->valid_bit_mask[0] |= (1UL << i);
> > > +		/* if flowtype is invalid, continue */
> > > +		if (!I40E_VALID_FLOW(i))
> > > +			continue;
> > >  		pctype = i40e_flowtype_to_pctype(i);
> > >  		reg = i40e_read_rx_ctl(hw, I40E_GLQF_HSYM(pctype));
> > >  		if (reg & I40E_GLQF_HSYM_SYMH_ENA_MASK)
> > 
> > Rather than having the same check done in multiple places, is there a reason
> > why we can't just put the check once in i40e_flowtype_to_pctype?
> 
> Since the return value type of i40e_flowtype_to_pctype is " enum
> i40e_filter_pctype ", although put the check in i40e_flowtype_to_pctype,
> we should check return value after every i40e_flowtype_to_pctype calling.

Ok, point taken. If we don't check before the call, then the call itself could
return an error which would then need to be checked anyway.

> I think there's no more improvement.
> Besides, check valid flow type is called before i40e_flowtype_to_pctype in
> some places previously, such as function i40e_hash_filter_inset_select
> and i40e_fdir_filter_inset_select.

That's not a reason to keep on putting more checks in other places. It's more
of a reason why the check needs to be centralised. However, from your reasoning
above it doesn't help much, since for these existing cases you'd be just changing
one check for another.

Acked-by: Bruce Richarson <bruce.richardson@intel.com>