From: Ye Xiaolong <xiaolong.ye@intel.com>
To: "Di, ChenxuX" <chenxux.di@intel.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>, "Xing, Beilei" <beilei.xing@intel.com>
Subject: Re: [dpdk-dev] [PATCH] net/i40e: fix out of bounds read issue
Date: Thu, 7 May 2020 14:30:02 +0800 [thread overview]
Message-ID: <20200507063002.GD49901@intel.com> (raw)
In-Reply-To: <43808b691dbc487eae5d7a9686e03a29@intel.com>
On 05/07, Di, ChenxuX wrote:
>Hi, xiaolong
>
>> -----Original Message-----
>> From: Ye, Xiaolong
>> Sent: Thursday, May 7, 2020 1:15 PM
>> To: Di, ChenxuX <chenxux.di@intel.com>
>> Cc: dev@dpdk.org; Xing, Beilei <beilei.xing@intel.com>
>> Subject: Re: [dpdk-dev] [PATCH] net/i40e: fix out of bounds read issue
>>
>> On 05/07, Chenxu Di wrote:
>> >This patch fixes (out-of-bounds read) coverity issue.
>> >
>> >Coverity issue: 357699
>> >Coverity issue: 357694
>> >Fixes: feaae285b342 ("net/i40e: support hash configuration in RSS
>> >flow")
>> >
>> >Signed-off-by: Chenxu Di <chenxux.di@intel.com>
>> >---
>> > drivers/net/i40e/i40e_ethdev.c | 4 ++--
>> > 1 file changed, 2 insertions(+), 2 deletions(-)
>> >
>> >diff --git a/drivers/net/i40e/i40e_ethdev.c
>> >b/drivers/net/i40e/i40e_ethdev.c index 749d85f54..6c295ac5a 100644
>> >--- a/drivers/net/i40e/i40e_ethdev.c
>> >+++ b/drivers/net/i40e/i40e_ethdev.c
>> >@@ -13180,7 +13180,7 @@ i40e_rss_config_hash_function(struct i40e_pf *pf,
>> > }
>> >
>> > for (j = I40E_FILTER_PCTYPE_INVALID + 1;
>> >- j < I40E_FILTER_PCTYPE_MAX; j++) {
>> >+ j < I40E_FILTER_PCTYPE_MAX && i < UINT64_BIT; j++) {
>>
>> I see i is defined as uint32_t, why compare it to UINT64_BIT here?
>> And could you specify where is the out of bounds read before the fix?
>
>The UINT64_BIT is the define of 64. And i is just used as the index of pctypes_tbl[].
>And the code is just copy the function i40e_set_hash_filter_global_config(),
>So I don't why he use the define UINT64_BIT as the value 64.
>
>>
>> > if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
>
>the out of bounds read is the pctypes_tbl[i]. the above code is that :
>
> for (i = RTE_ETH_FLOW_UNKNOWN + 1; i < UINT64_BIT; i++) {
> if (mask0 & (1UL << i))
> break;
> }
>If the loop doesn't break; the value of i will be 64 while the length of pctypes_tbl[] is 64.
Got it, can you move the i < UINT64_BIT check before the new for loop, so it doesn't
need to check it everytime?
Thanks,
Xiaolong
>
>> > i40e_write_global_rx_ctl(hw,
>> > I40E_GLQF_HSYM(j),
>> >@@ -13312,7 +13312,7 @@ i40e_rss_clear_hash_function(struct i40e_pf *pf,
>> > }
>> >
>> > for (j = I40E_FILTER_PCTYPE_INVALID + 1;
>> >- j < I40E_FILTER_PCTYPE_MAX; j++) {
>> >+ j < I40E_FILTER_PCTYPE_MAX && i < UINT64_BIT; j++) {
>> > if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
>> > i40e_write_global_rx_ctl(hw,
>> > I40E_GLQF_HSYM(j),
>> >--
>> >2.17.1
>> >
next prev parent reply other threads:[~2020-05-07 6:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-07 3:09 [dpdk-dev] [PATCH] net/i40e: fix out of bounds read issue Chenxu Di
2020-05-07 5:15 ` Ye Xiaolong
2020-05-07 5:55 ` Di, ChenxuX
2020-05-07 6:30 ` Ye Xiaolong [this message]
2020-05-07 9:49 ` [dpdk-dev] [PATCH v2] " Chenxu Di
2020-05-08 2:26 ` Yang, Qiming
2020-05-08 2:36 ` Ye Xiaolong
2020-05-08 2:54 ` Yang, Qiming
2020-05-13 2:26 ` [dpdk-dev] [PATCH v3] " Chenxu Di
2020-05-13 6:51 ` Jeff Guo
2020-05-14 1:16 ` Di, ChenxuX
2020-05-14 6:17 ` Jeff Guo
2020-05-14 6:41 ` Di, ChenxuX
2020-05-14 7:07 ` [dpdk-dev] [PATCH v4] " Chenxu Di
2020-05-14 9:07 ` Jeff Guo
2020-05-15 3:22 ` Ye Xiaolong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200507063002.GD49901@intel.com \
--to=xiaolong.ye@intel.com \
--cc=beilei.xing@intel.com \
--cc=chenxux.di@intel.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.