From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 018E2A0579;
	Thu,  8 Apr 2021 11:38:59 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 9EBFF140F95;
	Thu,  8 Apr 2021 11:38:58 +0200 (CEST)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mails.dpdk.org (Postfix) with ESMTP id 37A9540138;
 Thu,  8 Apr 2021 11:38:56 +0200 (CEST)
IronPort-SDR: ZFESpIHOPhY5AQf2ssjrCcn29I0o0xKvhk0Jv2rD8MKE/VT5BjmOJpFeT4ntrXthv+6tMXrjDs
 hSzQ37x4lc9Q==
X-IronPort-AV: E=McAfee;i="6000,8403,9947"; a="172976393"
X-IronPort-AV: E=Sophos;i="5.82,206,1613462400"; d="scan'208";a="172976393"
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 08 Apr 2021 02:38:54 -0700
IronPort-SDR: hFTGlYdb8/rCee/aQFTVv9ETHBlZfZ88Z543Gwtr8+u5Bd2NknBJV+mT5WrjuxLapUYJJssreA
 CUCWry+Qjbjw==
X-IronPort-AV: E=Sophos;i="5.82,206,1613462400"; d="scan'208";a="380186596"
Received: from fyigit-mobl1.ger.corp.intel.com (HELO [10.213.203.5])
 ([10.213.203.5])
 by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 08 Apr 2021 02:38:51 -0700
To: Aaron Conole <aconole@redhat.com>,
 David Marchand <david.marchand@redhat.com>
Cc: stable@dpdk.org, tianfei.zhang@intel.com, Wei Huang
 <wei.huang@intel.com>, qi.z.zhang@intel.com, rosen.xu@intel.com,
 dev@dpdk.org, John McNamara <john.mcnamara@intel.com>
References: <20210408085151.54996-1-wei.huang@intel.com>
 <20210408085151.54996-2-wei.huang@intel.com>
From: Ferruh Yigit <ferruh.yigit@intel.com>
X-User: ferruhy
Message-ID: <f64dd28b-8622-ab8f-41ba-fd93153fef40@intel.com>
Date: Thu, 8 Apr 2021 10:38:50 +0100
MIME-Version: 1.0
In-Reply-To: <20210408085151.54996-2-wei.huang@intel.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Subject: Re: [dpdk-dev] [PATCH v2 1/1] raw/ifpga/base: check size before
 assigning
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On 4/8/2021 9:51 AM, Wei Huang wrote:
> In max10_staging_area_init(), variable "size" from fdt_get_reg() may
> be invalid, it should be checked before assigning to member variable
> "staging_area_size" of structure "intel_max10_device".
> 
> Coverity issue: 367480, 367482
> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device driver")
> 
> Signed-off-by: Wei Huang <wei.huang@intel.com>
> ---
> v2: check size before assigning to staging_area_size
> ---
>   drivers/raw/ifpga/base/opae_intel_max10.c | 2 +-
>   drivers/raw/ifpga/base/opae_intel_max10.h | 1 +
>   2 files changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c b/drivers/raw/ifpga/base/opae_intel_max10.c
> index 443e248fb3..c223fafa03 100644
> --- a/drivers/raw/ifpga/base/opae_intel_max10.c
> +++ b/drivers/raw/ifpga/base/opae_intel_max10.c
> @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct intel_max10_device *dev)
>   			continue;
>   
>   		ret = fdt_get_reg(fdt_root, offset, 0, &start, &size);
> -		if (!ret) {
> +		if (!ret && (size <= MAX_STAGING_AREA_SIZE)) {
>   			dev->staging_area_base = start;
>   			dev->staging_area_size = size;
>   		}
> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h b/drivers/raw/ifpga/base/opae_intel_max10.h
> index 670683f017..e7142d6f0d 100644
> --- a/drivers/raw/ifpga/base/opae_intel_max10.h
> +++ b/drivers/raw/ifpga/base/opae_intel_max10.h
> @@ -182,6 +182,7 @@ struct opae_retimer_status {
>   #define   SBUS_VERSION			GENMASK(31, 16)
>   
>   #define DFT_MAX_SIZE		0x7e0000
> +#define MAX_STAGING_AREA_SIZE	0x3800000
>   
>   int max10_reg_read(struct intel_max10_device *dev,
>   	unsigned int reg, unsigned int *val);
> 

Hi Aaron, David,

The data flow is complex for this coverity issues [1], at least I can't confirm 
that change fixes the issue.

Are you aware of any way to confirm this coverity issue before merging it?

[1]
https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=100181086&defectInstanceId=14238477&mergedDefectId=367480