* Re: [PATCH v2] vdpa/ifc/base: fix null pointer dereference
2022-07-08 9:10 [PATCH v2] vdpa/ifc/base: fix null pointer dereference Andy Pei
@ 2022-07-08 9:07 ` Maxime Coquelin
0 siblings, 0 replies; 2+ messages in thread
From: Maxime Coquelin @ 2022-07-08 9:07 UTC (permalink / raw)
To: Andy Pei, dev; +Cc: chenbo.xia, xiao.w.wang
On 7/8/22 11:10, Andy Pei wrote:
> Fix null pointer dereference reported in coverity scan.
> Output some log information when lm_cfg is null.
> Make sure lm_cfg is not null before operate on lm_cfg.
>
> Coverity issue: 378882
> Fixes: d7fe5a2861e7 ("net/ifc: support live migration")
>
> Signed-off-by: Andy Pei <andy.pei@intel.com>
> ---
> drivers/vdpa/ifc/base/ifcvf.c | 31 ++++++++++++++++++++-----------
> drivers/vdpa/ifc/base/ifcvf_osdep.h | 1 +
> 2 files changed, 21 insertions(+), 11 deletions(-)
>
Thanks, but I already applied v1 locally and did the change.
Rejecting this v2 in patchwork.
Thanks,
Maxime
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH v2] vdpa/ifc/base: fix null pointer dereference
@ 2022-07-08 9:10 Andy Pei
2022-07-08 9:07 ` Maxime Coquelin
0 siblings, 1 reply; 2+ messages in thread
From: Andy Pei @ 2022-07-08 9:10 UTC (permalink / raw)
To: dev; +Cc: chenbo.xia, maxime.coquelin, xiao.w.wang
Fix null pointer dereference reported in coverity scan.
Output some log information when lm_cfg is null.
Make sure lm_cfg is not null before operate on lm_cfg.
Coverity issue: 378882
Fixes: d7fe5a2861e7 ("net/ifc: support live migration")
Signed-off-by: Andy Pei <andy.pei@intel.com>
---
drivers/vdpa/ifc/base/ifcvf.c | 31 ++++++++++++++++++++-----------
drivers/vdpa/ifc/base/ifcvf_osdep.h | 1 +
2 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/drivers/vdpa/ifc/base/ifcvf.c b/drivers/vdpa/ifc/base/ifcvf.c
index 0a9f71a..f1e1474 100644
--- a/drivers/vdpa/ifc/base/ifcvf.c
+++ b/drivers/vdpa/ifc/base/ifcvf.c
@@ -87,6 +87,8 @@
}
hw->lm_cfg = hw->mem_resource[4].addr;
+ if (!hw->lm_cfg)
+ WARNINGOUT("HW support live migration not support!\n");
if (hw->common_cfg == NULL || hw->notify_base == NULL ||
hw->isr == NULL || hw->dev_cfg == NULL) {
@@ -218,17 +220,19 @@
&cfg->queue_used_hi);
IFCVF_WRITE_REG16(hw->vring[i].size, &cfg->queue_size);
- if (hw->device_type == IFCVF_BLK)
- *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
- i * IFCVF_LM_CFG_SIZE) =
- (u32)hw->vring[i].last_avail_idx |
- ((u32)hw->vring[i].last_used_idx << 16);
- else
- *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
- (i / 2) * IFCVF_LM_CFG_SIZE +
- (i % 2) * 4) =
- (u32)hw->vring[i].last_avail_idx |
- ((u32)hw->vring[i].last_used_idx << 16);
+ if (lm_cfg) {
+ if (hw->device_type == IFCVF_BLK)
+ *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
+ i * IFCVF_LM_CFG_SIZE) =
+ (u32)hw->vring[i].last_avail_idx |
+ ((u32)hw->vring[i].last_used_idx << 16);
+ else
+ *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
+ (i / 2) * IFCVF_LM_CFG_SIZE +
+ (i % 2) * 4) =
+ (u32)hw->vring[i].last_avail_idx |
+ ((u32)hw->vring[i].last_used_idx << 16);
+ }
IFCVF_WRITE_REG16(i + 1, &cfg->queue_msix_vector);
if (IFCVF_READ_REG16(&cfg->queue_msix_vector) ==
@@ -320,6 +324,8 @@
u8 *lm_cfg;
lm_cfg = hw->lm_cfg;
+ if (!lm_cfg)
+ return;
*(u32 *)(lm_cfg + IFCVF_LM_BASE_ADDR_LOW) =
log_base & IFCVF_32_BIT_MASK;
@@ -342,6 +348,9 @@
u8 *lm_cfg;
lm_cfg = hw->lm_cfg;
+ if (!lm_cfg)
+ return;
+
*(u32 *)(lm_cfg + IFCVF_LM_LOGGING_CTRL) = IFCVF_LM_DISABLE;
}
diff --git a/drivers/vdpa/ifc/base/ifcvf_osdep.h b/drivers/vdpa/ifc/base/ifcvf_osdep.h
index 6aef25e..8a47fcb 100644
--- a/drivers/vdpa/ifc/base/ifcvf_osdep.h
+++ b/drivers/vdpa/ifc/base/ifcvf_osdep.h
@@ -14,6 +14,7 @@
#include <rte_log.h>
#include <rte_io.h>
+#define WARNINGOUT(S, args...) RTE_LOG(WARNING, PMD, S, ##args)
#define DEBUGOUT(S, args...) RTE_LOG(DEBUG, PMD, S, ##args)
#define STATIC static
--
1.8.3.1
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-07-08 9:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-08 9:10 [PATCH v2] vdpa/ifc/base: fix null pointer dereference Andy Pei
2022-07-08 9:07 ` Maxime Coquelin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).