From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 65191A0547; Fri, 9 Apr 2021 16:56:26 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 37746141086; Fri, 9 Apr 2021 16:56:26 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mails.dpdk.org (Postfix) with ESMTP id F1AED4014D for ; Fri, 9 Apr 2021 16:56:24 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1617980184; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=aKD+YGGZ/gnbdsTcW8BYtG1FtuGkyO4imO8LXw+Ngyw=; b=Jj9vZ50MyCGmhvR2iEmKNPWOm7VxWinHM1bHW+IwYaQ8RQRxcf9mzRy5JiTckWgFe4qpmN hN8LQPQmLUQFZ0jVjPIvn2y6T2svTgjioWQqgKQpCHbLc9doOz/ATSNwD7ZKa9FtqocOwR RQI1XFm7BKPpyVT1qYgCcj1r9mKsiAc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-572-TdPXVfd8N0WErrVbSzEuEg-1; Fri, 09 Apr 2021 10:56:19 -0400 X-MC-Unique: TdPXVfd8N0WErrVbSzEuEg-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6504579EC2; Fri, 9 Apr 2021 14:56:18 +0000 (UTC) Received: from dhcp-25.97.bos.redhat.com (ovpn-115-147.rdu2.redhat.com [10.10.115.147]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1BA1E5D9C0; Fri, 9 Apr 2021 14:56:13 +0000 (UTC) From: Aaron Conole To: Ferruh Yigit Cc: David Marchand , stable@dpdk.org, tianfei.zhang@intel.com, Wei Huang , qi.z.zhang@intel.com, rosen.xu@intel.com, dev@dpdk.org, John McNamara References: <20210408085151.54996-1-wei.huang@intel.com> <20210408085151.54996-2-wei.huang@intel.com> Date: Fri, 09 Apr 2021 10:56:13 -0400 In-Reply-To: (Ferruh Yigit's message of "Thu, 8 Apr 2021 10:38:50 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=aconole@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain Subject: Re: [dpdk-dev] [PATCH v2 1/1] raw/ifpga/base: check size before assigning X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Ferruh Yigit writes: > On 4/8/2021 9:51 AM, Wei Huang wrote: >> In max10_staging_area_init(), variable "size" from fdt_get_reg() may >> be invalid, it should be checked before assigning to member variable >> "staging_area_size" of structure "intel_max10_device". >> >> Coverity issue: 367480, 367482 >> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device driver") >> >> Signed-off-by: Wei Huang >> --- >> v2: check size before assigning to staging_area_size >> --- >> drivers/raw/ifpga/base/opae_intel_max10.c | 2 +- >> drivers/raw/ifpga/base/opae_intel_max10.h | 1 + >> 2 files changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c b/drivers/raw/ifpga/base/opae_intel_max10.c >> index 443e248fb3..c223fafa03 100644 >> --- a/drivers/raw/ifpga/base/opae_intel_max10.c >> +++ b/drivers/raw/ifpga/base/opae_intel_max10.c >> @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct intel_max10_device *dev) >> continue; >> ret = fdt_get_reg(fdt_root, offset, 0, &start, &size); >> - if (!ret) { >> + if (!ret && (size <= MAX_STAGING_AREA_SIZE)) { >> dev->staging_area_base = start; >> dev->staging_area_size = size; >> } >> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h b/drivers/raw/ifpga/base/opae_intel_max10.h >> index 670683f017..e7142d6f0d 100644 >> --- a/drivers/raw/ifpga/base/opae_intel_max10.h >> +++ b/drivers/raw/ifpga/base/opae_intel_max10.h >> @@ -182,6 +182,7 @@ struct opae_retimer_status { >> #define SBUS_VERSION GENMASK(31, 16) >> #define DFT_MAX_SIZE 0x7e0000 >> +#define MAX_STAGING_AREA_SIZE 0x3800000 >> int max10_reg_read(struct intel_max10_device *dev, >> unsigned int reg, unsigned int *val); >> > > Hi Aaron, David, > > The data flow is complex for this coverity issues [1], at least I > can't confirm that change fixes the issue. > > Are you aware of any way to confirm this coverity issue before merging it? Not generically. :-/ We need someone that understands the data flow and the coverity splat to know that the fix is correct. Coverity even ratelimits how many outstanding submissions we can post, iirc, so we don't get to push patch sets (unless we pay? I don't recall if there's an option for that). > [1] > https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=100181086&defectInstanceId=14238477&mergedDefectId=367480