diff mbox series

[v3] net/i40e: fix out of bounds read issue

Message ID 20200513022645.37302-1-chenxux.di@intel.com (mailing list archive)
State Superseded, archived
Delegated to: xiaolong ye
Headers
Series [v3] net/i40e: fix out of bounds read issue |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK
ci/travis-robot success Travis build: passed
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-nxp-Performance success Performance Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-testing fail Testing issues

Commit Message

Chenxu Di May 13, 2020, 2:26 a.m. UTC 
  This patch fixes (out-of-bounds read) coverity issue.

Coverity issue: 357699
Coverity issue: 357694
Fixes: feaae285b342 ("net/i40e: support hash configuration in RSS flow")

Signed-off-by: Chenxu Di <chenxux.di@intel.com>
---
 drivers/net/i40e/i40e_ethdev.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Guo, Jia May 13, 2020, 6:51 a.m. UTC | #1 
hi, chenxu

On 5/13/2020 10:26 AM, Chenxu Di wrote:
> This patch fixes (out-of-bounds read) coverity issue.
>
> Coverity issue: 357699
> Coverity issue: 357694
> Fixes: feaae285b342 ("net/i40e: support hash configuration in RSS flow")
>
> Signed-off-by: Chenxu Di <chenxux.di@intel.com>
> ---
>   drivers/net/i40e/i40e_ethdev.c | 6 ++++++
>   1 file changed, 6 insertions(+)
>
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index 749d85f54..c2d5c6835 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -13179,6 +13179,9 @@ i40e_rss_config_hash_function(struct i40e_pf *pf,
>   				break;
>   		}
>   
> +		if (i == UINT64_BIT)
> +			return 0;
> +


Should this function need to return none zero value and show error info 
out, or said should considerate "out of bound" as a configure failed.


>   		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
>   		     j < I40E_FILTER_PCTYPE_MAX; j++) {
>   			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
> @@ -13311,6 +13314,9 @@ i40e_rss_clear_hash_function(struct i40e_pf *pf,
>   				break;
>   		}
>   
> +		if (i == UINT64_BIT)
> +			return 0;
> +
>   		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
>   		     j < I40E_FILTER_PCTYPE_MAX; j++) {
>   			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
Chenxu Di May 14, 2020, 1:16 a.m. UTC | #2 
Hi,



> -----Original Message-----
> From: Guo, Jia
> Sent: Wednesday, May 13, 2020 2:51 PM
> To: Di, ChenxuX <chenxux.di@intel.com>; dev@dpdk.org
> Cc: Xing, Beilei <beilei.xing@intel.com>
> Subject: Re: [PATCH v3] net/i40e: fix out of bounds read issue
> 
> hi, chenxu
> 
> On 5/13/2020 10:26 AM, Chenxu Di wrote:
> > This patch fixes (out-of-bounds read) coverity issue.
> >
> > Coverity issue: 357699
> > Coverity issue: 357694
> > Fixes: feaae285b342 ("net/i40e: support hash configuration in RSS
> > flow")
> >
> > Signed-off-by: Chenxu Di <chenxux.di@intel.com>
> > ---
> >   drivers/net/i40e/i40e_ethdev.c | 6 ++++++
> >   1 file changed, 6 insertions(+)
> >
> > diff --git a/drivers/net/i40e/i40e_ethdev.c
> > b/drivers/net/i40e/i40e_ethdev.c index 749d85f54..c2d5c6835 100644
> > --- a/drivers/net/i40e/i40e_ethdev.c
> > +++ b/drivers/net/i40e/i40e_ethdev.c
> > @@ -13179,6 +13179,9 @@ i40e_rss_config_hash_function(struct i40e_pf *pf,
> >   				break;
> >   		}
> >
> > +		if (i == UINT64_BIT)
> > +			return 0;
> > +
> 
> 
> Should this function need to return none zero value and show error info out, or
> said should considerate "out of bound" as a configure failed.
> 

It will just find the flow type and do the things. If not find the flow type, it just do nothing and return.

> 
> >   		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
> >   		     j < I40E_FILTER_PCTYPE_MAX; j++) {
> >   			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
> > @@ -13311,6 +13314,9 @@ i40e_rss_clear_hash_function(struct i40e_pf *pf,
> >   				break;
> >   		}
> >
> > +		if (i == UINT64_BIT)
> > +			return 0;
> > +
> >   		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
> >   		     j < I40E_FILTER_PCTYPE_MAX; j++) {
> >   			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
Guo, Jia May 14, 2020, 6:17 a.m. UTC | #3 
On 5/14/2020 9:16 AM, Di, ChenxuX wrote:
> Hi,
>
>
>
>> -----Original Message-----
>> From: Guo, Jia
>> Sent: Wednesday, May 13, 2020 2:51 PM
>> To: Di, ChenxuX <chenxux.di@intel.com>; dev@dpdk.org
>> Cc: Xing, Beilei <beilei.xing@intel.com>
>> Subject: Re: [PATCH v3] net/i40e: fix out of bounds read issue
>>
>> hi, chenxu
>>
>> On 5/13/2020 10:26 AM, Chenxu Di wrote:
>>> This patch fixes (out-of-bounds read) coverity issue.
>>>
>>> Coverity issue: 357699
>>> Coverity issue: 357694
>>> Fixes: feaae285b342 ("net/i40e: support hash configuration in RSS
>>> flow")
>>>
>>> Signed-off-by: Chenxu Di <chenxux.di@intel.com>
>>> ---
>>>    drivers/net/i40e/i40e_ethdev.c | 6 ++++++
>>>    1 file changed, 6 insertions(+)
>>>
>>> diff --git a/drivers/net/i40e/i40e_ethdev.c
>>> b/drivers/net/i40e/i40e_ethdev.c index 749d85f54..c2d5c6835 100644
>>> --- a/drivers/net/i40e/i40e_ethdev.c
>>> +++ b/drivers/net/i40e/i40e_ethdev.c
>>> @@ -13179,6 +13179,9 @@ i40e_rss_config_hash_function(struct i40e_pf *pf,
>>>    				break;
>>>    		}
>>>
>>> +		if (i == UINT64_BIT)
>>> +			return 0;
>>> +
>>
>> Should this function need to return none zero value and show error info out, or
>> said should considerate "out of bound" as a configure failed.
>>
> It will just find the flow type and do the things. If not find the flow type, it just do nothing and return.


