From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 73635A0524; Wed, 14 Apr 2021 04:46:30 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id ED0F71615C2; Wed, 14 Apr 2021 04:46:29 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id 7C65A1615BC; Wed, 14 Apr 2021 04:46:27 +0200 (CEST) IronPort-SDR: z4bmcQGpjx+E2oJaVOKeAVA1meYmMNKUIPI2NC4jBgdRNTl0l50CU7qtLIhL8s4iLKmVNSjhZy 2DpgP1fs0qwA== X-IronPort-AV: E=McAfee;i="6200,9189,9953"; a="258519251" X-IronPort-AV: E=Sophos;i="5.82,221,1613462400"; d="scan'208";a="258519251" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Apr 2021 19:46:26 -0700 IronPort-SDR: 0R7TQKpVWFbzamMn3b1O+LJeu+xFC4Hl2NvGfriib+8MMXVimSRhVFSSKUiEq0DSbmNIPyHyCW OXRkGLrdSpAw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.82,221,1613462400"; d="scan'208";a="521830813" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga001.fm.intel.com with ESMTP; 13 Apr 2021 19:46:25 -0700 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 13 Apr 2021 19:46:25 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Tue, 13 Apr 2021 19:46:25 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.175) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Tue, 13 Apr 2021 19:46:24 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ly3/HTspN82Y0t8bQLS7TKqnAVQp0Tetu66IM1cWIXwRp6egiLUZwv+epXexGdfVil2ys3Y5jmPrV/iFSZ4A5s4luHFeBhO/f/OoxfEuTnTgWmZM4+yk4Uoxr5IksNUwPNh71DMl9uIsEySsQDTi9b2fUpNNyTHBeoI82sIDkBruAciOlx6fRBgS0PH5UyRLkOCYtVXKYuL+R0OmOz9E6yz0qiuVx7BdGvirYGC2ZJLO+td1RWRAJoDRZIaSyWa7jzcgRtuu34yOG6/NMhCEJakHAhKPWyUbMFiAIXFY2r+dP500yDlYyBPoE8qOzicW2aRK01Mid2w/ltN7jkecjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bqhqkO34ItFMpViWCvMCSgWJS9o54twtOa/Efm9qzr4=; b=hZDmdhjptMML+RRGDpf0qKeaE3L16S/kdbt4tNB5HoHRgF4dXnn74x+QhOdNRybGTiDl0Nu4VEKNDeeqtVG5lR3JiQtmoGsW1po4QSJmEokcb8x/mggQ9/V0jMRUU+Wp7Kjj5gl4igdZnUgxeBkR720aXbn2M1gSNaRgTEXOKuDg5MQc1bbn/oocBxG/k7gcfwtgldUx4H+rRzD+XU7PbzA1IOSPSy7xlM6BUTVSbBxILkmpxJs259fPDfOfUeIsCihNpOzeL04CPZiOapK3sk8WXHDf5czdvxwzO9V0HwbsDlBzOl1rNmtUNDQFmneC+MfkVRSy1LOUrwzxEUAS8w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bqhqkO34ItFMpViWCvMCSgWJS9o54twtOa/Efm9qzr4=; b=FsfdBzTbAbe+VY1fxH/MlndKUIV2oqetbWdmMmngcKHZ7cuGoX+pZ+GITNEamF99g9fOlC3Asin/cCCgOv3LI3BiEybECftG7XjYUR8CmUdbTi5kgRTm11K1Mw6mbB163oxtdCrEbIZNiEfbMCgs30Uu/4wiJyEs32DzhN3HjNs= Received: from DM6PR11MB3131.namprd11.prod.outlook.com (2603:10b6:5:6d::32) by DM5PR11MB1450.namprd11.prod.outlook.com (2603:10b6:4:f::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Wed, 14 Apr 2021 02:46:21 +0000 Received: from DM6PR11MB3131.namprd11.prod.outlook.com ([fe80::181b:59f1:8b7e:b9db]) by DM6PR11MB3131.namprd11.prod.outlook.com ([fe80::181b:59f1:8b7e:b9db%6]) with mapi id 15.20.4020.022; Wed, 14 Apr 2021 