diff mbox series

bus/pci: fix allocation of PCI device path

Message ID 20181123002945.36697-1-ferruh.yigit@intel.com (mailing list archive)
State Accepted, archived
Headers
Series bus/pci: fix allocation of PCI device path |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK
ci/mellanox-Performance-Testing success Performance Testing PASS
ci/intel-Performance-Testing success Performance Testing PASS

Commit Message

Ferruh Yigit Nov. 23, 2018, 12:29 a.m. UTC 
  The pci_resource_by_index called strlen() on uninitialized
memory which would lead to the wrong size of memory allocated
for the path portion of the resource map. This would either cause
excessively large allocation, or worse memory corruption.

Coverity Issue: 300868
Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
Cc: stable@dpdk.org

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
---
 drivers/bus/pci/linux/pci_uio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Thomas Monjalon Nov. 23, 2018, 10:45 a.m. UTC | #1 
Please, anyone for a review and a test?

23/11/2018 01:29, Ferruh Yigit:
> The pci_resource_by_index called strlen() on uninitialized
> memory which would lead to the wrong size of memory allocated
> for the path portion of the resource map. This would either cause
> excessively large allocation, or worse memory corruption.
> 
> Coverity Issue: 300868
> Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
> ---
>  drivers/bus/pci/linux/pci_uio.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/bus/pci/linux/pci_uio.c b/drivers/bus/pci/linux/pci_uio.c
> index a7c14421a..09ecbb7aa 100644
> --- a/drivers/bus/pci/linux/pci_uio.c
> +++ b/drivers/bus/pci/linux/pci_uio.c
> @@ -296,7 +296,7 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx,
>  	maps = uio_res->maps;
>  
>  	/* allocate memory to keep path */
> -	maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0);
> +	maps[map_idx].path = rte_malloc(NULL, sizeof(devname), 0);
>  	if (maps[map_idx].path == NULL) {
>  		RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n",
>  				strerror(errno));
>
Andrew Rybchenko Nov. 23, 2018, 10:55 a.m. UTC | #2 
On 11/23/18 1:45 PM, Thomas Monjalon wrote:
> Please, anyone for a review and a test?
>
> 23/11/2018 01:29, Ferruh Yigit:
>> The pci_resource_by_index called strlen() on uninitialized
>> memory which would lead to the wrong size of memory allocated
>> for the path portion of the resource map. This would either cause
>> excessively large allocation, or worse memory corruption.
>>
>> Coverity Issue: 300868
>> Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
>> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>

Reviewed-by: Andrew Rybchenko <arybchenko@solarflare.com>
Maxime Coquelin Nov. 23, 2018, 11:01 a.m. UTC | #3 
On 11/23/18 1:29 AM, Ferruh Yigit wrote:
> The pci_resource_by_index called strlen() on uninitialized
> memory which would lead to the wrong size of memory allocated
> for the path portion of the resource map. This would either cause
> excessively large allocation, or worse memory corruption.
> 
> Coverity Issue: 300868
> Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
> ---
>   drivers/bus/pci/linux/pci_uio.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/bus/pci/linux/pci_uio.c b/drivers/bus/pci/linux/pci_uio.c
> index a7c14421a..09ecbb7aa 100644
> --- a/drivers/bus/pci/linux/pci_uio.c
> +++ b/drivers/bus/pci/linux/pci_uio.c
> @@ -296,7 +296,7 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx,
>   	maps = uio_res->maps;
>   
>   	/* allocate memory to keep path */
> -	maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0);
> +	maps[map_idx].path = rte_malloc(NULL, sizeof(devname), 0);
>   	if (maps[map_idx].path == NULL) {
>   		RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n",
>   				strerror(errno));
> 

Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

Thanks,
Maxime
Thomas Monjalon Nov. 25, 2018, 10:53 a.m. UTC | #4 
23/11/2018 12:01, Maxime Coquelin:
> On 11/23/18 1:29 AM, Ferruh Yigit wrote:
> > The pci_resource_by_index called strlen() on uninitialized
> > memory which would lead to the wrong size of memory allocated
> > for the path portion of the resource map. This would either cause
> > excessively large allocation, or worse memory corruption.
> > 
> > Coverity Issue: 300868
> > Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
> > Cc: stable@dpdk.org
> > 
> > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> > Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
> 
> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

Applied, thanks
diff mbox series

Patch

diff --git a/drivers/bus/pci/linux/pci_uio.c b/drivers/bus/pci/linux/pci_uio.c
index a7c14421a..09ecbb7aa 100644
--- a/drivers/bus/pci/linux/pci_uio.c
+++ b/drivers/bus/pci/linux/pci_uio.c
@@ -296,7 +296,7 @@  pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx,
 	maps = uio_res->maps;
 
 	/* allocate memory to keep path */
-	maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0);
+	maps[map_idx].path = rte_malloc(NULL, sizeof(devname), 0);
 	if (maps[map_idx].path == NULL) {
 		RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n",
 				strerror(errno));