[dpdk-stable] [PATCH] raw/ifpga: fix use of untrusted scalar value

Zhang, Tianfei tianfei.zhang at intel.com
Fri May 17 07:43:48 CEST 2019
Previous message: [dpdk-stable] [PATCH] raw/ifpga: fix use of untrusted scalar value
Next message: [dpdk-stable] [PATCH] raw/ifpga: fix logically dead code
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Xu, Rosen
> Sent: Friday, May 17, 2019 12:46 PM
> To: Zhang, Tianfei <tianfei.zhang at intel.com>
> Cc: Pei, Andy <andy.pei at intel.com>; stable at dpdk.org
> Subject: RE: [PATCH] raw/ifpga: fix use of untrusted scalar value
> 
> Hi Tianfei,
> 
> For Coverity issue: 279449, my opinion is to check buffer size not only take
> const to project content of buffer.

This content of buffer cannot be change, so use const is better.
> 
> > -----Original Message-----
> > From: Zhang, Tianfei
> > Sent: Friday, May 17, 2019 17:06
> > To: Xu, Rosen <rosen.xu at intel.com>
> > Cc: Pei, Andy <andy.pei at intel.com>; Zhang, Tianfei
> > <tianfei.zhang at intel.com>; stable at dpdk.org; Zhang
> > Subject: [PATCH] raw/ifpga: fix use of untrusted scalar value
> >
> > Add checking the buffer size and use
> > const char * for buffer declaration.
> >
> > Coverity issue: 279449
> > Cc: stable at dpdk.org
> >
> > Signed-off-by: Zhang, Tianfei <tianfei.zhang at intel.com>
> > ---
> >  drivers/raw/ifpga_rawdev/base/ifpga_api.c     |  4 +--
> >  drivers/raw/ifpga_rawdev/base/ifpga_api.h     |  2 +-
> >  .../raw/ifpga_rawdev/base/ifpga_feature_dev.h |  2 +-
> > drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c  | 27 +++++++++++--------
> >  drivers/raw/ifpga_rawdev/base/opae_hw_api.c   |  4 +--
> >  drivers/raw/ifpga_rawdev/base/opae_hw_api.h   |  4 +--
> >  drivers/raw/ifpga_rawdev/ifpga_rawdev.c       |  7 ++++-
> >  7 files changed, 30 insertions(+), 20 deletions(-)
> >
> > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> > b/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> > index 3ddbcdc2a..53d101daf 100644
> > --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.c
> > @@ -182,7 +182,7 @@ struct opae_bridge_ops ifpga_br_ops = {  };
> >
> >  /* Manager APIs */
> > -static int ifpga_mgr_flash(struct opae_manager *mgr, int id, void
> > *buf,
> > +static int ifpga_mgr_flash(struct opae_manager *mgr, int id, const
> > +char *buf,
> >  			   u32 size, u64 *status)
> >  {
> >  	struct ifpga_fme_hw *fme = mgr->data; @@ -324,7 +324,7 @@ struct
> > opae_adapter_ops ifpga_adapter_ops = {
> >   *   - 0: Success, partial reconfiguration finished.
> >   *   - <0: Error code returned in partial reconfiguration.
> >   **/
> > -int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32
> > size,
> > +int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
> > +u32 size,
> >  	     u64 *status)
> >  {
> >  	if (!is_valid_port_id(hw, port_id))
> > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> > b/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> > index 4a247698c..051ab8276 100644
> > --- a/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_api.h
> > @@ -23,7 +23,7 @@ int ifpga_set_irq(struct ifpga_hw *hw, u32 fiu_id,
> > u32 port_id,
> >  		  u32 feature_id, void *irq_set);
> >
> >  /* FME APIs */
> > -int ifpga_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32
> > size,
> > +int ifpga_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
> > +u32 size,
> >  	     u64 *status);
> >
> >  #endif /* _IFPGA_API_H_ */
> > diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> > b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> > index bb9fcc289..e243d4273 100644
> > --- a/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_feature_dev.h
> > @@ -149,7 +149,7 @@ static inline int fpga_port_reset(struct
> > ifpga_port_hw
> > *port)
> >  	return ret;
> >  }
> >
> > -int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> > +int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer, u32
> > +size,
> >  	  u64 *status);
> >
> >  int fme_get_prop(struct ifpga_fme_hw *fme, struct feature_prop
> > *prop); diff --git a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> > b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> > index efa72660f..9997942d2 100644
> > --- a/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> > +++ b/drivers/raw/ifpga_rawdev/base/ifpga_fme_pr.c
> > @@ -223,8 +223,8 @@ static int fpga_pr_buf_load(struct ifpga_fme_hw
> > *fme_dev,
> >  	return 0;
> >  }
> >
> > -static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> > -		  u64 *status)
> > +static int fme_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
> > +		u32 size, u64 *status)
> >  {
> >  	struct feature_fme_header *fme_hdr;
> >  	struct feature_fme_capability fme_capability; @@ -269,7 +269,7 @@