02:46:21 +0000 From: "Zhang, Tianfei" To: Aaron Conole , "Yigit, Ferruh" CC: David Marchand , "stable@dpdk.org" , "Huang, Wei" , "Zhang, Qi Z" , "Xu, Rosen" , "dev@dpdk.org" , "Mcnamara, John" Thread-Topic: [PATCH v2 1/1] raw/ifpga/base: check size before assigning Thread-Index: AQHXLFVANEQUA+3GL0qGjI4Jy//HrKqqXUsAgAHrIkCABw1WsA== Date: Wed, 14 Apr 2021 02:46:21 +0000 Message-ID: References: <20210408085151.54996-1-wei.huang@intel.com> <20210408085151.54996-2-wei.huang@intel.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.5.1.3 dlp-reaction: no-action authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [117.186.6.126] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e2b58ef7-5ba1-4994-6c1f-08d8feef7cbd x-ms-traffictypediagnostic: DM5PR11MB1450: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4125; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: XbMV/1i4FHCYV6s4e00LFN/IjwXku5/9P0177flrk8TMaILiQRmunmV2dHzouYv5ZtQbQGdjvB2FaskO+zA1+JJowNLuddTWu8AYvO9RuqdoLABKCjXD1xxbPS6uvbGDcsqwIl7j3k9FNITB6S/rgBNq9Q4Ia8jR9Vqk+rSWLPDXA8t8cQY2qVg5IjwK6tBqiusj0kLnhzpVmi86OjdFoib2kiWYiO5dsnNsitTM8FAU+TO5EuTA7Ep/V0xHK9TcxQ2WIRkS7AlYUrgrjPzfh97k+lV1zpP7nnH1efjc0e9PJjmkTT2nwsX4EhMznQCyLPk+AImtKvP1jJhzMVpOa9yeNhErd3FRzuNqM8SHtaixRQCsAsYfzl8v8der0XbfZmeijMWVI3aCqwu8x5FseBoaRHGYLf/BLDWxPv9I9CgkOXenUI7s2AA1nQbQbOhxRJMVzo7hw8QZuB0fy0E8WplykPuWYxHnCuPqaEC28KEeBxBXOhMcymnJii9ZyKz+yZsI5aH5Z3KnOhSlOBRoLqdbTXRl4AvZqvEneIKT/zGA+baH4RrzFZyTpBHKEP3PlVunIOo2yo/uZjacYP7w0i5AhhgHDdUFe8rlxTRFoTWtn8cxpLP0oYgsjIQ9xFyaakRtQ816hL0GD8T7259ZYkFnCVN7yql1bKI5j/1Kpjv3ZFetXUlj2Iv+96cMsLbx x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB3131.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(346002)(366004)(136003)(376002)(39860400002)(76116006)(66446008)(64756008)(66946007)(66476007)(478600001)(66556008)(5660300002)(71200400001)(52536014)(110136005)(316002)(54906003)(86362001)(6506007)(53546011)(966005)(7696005)(6636002)(33656002)(4326008)(26005)(55016002)(38100700002)(107886003)(9686003)(8936002)(8676002)(186003)(2906002)(83380400001)(122000001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: =?iso-2022-jp?B?bVpkbkQ1eVVjNFd3ZUxHQ2dtcC8wKzgrWUVKUDdkblpwdkRWTFN2dCt3?= =?iso-2022-jp?B?UFpFcktXZnVSOFprVGUzTElpb3EzVHJxZ2x5bERQYjdnNncycktNU3lG?= =?iso-2022-jp?B?WTJHUGErQld1emhyY05ETFZGWXhqaHcxd2FpRlRlaFFKWXdHNVQ2WDlX?= =?iso-2022-jp?B?YkdPVjNlMEk2bGRKbTc4cmZJSndpUGRxYXpkak9mWTMvL01HZ2ptU3ZM?= =?iso-2022-jp?B?STV2ZzZud1VKL1dZanM0U0RlMC8rZzg2WW85NTRKYmN4cjNFU0pVOEFR?= =?iso-2022-jp?B?R0hyc0s0clQ2REJtaVB3RjJGNU5IakJqRkJ4SDJIUmgvdCtKcnhXOG9t?= =?iso-2022-jp?B?aGJRa21acDFSTEwya01CTGtwQUZNbGo5Qk5nQkZYZEtHRkJlTHkxZGpl?= =?iso-2022-jp?B?VFk0ODQyUndxd2U1ZWFmN0ZpRGhkK1pHZHZOYzEwWE4vd2hqVEROc1Ny?= =?iso-2022-jp?B?bHZUTi9UT1NPU0pPc1FpWWpQUVhxaWxSb1VkRmNYWEptWE5hSUlxbVZs?