patch 'vdpa/ifc/base: fix null pointer dereference' has been queued to stable release 21.11.2

Pei, Andy andy.pei at intel.com
Wed Jul 13 04:13:00 CEST 2022

Previous message (by thread): patch 'vdpa/ifc/base: fix null pointer dereference' has been queued to stable release 21.11.2
Next message (by thread): patch 'vdpa/sfc: resolve race between vhost lib and device conf' has been queued to stable release 21.11.2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks Luca.

> -----Original Message-----
> From: luca.boccassi at gmail.com <luca.boccassi at gmail.com>
> Sent: Wednesday, July 13, 2022 3:24 AM
> To: Pei, Andy <andy.pei at intel.com>
> Cc: Maxime Coquelin <maxime.coquelin at redhat.com>; dpdk stable
> <stable at dpdk.org>
> Subject: patch 'vdpa/ifc/base: fix null pointer dereference' has been queued to
> stable release 21.11.2
> 
> Hi,
> 
> FYI, your patch has been queued to stable release 21.11.2
> 
> Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
> It will be pushed if I get no objections before 07/14/22. So please shout if
> anyone has objections.
> 
> Also note that after the patch there's a diff of the upstream commit vs the patch
> applied to the branch. This will indicate if there was any rebasing needed to
> apply to the stable branch. If there were code changes for rebasing
> (ie: not only metadata diffs), please double check that the rebase was correctly
> done.
> 
> Queued patches are on a temporary branch at:
> https://github.com/kevintraynor/dpdk-stable
> 
> This queued commit can be viewed at:
> https://github.com/kevintraynor/dpdk-
> stable/commit/06b246ead61adaf7e92282f0b386d42469095894
> 
> Thanks.
> 
> Luca Boccassi
> 
> ---
> From 06b246ead61adaf7e92282f0b386d42469095894 Mon Sep 17 00:00:00
> 2001
> From: Andy Pei <andy.pei at intel.com>
> Date: Fri, 8 Jul 2022 13:57:41 +0800
> Subject: [PATCH] vdpa/ifc/base: fix null pointer dereference
> 
> [ upstream commit 60600018d3c6ae9ab4c24f9acb5c213bf9a21aaf ]
> 
> Fix null pointer dereference reported in coverity scan.
> Output some log information when lm_cfg is null.
> Make sure lm_cfg is not null before operate on lm_cfg.
> 
> Coverity issue: 378882
> Fixes: d7fe5a2861e7 ("net/ifc: support live migration")
> 
> Signed-off-by: Andy Pei <andy.pei at intel.com>
> Reviewed-by: Maxime Coquelin <maxime.coquelin at redhat.com>
> ---
>  drivers/vdpa/ifc/base/ifcvf.c       | 17 +++++++++++++----
>  drivers/vdpa/ifc/base/ifcvf_osdep.h |  1 +
>  2 files changed, 14 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/vdpa/ifc/base/ifcvf.c b/drivers/vdpa/ifc/base/ifcvf.c index
> d10c1fd6a4..f3c29f94b3 100644
> --- a/drivers/vdpa/ifc/base/ifcvf.c
> +++ b/drivers/vdpa/ifc/base/ifcvf.c
> @@ -87,6 +87,8 @@ next:
>  	}
> 
>  	hw->lm_cfg = hw->mem_resource[4].addr;
> +	if (!hw->lm_cfg)
> +		WARNINGOUT("HW support live migration not support!\n");
> 
>  	if (hw->common_cfg == NULL || hw->notify_base == NULL ||
>  			hw->isr == NULL || hw->dev_cfg == NULL) { @@ -
> 218,10 +220,12 @@ ifcvf_hw_enable(struct ifcvf_hw *hw)
>  				&cfg->queue_used_hi);
>  		IFCVF_WRITE_REG16(hw->vring[i].size, &cfg->queue_size);
> 
> -		*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> -				(i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) * 4) =
> -			(u32)hw->vring[i].last_avail_idx |
> -			((u32)hw->vring[i].last_used_idx << 16);
> +		if (lm_cfg) {
> +			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> +					(i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) *
> 4) =
> +				(u32)hw->vring[i].last_avail_idx |
> +				((u32)hw->vring[i].last_used_idx << 16);
> +		}
> 
>  		IFCVF_WRITE_REG16(i + 1, &cfg->queue_msix_vector);
>  		if (IFCVF_READ_REG16(&cfg->queue_msix_vector) == @@ -
> 291,6 +295,8 @@ ifcvf_enable_logging(struct ifcvf_hw *hw, u64 log_base, u64
> log_size)
>  	u8 *lm_cfg;
> 
>  	lm_cfg = hw->lm_cfg;
> +	if (!lm_cfg)
> +		return;
