DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects
@ 2020-10-30  0:21 Wei Huang
  2020-10-30  0:21 ` [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null Wei Huang
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Wei Huang @ 2020-10-30  0:21 UTC (permalink / raw)
  To: dev, rosen.xu, qi.z.zhang; +Cc: Wei Huang

These two patches fix defects found by coverity scan.

Main changes from v2:
- Fix coding style issue

Wei Huang (2):
  raw/ifpga: terminate string filled by readlink with null
  raw/ifpga: use trusted buffer to free

 drivers/raw/ifpga/ifpga_rawdev.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

-- 
2.7.3


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null
  2020-10-30  0:21 [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Wei Huang
@ 2020-10-30  0:21 ` Wei Huang
  2020-10-30  6:56   ` Zhang, Tianfei
  2020-10-30  0:21 ` [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free Wei Huang
  2020-11-02 12:23 ` [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Zhang, Qi Z
  2 siblings, 1 reply; 6+ messages in thread
From: Wei Huang @ 2020-10-30  0:21 UTC (permalink / raw)
  To: dev, rosen.xu, qi.z.zhang; +Cc: Wei Huang

readlink() does not terminate string, add a null character at the end
of the string if readlink() succeeds.

Fixes: 9c006c45d0c5 ("raw/ifpga: scan PCIe BDF device tree")

Signed-off-by: Wei Huang <wei.huang@intel.com>
---
v2: fix coding style issue
---
 drivers/raw/ifpga/ifpga_rawdev.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/raw/ifpga/ifpga_rawdev.c b/drivers/raw/ifpga/ifpga_rawdev.c
index 0385514..f9de167 100644
--- a/drivers/raw/ifpga/ifpga_rawdev.c
+++ b/drivers/raw/ifpga/ifpga_rawdev.c
@@ -230,8 +230,9 @@ static int ifpga_rawdev_fill_info(struct ifpga_rawdev *ifpga_dev,
 	memset(link, 0, sizeof(link));
 	memset(link1, 0, sizeof(link1));
 	ret = readlink(path, link, (sizeof(link)-1));
-	if (ret == -1)
+	if ((ret < 0) || ((unsigned int)ret > (sizeof(link)-1)))
 		return -1;
+	link[ret] = 0;   /* terminate string with null character */
 	strlcpy(link1, link, sizeof(link1));
 	memset(ifpga_dev->parent_bdf, 0, 16);
 	point = strlen(link);
-- 
2.7.3


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free
  2020-10-30  0:21 [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Wei Huang
  2020-10-30  0:21 ` [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null Wei Huang
@ 2020-10-30  0:21 ` Wei Huang
  2020-10-30  6:56   ` Zhang, Tianfei
  2020-11-02 12:23 ` [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Zhang, Qi Z
  2 siblings, 1 reply; 6+ messages in thread
From: Wei Huang @ 2020-10-30  0:21 UTC (permalink / raw)
  To: dev, rosen.xu, qi.z.zhang; +Cc: Wei Huang

In rte_fpga_do_pr, calling function read() may taints argument buffer
which turn to an untrusted value as argumen of rte_free().

Fixes: ef1e8ede3da5 ("raw/ifpga: add Intel FPGA bus rawdev driver")

Signed-off-by: Wei Huang <wei.huang@intel.com>
---
v2: add fixes information to log
---
 drivers/raw/ifpga/ifpga_rawdev.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/raw/ifpga/ifpga_rawdev.c b/drivers/raw/ifpga/ifpga_rawdev.c
index f9de167..27129b1 100644
--- a/drivers/raw/ifpga/ifpga_rawdev.c
+++ b/drivers/raw/ifpga/ifpga_rawdev.c
@@ -786,7 +786,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
 	int file_fd;
 	int ret = 0;
 	ssize_t buffer_size;
-	void *buffer;
+	void *buffer, *buf_to_free;
 	u64 pr_error;
 
 	if (!file_name)
@@ -818,6 +818,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
 		ret = -ENOMEM;
 		goto close_fd;
 	}
+	buf_to_free = buffer;
 
 	/*read the raw data*/
 	if (buffer_size != read(file_fd, (void *)buffer, buffer_size)) {
@@ -835,8 +836,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
 	}
 
 free_buffer:
-	if (buffer)
-		rte_free(buffer);
+	if (buf_to_free)
+		rte_free(buf_to_free);
 close_fd:
 	close(file_fd);
 	file_fd = 0;
-- 
2.7.3


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null
  2020-10-30  0:21 ` [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null Wei Huang
@ 2020-10-30  6:56   ` Zhang, Tianfei
  0 siblings, 0 replies; 6+ messages in thread
From: Zhang, Tianfei @ 2020-10-30  6:56 UTC (permalink / raw)
  To: Huang, Wei, dev, Xu, Rosen, Zhang, Qi Z; +Cc: Huang, Wei



> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Wei Huang
> Sent: 2020年10月30日 8:22
> To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z
> <qi.z.zhang@intel.com>
> Cc: Huang, Wei <wei.huang@intel.com>
> Subject: [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by
> readlink with null
> 
> readlink() does not terminate string, add a null character at the end of the
> string if readlink() succeeds.
> 
> Fixes: 9c006c45d0c5 ("raw/ifpga: scan PCIe BDF device tree")

It is better add Coverity issue number , like "Coverity issue: xxxx ".
Missing “Cc: stable@dpdk.org”

