DPDK patches and discussions
 help / color / mirror / Atom feed
From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Sinan Kaya <okaya@kernel.org>,
	Stephen Hemminger <stephen@networkplumber.org>,
	Anatoly Burakov <anatoly.burakov@intel.com>
Subject: [PATCH v4 4/5] malloc: codeql fixes
Date: Mon, 10 Jul 2023 10:07:59 -0700	[thread overview]
Message-ID: <20230710170800.12478-5-stephen@networkplumber.org> (raw)
In-Reply-To: <20230710170800.12478-1-stephen@networkplumber.org>

From: Sinan Kaya <okaya@kernel.org>

In malloc_heap_add_memory result of call to malloc_elem_join_adjacent_free
is dereferenced here and may be null.

In alloc_pages_on_heap result of call to rte_mem_virt2memseg_list
is dereferenced here and may be null.

In eal_memalloc_is_contig result of call to rte_fbarray_get
is dereferenced here and may be null.

In malloc_elem_find_max_iova_contig result of call to rte_mem_virt2memseg
is dereferenced here and may be null.

In malloc_heap_free result of call to malloc_elem_free is dereferenced
here and may be null.

In malloc_elem_alloc result of call to elem_start_pt is dereferenced
here and may be null.

Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 lib/eal/common/eal_common_memalloc.c |  5 ++++-
 lib/eal/common/malloc_elem.c         | 14 +++++++++++---
 lib/eal/common/malloc_heap.c         |  9 ++++++++-
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/lib/eal/common/eal_common_memalloc.c b/lib/eal/common/eal_common_memalloc.c
index ab04479c1cc5..24506f8447d7 100644
--- a/lib/eal/common/eal_common_memalloc.c
+++ b/lib/eal/common/eal_common_memalloc.c
@@ -126,6 +126,9 @@ eal_memalloc_is_contig(const struct rte_memseg_list *msl, void *start,
 
 		/* skip first iteration */
 		ms = rte_fbarray_get(&msl->memseg_arr, start_seg);
+		if (ms == NULL)
+			return false;
+
 		cur = ms->iova;
 		expected = cur + pgsz;
 
@@ -137,7 +140,7 @@ eal_memalloc_is_contig(const struct rte_memseg_list *msl, void *start,
 				cur_seg++, expected += pgsz) {
 			ms = rte_fbarray_get(&msl->memseg_arr, cur_seg);
 
-			if (ms->iova != expected)
+			if ((ms != NULL) && (ms->iova != expected))
 				return false;
 		}
 	}
diff --git a/lib/eal/common/malloc_elem.c b/lib/eal/common/malloc_elem.c
index 619c040aa3e8..443ae26d283a 100644
--- a/lib/eal/common/malloc_elem.c
+++ b/lib/eal/common/malloc_elem.c
@@ -63,6 +63,8 @@ malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align)
 
 	cur_page = RTE_PTR_ALIGN_FLOOR(contig_seg_start, page_sz);
 	ms = rte_mem_virt2memseg(cur_page, elem->msl);
+	if (ms == NULL)
+		return 0;
 
 	/* do first iteration outside the loop */
 	page_end = RTE_PTR_ADD(cur_page, page_sz);
@@ -91,9 +93,12 @@ malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align)
 			 * we're not blowing past data end.
 			 */
 			ms = rte_mem_virt2memseg(contig_seg_start, elem->msl);
-			cur_page = ms->addr;
-			/* don't trigger another recalculation */
-			expected_iova = ms->iova;
+			if (ms != NULL) {
+				cur_page = ms->addr;
+
+				/* don't trigger another recalculation */
+				expected_iova = ms->iova;
+			}
 			continue;
 		}
 		/* cur_seg_end ends on a page boundary or on data end. if we're
@@ -430,6 +435,9 @@ malloc_elem_alloc(struct malloc_elem *elem, size_t size, unsigned align,
 {
 	struct malloc_elem *new_elem = elem_start_pt(elem, size, align, bound,
 			contig);
+	if (new_elem == NULL)
+		return NULL;
+
 	const size_t old_elem_size = (uintptr_t)new_elem - (uintptr_t)elem;
 	const size_t trailer_size = elem->size - old_elem_size - size -
 		MALLOC_ELEM_OVERHEAD;
diff --git a/lib/eal/common/malloc_heap.c b/lib/eal/common/malloc_heap.c
index 6b6cf9174cd3..0abaaa8c57f8 100644
--- a/lib/eal/common/malloc_heap.c
+++ b/lib/eal/common/malloc_heap.c
@@ -97,6 +97,8 @@ malloc_heap_add_memory(struct malloc_heap *heap, struct rte_memseg_list *msl,
 	malloc_elem_insert(elem);
 
 	elem = malloc_elem_join_adjacent_free(elem);
+	if (elem == NULL)
+		return NULL;
 
 	malloc_elem_free_list_insert(elem);
 
