[dpdk-stable] [PATCH v2 1/1] raw/ifpga/base: check size before assigning

Aaron Conole aconole at redhat.com
Fri Apr 9 16:56:13 CEST 2021

Previous message (by thread): [dpdk-stable] [PATCH v2 1/1] raw/ifpga/base: check size before assigning
Next message (by thread): [dpdk-stable] [PATCH v2 1/1] raw/ifpga/base: check size before assigning
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ferruh Yigit <ferruh.yigit at intel.com> writes:

> On 4/8/2021 9:51 AM, Wei Huang wrote:
>> In max10_staging_area_init(), variable "size" from fdt_get_reg() may
>> be invalid, it should be checked before assigning to member variable
>> "staging_area_size" of structure "intel_max10_device".
>>
>> Coverity issue: 367480, 367482
>> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device driver")
>>
>> Signed-off-by: Wei Huang <wei.huang at intel.com>
>> ---
>> v2: check size before assigning to staging_area_size
>> ---
>>   drivers/raw/ifpga/base/opae_intel_max10.c | 2 +-
>>   drivers/raw/ifpga/base/opae_intel_max10.h | 1 +
>>   2 files changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c b/drivers/raw/ifpga/base/opae_intel_max10.c
>> index 443e248fb3..c223fafa03 100644
>> --- a/drivers/raw/ifpga/base/opae_intel_max10.c
>> +++ b/drivers/raw/ifpga/base/opae_intel_max10.c
>> @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct intel_max10_device *dev)
>>   			continue;
>>     		ret = fdt_get_reg(fdt_root, offset, 0, &start, &size);
>> -		if (!ret) {
>> +		if (!ret && (size <= MAX_STAGING_AREA_SIZE)) {
>>   			dev->staging_area_base = start;
>>   			dev->staging_area_size = size;
>>   		}
>> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h b/drivers/raw/ifpga/base/opae_intel_max10.h
>> index 670683f017..e7142d6f0d 100644
>> --- a/drivers/raw/ifpga/base/opae_intel_max10.h
>> +++ b/drivers/raw/ifpga/base/opae_intel_max10.h
>> @@ -182,6 +182,7 @@ struct opae_retimer_status {
>>   #define   SBUS_VERSION			GENMASK(31, 16)
>>     #define DFT_MAX_SIZE		0x7e0000
>> +#define MAX_STAGING_AREA_SIZE	0x3800000
>>     int max10_reg_read(struct intel_max10_device *dev,
>>   	unsigned int reg, unsigned int *val);
>>
>
> Hi Aaron, David,
>
> The data flow is complex for this coverity issues [1], at least I
> can't confirm that change fixes the issue.
>
> Are you aware of any way to confirm this coverity issue before merging it?

Not generically.  :-/

We need someone that understands the data flow and the coverity splat to
know that the fix is correct.  Coverity even ratelimits how many
outstanding submissions we can post, iirc, so we don't get to push patch
sets (unless we pay?  I don't recall if there's an option for that).

> [1]
> https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=100181086&defectInstanceId=14238477&mergedDefectId=367480

Previous message (by thread): [dpdk-stable] [PATCH v2 1/1] raw/ifpga/base: check size before assigning
Next message (by thread): [dpdk-stable] [PATCH v2 1/1] raw/ifpga/base: check size before assigning
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list