All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] enic: negative array index write
@ 2016-05-27 12:56 Slawomir Mrozowicz
  2016-06-20 14:35 ` Ferruh Yigit
  0 siblings, 1 reply; 4+ messages in thread
From: Slawomir Mrozowicz @ 2016-05-27 12:56 UTC (permalink / raw)
  To: johndale, neescoba; +Cc: dev, Slawomir Mrozowicz

Negative array index write using variable pos as an index to array enic->fdir.nodes.
Fixed by add array index check.

Fixes: fefed3d1e62c ("enic: new driver")
Coverity ID 13270

Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
---
 drivers/net/enic/enic_clsf.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/net/enic/enic_clsf.c b/drivers/net/enic/enic_clsf.c
index edb56e1..6b1489d 100644
--- a/drivers/net/enic/enic_clsf.c
+++ b/drivers/net/enic/enic_clsf.c
@@ -213,6 +213,12 @@ int enic_fdir_add_fltr(struct enic *enic, struct rte_eth_fdir_filter *params)
 	}
 
 	pos = rte_hash_add_key(enic->fdir.hash, params);
+	if (pos < 0 || pos >= ENICPMD_FDIR_MAX) {
+		dev_err(enic, "Add hash key failed\n");
+		enic->fdir.stats.f_add++;
+		return -EINVAL;
+	}
+
 	enic->fdir.nodes[pos] = key;
 	return 0;
 }
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] enic: negative array index write
  2016-05-27 12:56 [PATCH] enic: negative array index write Slawomir Mrozowicz
@ 2016-06-20 14:35 ` Ferruh Yigit
  2016-06-20 19:27   ` [PATCH v2] " John Daley
  0 siblings, 1 reply; 4+ messages in thread
From: Ferruh Yigit @ 2016-06-20 14:35 UTC (permalink / raw)
  To: Slawomir Mrozowicz, johndale, neescoba; +Cc: dev

On 5/27/2016 1:56 PM, Slawomir Mrozowicz wrote:
> Negative array index write using variable pos as an index to array enic->fdir.nodes.
> Fixed by add array index check.
> 
> Fixes: fefed3d1e62c ("enic: new driver")
> Coverity ID 13270
> 
> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
> ---

Hi John, Nelson,

Any comment to this patch?

Thanks,
ferruh

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH v2] enic: negative array index write
  2016-06-20 14:35 ` Ferruh Yigit
@ 2016-06-20 19:27   ` John Daley
  2016-06-24 11:44     ` Bruce Richardson
  0 siblings, 1 reply; 4+ messages in thread
From: John Daley @ 2016-06-20 19:27 UTC (permalink / raw)
  To: slawomirx.mrozowicz, ferruh.yigit; +Cc: dev, John Daley

Negative array index write using variable pos as an index to array
enic->fdir.nodes. Fixed by add array index check.

Fixes: fefed3d1e62c ("enic: new driver") Coverity ID 13270
Signed-off-by: John Daley <johndale@cisco.com>
---

Here is a version 2. Differences with fix proposed by Slawomir Mrozowicz:
- handle the return code error condition for both calls to rte_hash_add_key()
  not just the the 2nd one.
- no need to check for pos >= ENICPMD_FDIR_MAX since it should already be
  validated by rte_hash_add_key(). rte_hash_create() takes an 'entries'
  parameter which is used to cap the max return value of rte_hash_add_key().
- when pos is < 0, return the actual error (pos), instead of -EINVAL.

 drivers/net/enic/enic_clsf.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/drivers/net/enic/enic_clsf.c b/drivers/net/enic/enic_clsf.c
index edb56e1..7d2bb78 100644
--- a/drivers/net/enic/enic_clsf.c
+++ b/drivers/net/enic/enic_clsf.c
@@ -148,9 +148,13 @@ int enic_fdir_add_fltr(struct enic *enic, struct rte_eth_fdir_filter *params)
 		enic->fdir.nodes[pos] = NULL;
 		if (unlikely(key->rq_index == queue)) {
 			/* Nothing to be done */
+			enic->fdir.stats.f_add++;
 			pos = rte_hash_add_key(enic->fdir.hash, params);
+			if (pos < 0) {
+				dev_err(enic, "Add hash key failed\n");
+				return pos;
+			}
 			enic->fdir.nodes[pos] = key;
-			enic->fdir.stats.f_add++;
 			dev_warning(enic,
 				"FDIR rule is already present\n");
 			return 0;
@@ -213,6 +217,11 @@ int enic_fdir_add_fltr(struct enic *enic, struct rte_eth_fdir_filter *params)
 	}
 
 	pos = rte_hash_add_key(enic->fdir.hash, params);
+	if (pos < 0) {
+		dev_err(enic, "Add hash key failed\n");
+		return pos;
+	}
+
 	enic->fdir.nodes[pos] = key;
 	return 0;
 }
-- 
2.7.0

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] enic: negative array index write
  2016-06-20 19:27   ` [PATCH v2] " John Daley
@ 2016-06-24 11:44     ` Bruce Richardson
  0 siblings, 0 replies; 4+ messages in thread
From: Bruce Richardson @ 2016-06-24 11:44 UTC (permalink / raw)
  To: John Daley; +Cc: slawomirx.mrozowicz, ferruh.yigit, dev

On Mon, Jun 20, 2016 at 12:27:46PM -0700, John Daley wrote:
> Negative array index write using variable pos as an index to array
> enic->fdir.nodes. Fixed by add array index check.
> 
> Fixes: fefed3d1e62c ("enic: new driver") Coverity ID 13270
> Signed-off-by: John Daley <johndale@cisco.com>
> ---
> 
Applied to dpdk-next-net/rel_16_07

/Bruce

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-06-24 11:45 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-27 12:56 [PATCH] enic: negative array index write Slawomir Mrozowicz
2016-06-20 14:35 ` Ferruh Yigit
2016-06-20 19:27   ` [PATCH v2] " John Daley
2016-06-24 11:44     ` Bruce Richardson

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.