@@ -321,6 +323,8 @@ alloc_pages_on_heap(struct malloc_heap *heap, uint64_t pg_sz, size_t elt_size,
 
 	map_addr = ms[0]->addr;
 	msl = rte_mem_virt2memseg_list(map_addr);
+	if (msl == NULL)
+		return NULL;
 
 	/* check if we wanted contiguous memory but didn't get it */
 	if (contig && !eal_memalloc_is_contig(msl, map_addr, alloc_sz)) {
@@ -897,6 +901,9 @@ malloc_heap_free(struct malloc_elem *elem)
 	/* anything after this is a bonus */
 	ret = 0;
 
+	if (elem == NULL)
+		goto free_unlock;
+
 	/* ...of which we can't avail if we are in legacy mode, or if this is an
 	 * externally allocated segment.
 	 */
@@ -935,7 +942,7 @@ malloc_heap_free(struct malloc_elem *elem)
 		const struct rte_memseg *tmp =
 				rte_mem_virt2memseg(aligned_start, msl);
 
-		if (tmp->flags & RTE_MEMSEG_FLAG_DO_NOT_FREE) {
+		if ((tmp != NULL) && (tmp->flags & RTE_MEMSEG_FLAG_DO_NOT_FREE)) {
 			/* this is an unfreeable segment, so move start */
 			aligned_start = RTE_PTR_ADD(tmp->addr, tmp->len);
 		}
-- 
2.39.2


  parent reply	other threads:[~2023-07-10 17:08 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-20  4:41 [PATCH v3 00/10] codeql fixes for various subsystems okaya
2023-01-20  4:41 ` [PATCH v3 01/10] ethdev: check return result of rte_eth_dev_info_get okaya
2023-01-20 10:21   ` Morten Brørup
2023-01-20  4:41 ` [PATCH v3 02/10] memzone: check result of rte_fbarray_get okaya
2023-01-20  4:41 ` [PATCH v3 03/10] memzone: check result of malloc_elem_from_data okaya
2023-01-20  4:41 ` [PATCH v3 04/10] malloc: malloc_elem_join_adjacent_free can return null okaya
2023-01-20  4:41 ` [PATCH v3 05/10] malloc: check result of rte_mem_virt2memseg_list okaya
2023-01-20  4:41 ` [PATCH v3 06/10] malloc: check result of rte_fbarray_get okaya
2023-01-20  4:41 ` [PATCH v3 07/10] malloc: check result of rte_mem_virt2memseg okaya
2023-01-20  4:41 ` [PATCH v3 08/10] malloc: check result of malloc_elem_free okaya
2023-01-20  4:41 ` [PATCH v3 09/10] malloc: check result of elem_start_pt okaya
2023-01-20  4:41 ` [PATCH v3 10/10] bus/vdev: check result of rte_vdev_device_name okaya
2023-01-20 16:47   ` Stephen Hemminger
2023-01-22 20:51     ` Thomas Monjalon
2023-02-06 16:01       ` Sinan Kaya
2023-02-06 18:46         ` Thomas Monjalon
2023-02-06 16:00 ` [PATCH v3 00/10] codeql fixes for various subsystems Sinan Kaya
2023-07-06 22:43 ` Stephen Hemminger
2023-07-10 15:18   ` Sinan Kaya
2023-07-10 17:07 ` [PATCH v4 0/5] fixes for problems found by codeql analyzer Stephen Hemminger
2023-07-10 17:07   ` [PATCH v4 1/5] mailmap: add Sinan Stephen Hemminger
2023-07-10 17:07   ` [PATCH v4 2/5] ethdev: check return result of rte_eth_dev_info_get Stephen Hemminger
2023-12-16 10:06     ` Andrew Rybchenko
2023-12-16 10:08       ` Andrew Rybchenko
2023-07-10 17:07   ` [PATCH v4 3/5] memzone: check result of rte_fbarray_get and malloc_elem_from_data Stephen Hemminger
2023-07-10 17:07   ` Stephen Hemminger [this message]
2023-07-10 17:08   ` [PATCH v4 5/5] bus/vdev: check result of rte_vdev_device_name Stephen Hemminger
2023-12-16 10:10     ` Andrew Rybchenko
2023-07-11  1:37   ` [PATCH v4 0/5] fixes for problems found by codeql analyzer fengchengwen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230710170800.12478-5-stephen@networkplumber.org \
    --to=stephen@networkplumber.org \
    --cc=anatoly.burakov@intel.com \
    --cc=dev@dpdk.org \
    --cc=okaya@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).