From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 64D30A0503;
	Wed, 18 May 2022 12:18:20 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 9E36542B8A;
	Wed, 18 May 2022 12:18:16 +0200 (CEST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by mails.dpdk.org (Postfix) with ESMTP id 53B7D42B6F
 for <dev@dpdk.org>; Wed, 18 May 2022 12:18:14 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1652869093;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=oZ/y7nclR7WR6EXfbowFZSQwikaaJO0W8mjCzaCSOfw=;
 b=D4L1C1MUmqlx4YCC0UUXa8azzzWZoHgwHJayPZMS6p47EiTOizl1F2VLlIweeONDMFExyl
 OzgwP6lhQr4/lR7wzo9QYY1fZbzT/mPW+7CKGA6lvmf6adRVxEwW/i6cCjEk31f42jlrOc
 3aGhmbMLHpG4quBms4V2Phw0rlx0n4g=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-609-s2RfLtrANcSXyNvsyPkP6Q-1; Wed, 18 May 2022 06:18:10 -0400
X-MC-Unique: s2RfLtrANcSXyNvsyPkP6Q-1
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com
 [10.11.54.10])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4B62E3C1618C;
 Wed, 18 May 2022 10:18:10 +0000 (UTC)
Received: from fchome.home (unknown [10.40.195.61])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 360A5492C14;
 Wed, 18 May 2022 10:18:06 +0000 (UTC)
From: David Marchand <david.marchand@redhat.com>
To: dev@dpdk.org
Cc: thomas@monjalon.net, ferruh.yigit@xilinx.com, stable@dpdk.org,
 Xiao Wang <xiao.w.wang@intel.com>
Subject: [PATCH 09/12] vdpa/ifc: fix build with GCC 12
Date: Wed, 18 May 2022 12:16:54 +0200
Message-Id: <20220518101657.1230416-10-david.marchand@redhat.com>
In-Reply-To: <20220518101657.1230416-1-david.marchand@redhat.com>
References: <20220518101657.1230416-1-david.marchand@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.10
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=david.marchand@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

GCC 12 raises the following warning:

../drivers/vdpa/ifc/ifcvf_vdpa.c: In function ‘vdpa_enable_vfio_intr’:
../drivers/vdpa/ifc/ifcvf_vdpa.c:383:62: error: writing 4 bytes into a
    region of size 0 [-Werror=stringop-overflow=]
  383 |                         fd_ptr[RTE_INTR_VEC_RXTX_OFFSET + i] = fd;
      |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
../drivers/vdpa/ifc/ifcvf_vdpa.c:348:14: note: at offset 32 into
    destination object ‘irq_set_buf’ of size 32
  348 |         char irq_set_buf[MSIX_IRQ_SET_BUF_LEN];
      |              ^~~~~~~~~~~

Validate number of vrings to avoid out of bound access.

Cc: stable@dpdk.org

Signed-off-by: David Marchand <david.marchand@redhat.com>
---
 drivers/vdpa/ifc/ifcvf_vdpa.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/vdpa/ifc/ifcvf_vdpa.c b/drivers/vdpa/ifc/ifcvf_vdpa.c
index 9f05595b6b..6708849bd3 100644
--- a/drivers/vdpa/ifc/ifcvf_vdpa.c
+++ b/drivers/vdpa/ifc/ifcvf_vdpa.c
@@ -354,6 +354,8 @@ vdpa_enable_vfio_intr(struct ifcvf_internal *internal, bool m_rx)
 	vring.callfd = -1;
 
 	nr_vring = rte_vhost_get_vring_num(internal->vid);
+	if (nr_vring > IFCVF_MAX_QUEUES * 2)
+		return -1;
 
 	irq_set = (struct vfio_irq_set *)irq_set_buf;
 	irq_set->argsz = sizeof(irq_set_buf);
-- 
2.36.1