> > static int fme_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> >  	/* Disable Port before PR */
> >  	fpga_port_disable(port);
> >
> > -	ret = fpga_pr_buf_load(fme, &info, (void *)buffer, size);
> > +	ret = fpga_pr_buf_load(fme, &info, buffer, size);
> >
> >  	*status = info.pr_err;
> >
> > @@ -280,27 +280,32 @@ static int fme_pr(struct ifpga_hw *hw, u32
> > port_id, void *buffer, u32 size,
> >  	return ret;
> >  }
> >
> > -int do_pr(struct ifpga_hw *hw, u32 port_id, void *buffer, u32 size,
> > u64
> > *status)
> > +int do_pr(struct ifpga_hw *hw, u32 port_id, const char *buffer,
> > +		u32 size, u64 *status)
> >  {
> > -	struct bts_header *bts_hdr;
> > -	void *buf;
> > +	const struct bts_header *bts_hdr;
> > +	const char *buf;
> >  	struct ifpga_port_hw *port;
> >  	int ret;
> > +	u32 header_size;
> >
> >  	if (!buffer || size == 0) {
> >  		dev_err(hw, "invalid parameter\n");
> >  		return -EINVAL;
> >  	}
> >
> > -	bts_hdr = (struct bts_header *)buffer;
> > +	bts_hdr = (const struct bts_header *)buffer;
> >
> >  	if (is_valid_bts(bts_hdr)) {
> >  		dev_info(hw, "this is a valid bitsteam..\n");
> > -		size -= (sizeof(struct bts_header) +
> > -				     bts_hdr->metadata_len);
> > -		buf = (u8 *)buffer + sizeof(struct bts_header) +
> > -			       bts_hdr->metadata_len;
> > +		header_size = sizeof(struct bts_header) +
> > +			bts_hdr->metadata_len;
> > +		if (size < header_size)
> > +			return -EINVAL;
> > +		size -= header_size;
> > +		buf = buffer + header_size;
> >  	} else {
> > +		dev_err(hw, "this is an invalid bitstream..\n");
> >  		return -EINVAL;
> >  	}
> >
> > diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> > b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> > index 0e117d05e..8964e7984 100644
> > --- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> > +++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.c
> > @@ -244,8 +244,8 @@ opae_manager_alloc(const char *name, struct
> > opae_manager_ops *ops,
> >   *
> >   * Return: 0 on success, otherwise error code.
> >   */
> > -int opae_manager_flash(struct opae_manager *mgr, int id, void *buf,
> > u32 size,
> > -		       u64 *status)
> > +int opae_manager_flash(struct opae_manager *mgr, int id, const char
> *buf,
> > +		u32 size, u64 *status)
> >  {
> >  	if (!mgr)
> >  		return -EINVAL;
> > diff --git a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> > b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> > index 383e751cb..63405a471 100644
> > --- a/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> > +++ b/drivers/raw/ifpga_rawdev/base/opae_hw_api.h
> > @@ -44,7 +44,7 @@ struct opae_manager {
> >
> >  /* FIXME: add more management ops, e.g power/thermal and etc */
> > struct opae_manager_ops {
> > -	int (*flash)(struct opae_manager *mgr, int id, void *buffer,
> > +	int (*flash)(struct opae_manager *mgr, int id, const char *buffer,
> >  		     u32 size, u64 *status);
> >  	int (*get_eth_group_region_info)(struct opae_manager *mgr,
> >  			struct opae_eth_group_region_info *info); @@ -74,7
> > +74,7 @@ struct opae_manager *  opae_manager_alloc(const char
> *name,
> > struct opae_manager_ops *ops,
> >  		struct opae_manager_networking_ops *network_ops, void *data);
> > #define opae_manager_free(mgr) opae_free(mgr) -int
> > opae_manager_flash(struct opae_manager *mgr, int acc_id, void *buf,
> > +int opae_manager_flash(struct opae_manager *mgr, int acc_id, const
> > +char *buf,
> >  		       u32 size, u64 *status);
> >  int opae_manager_get_eth_group_region_info(struct opae_manager
> *mgr,
> >  		u8 group_id, struct opae_eth_group_region_info *info); diff - -git
> > a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> > b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> > index 41be1a205..01aa917de 100644
> > --- a/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> > +++ b/drivers/raw/ifpga_rawdev/ifpga_rawdev.c
> > @@ -225,7 +225,7 @@ ifpga_rawdev_reset(struct rte_rawdev *dev)  }
> >
> >  static int
> > -fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, u64 *buffer, u32
> > size,
> > +fpga_pr(struct rte_rawdev *raw_dev, u32 port_id, const char *buffer,
> > +u32 size,
> >  			u64 *status)
> >  {
> >
> > @@ -296,6 +296,11 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int
> > port_id,
> >  		goto close_fd;
> >  	}
> >  	buffer_size = file_stat.st_size;
> > +	if (buffer_size <= 0) {
> > +		ret = -EINVAL;
> > +		goto close_fd;
> > +	}
> > +
> >  	IFPGA_RAWDEV_PMD_INFO("bitstream file size: %zu\n", buffer_size);
> >  	buffer = rte_malloc(NULL, buffer_size, 0);
> >  	if (!buffer) {
> > --
> > 2.17.1
Previous message: [dpdk-stable] [PATCH] raw/ifpga: fix use of untrusted scalar value
Next message: [dpdk-stable] [PATCH] raw/ifpga: fix logically dead code
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the stable mailing list