From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 018E2A0579; Thu, 8 Apr 2021 11:38:59 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9EBFF140F95; Thu, 8 Apr 2021 11:38:58 +0200 (CEST) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mails.dpdk.org (Postfix) with ESMTP id 37A9540138; Thu, 8 Apr 2021 11:38:56 +0200 (CEST) IronPort-SDR: ZFESpIHOPhY5AQf2ssjrCcn29I0o0xKvhk0Jv2rD8MKE/VT5BjmOJpFeT4ntrXthv+6tMXrjDs hSzQ37x4lc9Q== X-IronPort-AV: E=McAfee;i="6000,8403,9947"; a="172976393" X-IronPort-AV: E=Sophos;i="5.82,206,1613462400"; d="scan'208";a="172976393" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Apr 2021 02:38:54 -0700 IronPort-SDR: hFTGlYdb8/rCee/aQFTVv9ETHBlZfZ88Z543Gwtr8+u5Bd2NknBJV+mT5WrjuxLapUYJJssreA CUCWry+Qjbjw== X-IronPort-AV: E=Sophos;i="5.82,206,1613462400"; d="scan'208";a="380186596" Received: from fyigit-mobl1.ger.corp.intel.com (HELO [10.213.203.5]) ([10.213.203.5]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Apr 2021 02:38:51 -0700 To: Aaron Conole , David Marchand Cc: stable@dpdk.org, tianfei.zhang@intel.com, Wei Huang , qi.z.zhang@intel.com, rosen.xu@intel.com, dev@dpdk.org, John McNamara References: <20210408085151.54996-1-wei.huang@intel.com> <20210408085151.54996-2-wei.huang@intel.com> From: Ferruh Yigit X-User: ferruhy Message-ID: Date: Thu, 8 Apr 2021 10:38:50 +0100 MIME-Version: 1.0 In-Reply-To: <20210408085151.54996-2-wei.huang@intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [dpdk-dev] [PATCH v2 1/1] raw/ifpga/base: check size before assigning X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 4/8/2021 9:51 AM, Wei Huang wrote: > In max10_staging_area_init(), variable "size" from fdt_get_reg() may > be invalid, it should be checked before assigning to member variable > "staging_area_size" of structure "intel_max10_device". > > Coverity issue: 367480, 367482 > Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device driver") > > Signed-off-by: Wei Huang > --- > v2: check size before assigning to staging_area_size > --- > drivers/raw/ifpga/base/opae_intel_max10.c | 2 +- > drivers/raw/ifpga/base/opae_intel_max10.h | 1 + > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c b/drivers/raw/ifpga/base/opae_intel_max10.c > index 443e248fb3..c223fafa03 100644 > --- a/drivers/raw/ifpga/base/opae_intel_max10.c > +++ b/drivers/raw/ifpga/base/opae_intel_max10.c > @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct intel_max10_device *dev) > continue; > > ret = fdt_get_reg(fdt_root, offset, 0, &start, &size); > - if (!ret) { > + if (!ret && (size <= MAX_STAGING_AREA_SIZE)) { > dev->staging_area_base = start; > dev->staging_area_size = size; > } > diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h b/drivers/raw/ifpga/base/opae_intel_max10.h > index 670683f017..e7142d6f0d 100644 > --- a/drivers/raw/ifpga/base/opae_intel_max10.h > +++ b/drivers/raw/ifpga/base/opae_intel_max10.h > @@ -182,6 +182,7 @@ struct opae_retimer_status { > #define SBUS_VERSION GENMASK(31, 16) > > #define DFT_MAX_SIZE 0x7e0000 > +#define MAX_STAGING_AREA_SIZE 0x3800000 > > int max10_reg_read(struct intel_max10_device *dev, > unsigned int reg, unsigned int *val); > Hi Aaron, David, The data flow is complex for this coverity issues [1], at least I can't confirm that change fixes the issue. Are you aware of any way to confirm this coverity issue before merging it? [1] https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=100181086&defectInstanceId=14238477&mergedDefectId=367480