= =?iso-2022-jp?B?ajFtcDJuZWEvek55bVpKSWRrM1lGUUlqaHlVdHR3cnJlQTR1Z3l3YUpF?= =?iso-2022-jp?B?cG9nc25GUDJlMHU4V2lyeklLZEE0VlBmcktXaGZyK08zRWI0M1BHQnFN?= =?iso-2022-jp?B?WDBpQzg0UTRxNDZKZk55TEttbnBUdHo0UHhLV213bmVrZXF2WE56ck5R?= =?iso-2022-jp?B?MllUUTcwN0FtRDZ5YkVzT21HcTJ6dFR4MnNlMUdobFpFczhadkYzSUU2?= =?iso-2022-jp?B?cCs5V2FWRWRyeFFRWGdteFlOUFVRdFJQQ2JRUE9ZeWtDS3NMeXdnenF6?= =?iso-2022-jp?B?SHdLQXNIWVhFbTJMMDFneTJ5WnI5a0JNK3ZyRkpENFZtMlppNnhKSEJD?= =?iso-2022-jp?B?T3IvZVZFMXUzVkhaZ0xRZXlPakcwL0NFZG5UeGhoN1pwTGVEUGwya2pR?= =?iso-2022-jp?B?K1l2OHFmU1VoWGRjSU94K0VXNU1yOXYrWDhLek1XTFNBVWtycXpHRnNM?= =?iso-2022-jp?B?OXRMTTByTlpyZHdpSUxjcnVvL0dPN3ZzdVQrOVNEaitwZWJTZnduZlFp?= =?iso-2022-jp?B?SjZwVVRETm9TWGFVUGlTK1g0UEhVeFdHR3dtSFlmTmQvcVpvZ0RXeFY5?= =?iso-2022-jp?B?QlJNUTVuZ1hXb1NuVnNiTmd4VXZ6ZmovN3NybGwxdFZyNnVTdHN6Mm02?= =?iso-2022-jp?B?ZXltdVlxVWJCd0YycU5RRTBVOXk0Qko5Q0ZnWWVzM25DNGRPaEpHZlo4?= =?iso-2022-jp?B?bFZoNnhpYjRFRVhTZXJJSkQ0bzhkZTlKc2F5TjZLRHIxRnNUZGNSMG9a?= =?iso-2022-jp?B?MkMvUGNQdXJrc1R0MWVMREx4OFgxME9ZdVM0bXl5Q0JxUmRsRllMYkhQ?= =?iso-2022-jp?B?WFB3amR3d1dLQ1dXS2g1cGRxYXZyaXVDV3dFamZZWHZzQ2kybC9ORklj?= =?iso-2022-jp?B?SDdqSHEwdUNXeENPeTlJc2JVS3RuMFY5MjVIQUhlTjlRUUNzTE94OEJ6?= =?iso-2022-jp?B?Y3hDdkJtTTR4anoxWDBzZDNSREV6QzYzY0ozRy8rYTVGOThqM2RKZUdR?= =?iso-2022-jp?B?eHB6SDVXSm1jN1R5V1lLMjlKSm5yYUZxM0ZXTGp6Zi9NQURmUXE0ZSs2?= =?iso-2022-jp?B?MHZoNkFjNWMwY1grY2tEUGhvdnFPd3JMK0s5YnpUVGVPcHVrZ1hwUTc4?= =?iso-2022-jp?B?UVpsbnQrSHUyamhxSy9RTmVHYmhYZ01DN1pTZUdCSDZPdHllOXgwZXFW?= =?iso-2022-jp?B?ZnMxa2JNWW44azhGcUkyNkRXZVl5aTBUeHpHbU00amVIUlZ0ck9yTkYw?= =?iso-2022-jp?B?K0lMclZuTFRKdTM5NTN3N2FTblZ5am5UVk5PcWxjTzJNc0hCSEF4emdq?= =?iso-2022-jp?B?a0Q5OUFBUDNDa01pV3FMSnE1ZHRjM1FRdUZ5MlhvZklEQ2VwM0dxQkNp?= Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB3131.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e2b58ef7-5ba1-4994-6c1f-08d8feef7cbd X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Apr 2021 02:46:21.4713 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ssXm0V/BbtrIuaGma9I4QdgqlNWGNu3RsAit0Z22oEqaWcVDz5kWswvGHuTLMmcRLt57SjkKnaBNrnABvjn9Vg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1450 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH v2 1/1] raw/ifpga/base: check size before assigning X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > -----Original Message----- > From: Aaron Conole > Sent: 2021=1B$BG/=1B(B4=1B$B7n=1B(B9=1B$BF|=1B(B 22:56 > To: Yigit, Ferruh > Cc: David Marchand ; stable@dpdk.org; > Zhang, Tianfei ; Huang, Wei > ; Zhang, Qi Z ; Xu, Rosen > ; dev@dpdk.org; Mcnamara, John > > Subject: Re: [PATCH v2 1/1] raw/ifpga/base: check size before assigning >=20 > Ferruh Yigit writes: >=20 > > On 4/8/2021 9:51 AM, Wei Huang wrote: > >> In max10_staging_area_init(), variable "size" from fdt_get_reg() may > >> be invalid, it should be checked before assigning to member variable > >> "staging_area_size" of structure "intel_max10_device". > >> > >> Coverity issue: 367480, 367482 > >> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device > >> driver") > >> > >> Signed-off-by: Wei Huang > >> --- > >> v2: check size before assigning to staging_area_size > >> --- > >> drivers/raw/ifpga/base/opae_intel_max10.c | 2 +- > >> drivers/raw/ifpga/base/opae_intel_max10.h | 1 + > >> 2 files changed, 2 insertions(+), 1 deletion(-) > >> > >> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c > >> b/drivers/raw/ifpga/base/opae_intel_max10.c > >> index 443e248fb3..c223fafa03 100644 > >> --- a/drivers/raw/ifpga/base/opae_intel_max10.c > >> +++ b/drivers/raw/ifpga/base/opae_intel_max10.c > >> @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct > intel_max10_device *dev) > >> continue; > >> ret =3D fdt_get_reg(fdt_root, offset, 0, &start, &size); > >> - if (!ret) { > >> + if (!ret && (size <=3D MAX_STAGING_AREA_SIZE)) { > >> dev->staging_area_base =3D start; > >> dev->staging_area_size =3D size; > >> } > >> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h > >> b/drivers/raw/ifpga/base/opae_intel_max10.h > >> index 670683f017..e7142d6f0d 100644 > >> --- a/drivers/raw/ifpga/base/opae_intel_max10.h > >> +++ b/drivers/raw/ifpga/base/opae_intel_max10.h > >> @@ -182,6 +182,7 @@ struct opae_retimer_status { > >> #define SBUS_VERSION GENMASK(31, 16) > >> #define DFT_MAX_SIZE 0x7e0000 > >> +#define MAX_STAGING_AREA_SIZE 0x3800000 > >> int max10_reg_read(struct intel_max10_device *dev, > >> unsigned int reg, unsigned int *val); > >> > > > > Hi Aaron, David, > > > > The data flow is complex for this coverity issues [1], at least I > > can't confirm that change fixes the issue. > > > > Are you aware of any way to confirm this coverity issue before merging = it? >=20 > Not generically. :-/ >=20 > We need someone that understands the data flow and the coverity splat to > know that the fix is correct. Coverity even ratelimits how many outstand= ing > submissions we can post, iirc, so we don't get to push patch sets (unless= we > pay? I don't recall if there's an option for that). This fix is looks good for me. The fdt_get_reg() function just read out the= content of some items from DTS file, We call the libfdt library API to do this. The Coverity just assume some attacker broken the DTS file or invoke the fu= nction with arbitrary values, it is not safety, So this patch add some checking after the function return. >=20 > > [1] > > https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=3D1= 0 > > 0181086&defectInstanceId=3D14238477&mergedDefectId=3D367480