[v3,1/8] bus/fslmc: fix dereferencing null pointer
Checks
Commit Message
From: Apeksha Gupta <apeksha.gupta@nxp.com>
This patch fixees the nxp internal coverity reported
null pointer dereferncing issue.
Fixes: 6fef517e17cf ("bus/fslmc: add qman HW fq query count API")
Cc: stable@dpdk.org
Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
---
drivers/bus/fslmc/qbman/qbman_debug.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
Comments
On 5/4/2020 1:41 PM, Hemant Agrawal wrote:
> From: Apeksha Gupta <apeksha.gupta@nxp.com>
>
> This patch fixees the nxp internal coverity reported
> null pointer dereferncing issue.
What is the coverity issue number? Can you please put it into commit log as
"Coverity issue: ###" format.
>
> Fixes: 6fef517e17cf ("bus/fslmc: add qman HW fq query count API")
> Cc: stable@dpdk.org
>
> Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
On 5/6/2020 10:08 PM, Ferruh Yigit wrote:
> On 5/4/2020 1:41 PM, Hemant Agrawal wrote:
>> From: Apeksha Gupta <apeksha.gupta@nxp.com>
>>
>> This patch fixees the nxp internal coverity reported
>> null pointer dereferncing issue.
>
> What is the coverity issue number? Can you please put it into commit log as
> "Coverity issue: ###" format.
Ahh, it says internal coverity, we need number only for public coverity, isn't
same issue reported on public coverity? If so we need that number.
>
>>
>> Fixes: 6fef517e17cf ("bus/fslmc: add qman HW fq query count API")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
>
On 5/4/2020 1:41 PM, Hemant Agrawal wrote:
> From: Apeksha Gupta <apeksha.gupta@nxp.com>
>
> This patch fixees the nxp internal coverity reported
> null pointer dereferncing issue.
>
> Fixes: 6fef517e17cf ("bus/fslmc: add qman HW fq query count API")
> Cc: stable@dpdk.org
>
> Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com>
> ---
> drivers/bus/fslmc/qbman/qbman_debug.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/bus/fslmc/qbman/qbman_debug.c b/drivers/bus/fslmc/qbman/qbman_debug.c
> index 0bb2ce880f..34374ae4b6 100644
> --- a/drivers/bus/fslmc/qbman/qbman_debug.c
> +++ b/drivers/bus/fslmc/qbman/qbman_debug.c
> @@ -20,26 +20,27 @@ struct qbman_fq_query_desc {
> uint8_t verb;
> uint8_t reserved[3];
> uint32_t fqid;
> - uint8_t reserved2[57];
> + uint8_t reserved2[56];
Is decreasing 'reserved2' size related to null pointer de-referencing? This
looks unrelated.
> };
>
> int qbman_fq_query_state(struct qbman_swp *s, uint32_t fqid,
> struct qbman_fq_query_np_rslt *r)
> {
> struct qbman_fq_query_desc *p;
> + struct qbman_fq_query_np_rslt *var;
>
> p = (struct qbman_fq_query_desc *)qbman_swp_mc_start(s);
> if (!p)
> return -EBUSY;
>
> p->fqid = fqid;
> - *r = *(struct qbman_fq_query_np_rslt *)qbman_swp_mc_complete(s, p,
> - QBMAN_FQ_QUERY_NP);
> - if (!r) {
> + var = qbman_swp_mc_complete(s, p, QBMAN_FQ_QUERY_NP);
> + if (!var) {
> pr_err("qbman: Query FQID %d NP fields failed, no response\n",
> fqid);
> return -EIO;
> }
> + *r = *var;
>
> /* Decode the outcome */
> QBMAN_BUG_ON((r->verb & QBMAN_RESPONSE_VERB_MASK) != QBMAN_FQ_QUERY_NP);
>
@@ -20,26 +20,27 @@ struct qbman_fq_query_desc {
uint8_t verb;
uint8_t reserved[3];
uint32_t fqid;
- uint8_t reserved2[57];
+ uint8_t reserved2[56];
};
int qbman_fq_query_state(struct qbman_swp *s, uint32_t fqid,
struct qbman_fq_query_np_rslt *r)
{
struct qbman_fq_query_desc *p;
+ struct qbman_fq_query_np_rslt *var;
p = (struct qbman_fq_query_desc *)qbman_swp_mc_start(s);
if (!p)
return -EBUSY;
p->fqid = fqid;
- *r = *(struct qbman_fq_query_np_rslt *)qbman_swp_mc_complete(s, p,
- QBMAN_FQ_QUERY_NP);
- if (!r) {
+ var = qbman_swp_mc_complete(s, p, QBMAN_FQ_QUERY_NP);
+ if (!var) {
pr_err("qbman: Query FQID %d NP fields failed, no response\n",
fqid);
return -EIO;
}
+ *r = *var;
/* Decode the outcome */
QBMAN_BUG_ON((r->verb & QBMAN_RESPONSE_VERB_MASK) != QBMAN_FQ_QUERY_NP);