i40e_rss_config_hash_function is return int value right, should it 
always return 0? Should the case of not finding be considerate as 
none-success config?


>>>    		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
>>>    		     j < I40E_FILTER_PCTYPE_MAX; j++) {
>>>    			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
>>> @@ -13311,6 +13314,9 @@ i40e_rss_clear_hash_function(struct i40e_pf *pf,
>>>    				break;
>>>    		}
>>>
>>> +		if (i == UINT64_BIT)
>>> +			return 0;
>>> +
>>>    		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
>>>    		     j < I40E_FILTER_PCTYPE_MAX; j++) {
>>>    			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
Chenxu Di May 14, 2020, 6:41 a.m. UTC | #4 
Hi 

> -----Original Message-----
> From: Guo, Jia
> Sent: Thursday, May 14, 2020 2:17 PM
> To: Di, ChenxuX <chenxux.di@intel.com>; dev@dpdk.org
> Cc: Xing, Beilei <beilei.xing@intel.com>
> Subject: Re: [PATCH v3] net/i40e: fix out of bounds read issue
> 
> 
> On 5/14/2020 9:16 AM, Di, ChenxuX wrote:
> > Hi,
> >
> >
> >
> >> -----Original Message-----
> >> From: Guo, Jia
> >> Sent: Wednesday, May 13, 2020 2:51 PM
> >> To: Di, ChenxuX <chenxux.di@intel.com>; dev@dpdk.org
> >> Cc: Xing, Beilei <beilei.xing@intel.com>
> >> Subject: Re: [PATCH v3] net/i40e: fix out of bounds read issue
> >>
> >> hi, chenxu
> >>
> >> On 5/13/2020 10:26 AM, Chenxu Di wrote:
> >>> This patch fixes (out-of-bounds read) coverity issue.
> >>>
> >>> Coverity issue: 357699
> >>> Coverity issue: 357694
> >>> Fixes: feaae285b342 ("net/i40e: support hash configuration in RSS
> >>> flow")
> >>>
> >>> Signed-off-by: Chenxu Di <chenxux.di@intel.com>
> >>> ---
> >>>    drivers/net/i40e/i40e_ethdev.c | 6 ++++++
> >>>    1 file changed, 6 insertions(+)
> >>>
> >>> diff --git a/drivers/net/i40e/i40e_ethdev.c
> >>> b/drivers/net/i40e/i40e_ethdev.c index 749d85f54..c2d5c6835 100644
> >>> --- a/drivers/net/i40e/i40e_ethdev.c
> >>> +++ b/drivers/net/i40e/i40e_ethdev.c
> >>> @@ -13179,6 +13179,9 @@ i40e_rss_config_hash_function(struct i40e_pf
> *pf,
> >>>    				break;
> >>>    		}
> >>>
> >>> +		if (i == UINT64_BIT)
> >>> +			return 0;
> >>> +
> >>
> >> Should this function need to return none zero value and show error
> >> info out, or said should considerate "out of bound" as a configure failed.
> >>
> > It will just find the flow type and do the things. If not find the flow type, it just
> do nothing and return.
> 
> 
> i40e_rss_config_hash_function is return int value right, should it always return 0?
> Should the case of not finding be considerate as none-success config?
> 

The original code has too many tabs (for->if->for->if ), it is over 90 words per line.
So just break and move it out .

After break the loop,
if the first loop go to the end without break, the value i will be 64 while the length of pf->adapter->pctypes_tbl is 64.
That is the reason of the out of bound which the original code will not cause.
 
Actually it will not happen the case of not finding. It is just the code fix the  out of bound caused by breaking the loop .


> 
> >>>    		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
> >>>    		     j < I40E_FILTER_PCTYPE_MAX; j++) {
> >>>    			if (pf->adapter->pctypes_tbl[i] & (1ULL << j)) @@ -
> 13311,6
> >>> +13314,9 @@ i40e_rss_clear_hash_function(struct i40e_pf *pf,
> >>>    				break;
> >>>    		}
> >>>
> >>> +		if (i == UINT64_BIT)
> >>> +			return 0;
> >>> +
> >>>    		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
> >>>    		     j < I40E_FILTER_PCTYPE_MAX; j++) {
> >>>    			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
diff mbox series

Patch

diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index 749d85f54..c2d5c6835 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -13179,6 +13179,9 @@  i40e_rss_config_hash_function(struct i40e_pf *pf,
 				break;
 		}
 
+		if (i == UINT64_BIT)
+			return 0;
+
 		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
 		     j < I40E_FILTER_PCTYPE_MAX; j++) {
 			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
@@ -13311,6 +13314,9 @@  i40e_rss_clear_hash_function(struct i40e_pf *pf,
 				break;
 		}
 
+		if (i == UINT64_BIT)
+			return 0;
+
 		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
 		     j < I40E_FILTER_PCTYPE_MAX; j++) {
 			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))