> 
>  	*(u32 *)(lm_cfg + IFCVF_LM_BASE_ADDR_LOW) =
>  		log_base & IFCVF_32_BIT_MASK;
> @@ -313,6 +319,9 @@ ifcvf_disable_logging(struct ifcvf_hw *hw)
>  	u8 *lm_cfg;
> 
>  	lm_cfg = hw->lm_cfg;
> +	if (!lm_cfg)
> +		return;
> +
>  	*(u32 *)(lm_cfg + IFCVF_LM_LOGGING_CTRL) = IFCVF_LM_DISABLE;  }
> 
> diff --git a/drivers/vdpa/ifc/base/ifcvf_osdep.h
> b/drivers/vdpa/ifc/base/ifcvf_osdep.h
> index 6aef25ea45..3d567695cc 100644
> --- a/drivers/vdpa/ifc/base/ifcvf_osdep.h
> +++ b/drivers/vdpa/ifc/base/ifcvf_osdep.h
> @@ -14,6 +14,7 @@
>  #include <rte_log.h>
>  #include <rte_io.h>
> 
> +#define WARNINGOUT(S, args...)  RTE_LOG(WARNING, PMD, S, ##args)
>  #define DEBUGOUT(S, args...)    RTE_LOG(DEBUG, PMD, S, ##args)
>  #define STATIC                  static
> 
> --
> 2.34.1
> 
> ---
>   Diff of the applied patch vs upstream commit (please double-check if non-
> empty:
> ---
> --- -	2022-07-12 20:22:33.817657799 +0100
> +++ 0003-vdpa-ifc-base-fix-null-pointer-dereference.patch	2022-07-12
> 20:22:33.709247162 +0100
> @@ -1 +1 @@
> -From 60600018d3c6ae9ab4c24f9acb5c213bf9a21aaf Mon Sep 17 00:00:00
> 2001
> +From 06b246ead61adaf7e92282f0b386d42469095894 Mon Sep 17 00:00:00
> 2001
> @@ -5,0 +6,2 @@
> +[ upstream commit 60600018d3c6ae9ab4c24f9acb5c213bf9a21aaf ]
> +
> @@ -12 +13,0 @@
> -Cc: stable at dpdk.org
> @@ -17 +18 @@
> - drivers/vdpa/ifc/base/ifcvf.c       | 31 +++++++++++++++++++----------
> + drivers/vdpa/ifc/base/ifcvf.c       | 17 +++++++++++++----
> @@ -19 +20 @@
> - 2 files changed, 21 insertions(+), 11 deletions(-)
> + 2 files changed, 14 insertions(+), 4 deletions(-)
> @@ -22 +23 @@
> -index 0a9f71a960..f1e1474447 100644
> +index d10c1fd6a4..f3c29f94b3 100644
> @@ -34 +35 @@
> -@@ -218,17 +220,19 @@ ifcvf_hw_enable(struct ifcvf_hw *hw)
> +@@ -218,10 +220,12 @@ ifcvf_hw_enable(struct ifcvf_hw *hw)
> @@ -38,11 +39,4 @@
> --		if (hw->device_type == IFCVF_BLK)
> --			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> --				i * IFCVF_LM_CFG_SIZE) =
> --				(u32)hw->vring[i].last_avail_idx |
> --				((u32)hw->vring[i].last_used_idx << 16);
> --		else
> --			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> --				(i / 2) * IFCVF_LM_CFG_SIZE +
> --				(i % 2) * 4) =
> --				(u32)hw->vring[i].last_avail_idx |
> --				((u32)hw->vring[i].last_used_idx << 16);
> +-		*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> +-				(i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) * 4) =
> +-			(u32)hw->vring[i].last_avail_idx |
> +-			((u32)hw->vring[i].last_used_idx << 16);
> @@ -50,11 +44,4 @@
> -+			if (hw->device_type == IFCVF_BLK)
> -+				*(u32 *)(lm_cfg +
> IFCVF_LM_RING_STATE_OFFSET +
> -+					i * IFCVF_LM_CFG_SIZE) =
> -+					(u32)hw->vring[i].last_avail_idx |
> -+					((u32)hw->vring[i].last_used_idx << 16);
> -+			else
> -+				*(u32 *)(lm_cfg +
> IFCVF_LM_RING_STATE_OFFSET +
> -+					(i / 2) * IFCVF_LM_CFG_SIZE +
> -+					(i % 2) * 4) =
> -+					(u32)hw->vring[i].last_avail_idx |
> -+					((u32)hw->vring[i].last_used_idx << 16);
> ++			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
> ++					(i / 2) * IFCVF_LM_CFG_SIZE + (i % 2) *
> 4) =
> ++				(u32)hw->vring[i].last_avail_idx |
> ++				((u32)hw->vring[i].last_used_idx << 16);
> @@ -65 +52 @@
> -@@ -320,6 +324,8 @@ ifcvf_enable_logging(struct ifcvf_hw *hw, u64
> log_base, u64 log_size)
> +@@ -291,6 +295,8 @@ ifcvf_enable_logging(struct ifcvf_hw *hw, u64
> +log_base, u64 log_size)
> @@ -74 +61 @@
> -@@ -342,6 +348,9 @@ ifcvf_disable_logging(struct ifcvf_hw *hw)
> +@@ -313,6 +319,9 @@ ifcvf_disable_logging(struct ifcvf_hw *hw)

Previous message (by thread): patch 'vdpa/ifc/base: fix null pointer dereference' has been queued to stable release 21.11.2
Next message (by thread): patch 'vdpa/sfc: resolve race between vhost lib and device conf' has been queued to stable release 21.11.2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list