From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-f196.google.com (mail-pl1-f196.google.com [209.85.214.196]) by dpdk.org (Postfix) with ESMTP id 5BAFC239 for ; Tue, 6 Nov 2018 22:49:06 +0100 (CET) Received: by mail-pl1-f196.google.com with SMTP id f12-v6so5648983plo.1 for ; Tue, 06 Nov 2018 13:49:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Yo+6M5Z8uTNoR+ZWOitlpbiBaJzQUeTIyPLNbkEnYnQ=; b=Wb66D7Nhizq0ivBxtjCoVt/Z5t5aky+uJNjEqQtbdKQ8WewiBk5NNqePpiKHu7A2Fm NhXq8sVyaY3oQ91XSCWdH2yWdzSdQesUGXvywrjtimt8ogRPKZVCzF8rsytDO/576Pxl puQ6HR/7VoEnrFTy0tWPVpd8UlgTMVyuwixV7B4NIGeKyUgrG/+Gm8trM8cRlZB4HcsS sKBeWzddhos6Cv2RLoJ6XeZFHRBefDoZC0RHJxCdFBX+Xcn8MxAcP8KOYL8E25hDrX4H 1cXHQISSaLHkmWe+x8ZGYDHE6lF10RSPtsPf1gyFjBOg2kkbtj2HqXllhJ4J5HnCIf6D Hh6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Yo+6M5Z8uTNoR+ZWOitlpbiBaJzQUeTIyPLNbkEnYnQ=; b=krMYHD+H9luJFRAyGRgBAkew2EjyU9/Uw88vvEt9HVVyrtm0oDyOojC0R/WnJ7G2VS HxVz3JqxUhjiCZlYH99W0aL8gdm6sDNtsmMcTdbNF46Ta2Lb8RpRFT86oE44XOAxOSaU l5LeE6n/8yOv2bF2rF2WGNJL+N76QtRkbh/1TKbDJs1CZl1Dj5aza5d/GBXkapYdnDWV /U0lBiou3IKGbpY1cOzqLNN2GNKrmIuiRnIWoXgWQO49T356EXsbjAmJp4cP3/fPh6Vq r5ybIErR0blO6hBIwwza8UmE711Tcvfp0EDL9wYYdXbE0sIensmYx755ZuLI08gE3cPk cgOA== X-Gm-Message-State: AGRZ1gJ2ZXERF4uoiOhB2upCMk8Z3GoqRVvrAquItYJE+HNwUTT3UJsL fBf8Ff5YuWLtL5gHVCezEK7j4WSghBs= X-Google-Smtp-Source: AJdET5dh2Te00BCGlMlOeQUiOm8NYqk7oOSQAPswqaOZsmdvHjOppK2j0YMyQCU3yQqGsBHIHZ1z2Q== X-Received: by 2002:a17:902:3103:: with SMTP id w3-v6mr28679796plb.51.1541540944875; Tue, 06 Nov 2018 13:49:04 -0800 (PST) Received: from localhost.localdomain ([167.220.103.1]) by smtp.gmail.com with ESMTPSA id y1sm5653608pfi.123.2018.11.06.13.49.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Nov 2018 13:49:04 -0800 (PST) From: Stephen Hemminger To: dev@dpdk.org Cc: Stephen Hemminger Date: Tue, 6 Nov 2018 13:48:57 -0800 Message-Id: <20181106214901.1392-2-stephen@networkplumber.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181106214901.1392-1-stephen@networkplumber.org> References: <20181106214901.1392-1-stephen@networkplumber.org> Subject: [dpdk-dev] [RFC 1/5] bus/pci: fix allocation of pci device path X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Nov 2018 21:49:06 -0000 The pci_resource_by_index called strlen() on uninitialized memory which would lead to the wrong size of memory allocated for the path portion of the resource map. This would either cause excessively large allocation, or worse memory corruption. Coverity Issue: 300868 Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index") Signed-off-by: Stephen Hemminger --- drivers/bus/pci/linux/pci_uio.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/drivers/bus/pci/linux/pci_uio.c b/drivers/bus/pci/linux/pci_uio.c index a7c14421aa79..112ac51dddcc 100644 --- a/drivers/bus/pci/linux/pci_uio.c +++ b/drivers/bus/pci/linux/pci_uio.c @@ -295,14 +295,6 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx, loc = &dev->addr; maps = uio_res->maps; - /* allocate memory to keep path */ - maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0); - if (maps[map_idx].path == NULL) { - RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n", - strerror(errno)); - return -1; - } - /* * open resource file, to mmap it */ @@ -335,10 +327,19 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx, if (fd < 0) { RTE_LOG(ERR, EAL, "Cannot open %s: %s\n", devname, strerror(errno)); - goto error; + return -1; } } + /* allocate memory to keep path */ + maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0); + if (maps[map_idx].path == NULL) { + RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n", + strerror(errno)); + close(fd); + return -1; + } + /* try mapping somewhere close to the end of hugepages */ if (pci_map_addr == NULL) pci_map_addr = pci_find_max_end_va(); @@ -346,8 +347,10 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx, mapaddr = pci_map_resource(pci_map_addr, fd, 0, (size_t)dev->mem_resource[res_idx].len, 0); close(fd); - if (mapaddr == MAP_FAILED) - goto error; + if (mapaddr == MAP_FAILED) { + rte_free(maps[map_idx].path); + return -1; + } pci_map_addr = RTE_PTR_ADD(mapaddr, (size_t)dev->mem_resource[res_idx].len); @@ -360,10 +363,6 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx, dev->mem_resource[res_idx].addr = mapaddr; return 0; - -error: - rte_free(maps[map_idx].path); - return -1; } #if defined(RTE_ARCH_X86) -- 2.17.1