[dpdk-dev] [PATCH] net/vmxnet3: fix dereference before null check
Jastrzebski, MichalX K
michalx.k.jastrzebski at intel.com
Fri Sep 22 15:19:16 CEST 2017
> -----Original Message-----
> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Michal Jastrzebski
> Sent: Friday, September 22, 2017 3:08 PM
> To: yliu at fridaylinux.org; maxime.coquelin at redhat.com
> Cc: dev at dpdk.org; Jain, Deepak K <deepak.k.jain at intel.com>; Kulasek,
> TomaszX <tomaszx.kulasek at intel.com>; yongwang at vmware.com;
> stable at dpdk.org
> Subject: [dpdk-dev] [PATCH] net/vmxnet3: fix dereference before null check
>
> From: Tomasz Kulasek <tomaszx.kulasek at intel.com>
>
> Coverity error:
>
> check_after_deref: Null-checking rq suggests that it may be null, but it
> has already been dereferenced on all paths leading to
> the check.
>
> This patch moves NULL checking of "rq" at the very beginning of the path
> before any dereference.
>
> Coverity issue: 143468
> Fixes: 5aecdc17a97d ("vmxnet3: fix stop/restart")
> Cc: yongwang at vmware.com
> Cc: stable at dpdk.org
>
> Signed-off-by: Tomasz Kulasek <tomaszx.kulasek at intel.com>
> ---
> drivers/net/vmxnet3/vmxnet3_rxtx.c | 17 ++++++++---------
> 1 file changed, 8 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/net/vmxnet3/vmxnet3_rxtx.c
> b/drivers/net/vmxnet3/vmxnet3_rxtx.c
> index d9cf437..4fcceb4 100644
> --- a/drivers/net/vmxnet3/vmxnet3_rxtx.c
> +++ b/drivers/net/vmxnet3/vmxnet3_rxtx.c
> @@ -259,17 +259,16 @@
> {
> int i;
> vmxnet3_rx_queue_t *rq = rxq;
> - struct vmxnet3_hw *hw = rq->hw;
> struct vmxnet3_cmd_ring *ring0, *ring1;
> struct vmxnet3_comp_ring *comp_ring;
> - struct vmxnet3_rx_data_ring *data_ring = &rq->data_ring;
> int size;
>
> - if (rq != NULL) {
> - /* Release both the cmd_rings mbufs */
> - for (i = 0; i < VMXNET3_RX_CMDRING_SIZE; i++)
> - vmxnet3_rx_cmd_ring_release_mbufs(&rq-
> >cmd_ring[i]);
> - }
> + if (rq == NULL)
> + return;
> +
> + /* Release both the cmd_rings mbufs */
> + for (i = 0; i < VMXNET3_RX_CMDRING_SIZE; i++)
> + vmxnet3_rx_cmd_ring_release_mbufs(&rq->cmd_ring[i]);
>
> ring0 = &rq->cmd_ring[0];
> ring1 = &rq->cmd_ring[1];
> @@ -287,8 +286,8 @@
>
> size = sizeof(struct Vmxnet3_RxDesc) * (ring0->size + ring1->size);
> size += sizeof(struct Vmxnet3_RxCompDesc) * comp_ring->size;
> - if (VMXNET3_VERSION_GE_3(hw) && rq->data_desc_size)
> - size += rq->data_desc_size * data_ring->size;
> + if (VMXNET3_VERSION_GE_3(rq->hw) && rq->data_desc_size)
> + size += rq->data_desc_size * rq->data_ring.size;
>
> memset(ring0->base, 0, size);
> }
> --
> 1.9.1
I am sorry, please ignore this mail.
More information about the dev
mailing list