> 
> Signed-off-by: Wei Huang <wei.huang@intel.com>
> ---
> v2: fix coding style issue
> ---
>  drivers/raw/ifpga/ifpga_rawdev.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/raw/ifpga/ifpga_rawdev.c
> b/drivers/raw/ifpga/ifpga_rawdev.c
> index 0385514..f9de167 100644
> --- a/drivers/raw/ifpga/ifpga_rawdev.c
> +++ b/drivers/raw/ifpga/ifpga_rawdev.c
> @@ -230,8 +230,9 @@ static int ifpga_rawdev_fill_info(struct ifpga_rawdev
> *ifpga_dev,
>  	memset(link, 0, sizeof(link));
>  	memset(link1, 0, sizeof(link1));
>  	ret = readlink(path, link, (sizeof(link)-1));
> -	if (ret == -1)
> +	if ((ret < 0) || ((unsigned int)ret > (sizeof(link)-1)))
>  		return -1;
> +	link[ret] = 0;   /* terminate string with null character */

link[ret] = '\0';

>  	strlcpy(link1, link, sizeof(link1));
>  	memset(ifpga_dev->parent_bdf, 0, 16);
>  	point = strlen(link);
> --
> 2.7.3


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free
  2020-10-30  0:21 ` [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free Wei Huang
@ 2020-10-30  6:56   ` Zhang, Tianfei
  0 siblings, 0 replies; 6+ messages in thread
From: Zhang, Tianfei @ 2020-10-30  6:56 UTC (permalink / raw)
  To: Huang, Wei, dev, Xu, Rosen, Zhang, Qi Z; +Cc: Huang, Wei



> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Wei Huang
> Sent: 2020年10月30日 8:22
> To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z
> <qi.z.zhang@intel.com>
> Cc: Huang, Wei <wei.huang@intel.com>
> Subject: [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free
> 
> In rte_fpga_do_pr, calling function read() may taints argument buffer which
> turn to an untrusted value as argumen of rte_free().
> 
> Fixes: ef1e8ede3da5 ("raw/ifpga: add Intel FPGA bus rawdev driver")

It is better add Coverity issue number , like "Coverity issue: xxxx ".
Missing “Cc: stable@dpdk.org”.
> 
> Signed-off-by: Wei Huang <wei.huang@intel.com>
> ---
> v2: add fixes information to log
> ---
>  drivers/raw/ifpga/ifpga_rawdev.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/raw/ifpga/ifpga_rawdev.c
> b/drivers/raw/ifpga/ifpga_rawdev.c
> index f9de167..27129b1 100644
> --- a/drivers/raw/ifpga/ifpga_rawdev.c
> +++ b/drivers/raw/ifpga/ifpga_rawdev.c
> @@ -786,7 +786,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> port_id,
>  	int file_fd;
>  	int ret = 0;
>  	ssize_t buffer_size;
> -	void *buffer;
> +	void *buffer, *buf_to_free;
>  	u64 pr_error;
> 
>  	if (!file_name)
> @@ -818,6 +818,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> port_id,
>  		ret = -ENOMEM;
>  		goto close_fd;
>  	}
> +	buf_to_free = buffer;
> 
>  	/*read the raw data*/
>  	if (buffer_size != read(file_fd, (void *)buffer, buffer_size)) { @@ -835,8
> +836,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
>  	}
> 
>  free_buffer:
> -	if (buffer)
> -		rte_free(buffer);
> +	if (buf_to_free)
> +		rte_free(buf_to_free);
>  close_fd:
>  	close(file_fd);
>  	file_fd = 0;
> --
> 2.7.3


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects
  2020-10-30  0:21 [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Wei Huang
  2020-10-30  0:21 ` [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null Wei Huang
  2020-10-30  0:21 ` [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free Wei Huang
@ 2020-11-02 12:23 ` Zhang, Qi Z
  2 siblings, 0 replies; 6+ messages in thread
From: Zhang, Qi Z @ 2020-11-02 12:23 UTC (permalink / raw)
  To: Huang, Wei, dev, Xu, Rosen



> -----Original Message-----
> From: Huang, Wei <wei.huang@intel.com>
> Sent: Friday, October 30, 2020 8:22 AM
> To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z
> <qi.z.zhang@intel.com>
> Cc: Huang, Wei <wei.huang@intel.com>
> Subject: [PATCH v2 0/2] raw/ifpga: fix coverity defects
> 
> These two patches fix defects found by coverity scan.
> 
> Main changes from v2:
> - Fix coding style issue
> 
> Wei Huang (2):
>   raw/ifpga: terminate string filled by readlink with null
>   raw/ifpga: use trusted buffer to free
> 
>  drivers/raw/ifpga/ifpga_rawdev.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> --
> 2.7.3


Acked-by: Qi Zhang <qi.z.zhang@intel.com>

Applied to dpdk-next-net-intel.

Thanks
Qi

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-11-02 12:23 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-30  0:21 [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Wei Huang
2020-10-30  0:21 ` [dpdk-dev] [PATCH v2 1/2] raw/ifpga: terminate string filled by readlink with null Wei Huang
2020-10-30  6:56   ` Zhang, Tianfei
2020-10-30  0:21 ` [dpdk-dev] [PATCH v2 2/2] raw/ifpga: use trusted buffer to free Wei Huang
2020-10-30  6:56   ` Zhang, Tianfei
2020-11-02 12:23 ` [dpdk-dev] [PATCH v2 0/2] raw/ifpga: fix coverity defects Zhang, Qi Z

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git