[v3,1/1] power: check freq count before filling the freqs array
Checks
Commit Message
The freqs array size is RTE_MAX_LCORE_FREQS. Before filling the
array with num_freqs elements, restrict the total num to
RTE_MAX_LCORE_FREQS. This fix aims to fix the coverity scan issue
like:
Overrunning array "pi->freqs" of 256 bytes by passing it to a
function which accesses it at byte offset 464.
Coverity issue: 371913
Fixes: ef1cc88f1837 ("power: support cppc_cpufreq driver")
Cc: richael.zhuang@arm.com
Cc: stable@dpdk.org
Signed-off-by: Richael Zhuang <richael.zhuang@arm.com>
---
lib/power/power_cppc_cpufreq.c | 5 +++++
lib/power/power_pstate_cpufreq.c | 5 +++++
2 files changed, 10 insertions(+)
Comments
Hi Richael,
On 23/7/2021 3:22 AM, Richael Zhuang wrote:
> The freqs array size is RTE_MAX_LCORE_FREQS. Before filling the
> array with num_freqs elements, restrict the total num to
> RTE_MAX_LCORE_FREQS. This fix aims to fix the coverity scan issue
> like:
> Overrunning array "pi->freqs" of 256 bytes by passing it to a
> function which accesses it at byte offset 464.
>
> Coverity issue: 371913
> Fixes: ef1cc88f1837 ("power: support cppc_cpufreq driver")
> Cc: richael.zhuang@arm.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Richael Zhuang <richael.zhuang@arm.com>
> ---
> lib/power/power_cppc_cpufreq.c | 5 +++++
> lib/power/power_pstate_cpufreq.c | 5 +++++
> 2 files changed, 10 insertions(+)
>
---snip---
LGTM to fix the coverity issue.
Acked-by: David Hunt <david.hunt@intel.com>
23/07/2021 10:37, David Hunt:
> Hi Richael,
>
> On 23/7/2021 3:22 AM, Richael Zhuang wrote:
> > The freqs array size is RTE_MAX_LCORE_FREQS. Before filling the
> > array with num_freqs elements, restrict the total num to
> > RTE_MAX_LCORE_FREQS. This fix aims to fix the coverity scan issue
> > like:
> > Overrunning array "pi->freqs" of 256 bytes by passing it to a
> > function which accesses it at byte offset 464.
> >
> > Coverity issue: 371913
> > Fixes: ef1cc88f1837 ("power: support cppc_cpufreq driver")
> > Cc: richael.zhuang@arm.com
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Richael Zhuang <richael.zhuang@arm.com>
>
> LGTM to fix the coverity issue.
>
> Acked-by: David Hunt <david.hunt@intel.com>
Removed the space before ":" and applied, thanks.
@@ -246,6 +246,11 @@ power_get_available_freqs(struct cppc_power_info *pi)
pi->nominal_perf * UNIT_DIFF : pi->nominal_perf;
num_freqs = (nominal_perf - scaling_min_freq) / BUS_FREQ + 1 +
pi->turbo_available;
+ if (num_freqs >= RTE_MAX_LCORE_FREQS) {
+ RTE_LOG(ERR, POWER, "Too many available frequencies : %d\n",
+ num_freqs);
+ goto out;
+ }
/* Generate the freq bucket array. */
for (i = 0, pi->nb_freqs = 0; i < num_freqs; i++) {
@@ -419,6 +419,11 @@ power_get_available_freqs(struct pstate_power_info *pi)
*/
num_freqs = (base_max_freq - sys_min_freq) / BUS_FREQ + 1 +
pi->turbo_available;
+ if (num_freqs >= RTE_MAX_LCORE_FREQS) {
+ RTE_LOG(ERR, POWER, "Too many available frequencies : %d\n",
+ num_freqs);
+ goto out;
+ }
/* Generate the freq bucket array.
* If turbo is available the freq bucket[0] value is base_max +1