diff mbox series

[v3,1/1] power: check freq count before filling the freqs array

Message ID 20210723022242.8092-2-richael.zhuang@arm.com (mailing list archive)
State Accepted, archived
Headers
Series power: check freq count before filling the freqs array |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/github-robot success github build: passed
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-abi-testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/iol-testing success Testing PASS

Commit Message

Richael Zhuang July 23, 2021, 2:22 a.m. UTC 
  The freqs array size is RTE_MAX_LCORE_FREQS. Before filling the
array with num_freqs elements, restrict the total num to
RTE_MAX_LCORE_FREQS. This fix aims to fix the coverity scan issue
like:
Overrunning array "pi->freqs" of 256 bytes by passing it to a
function which accesses it at byte offset 464.

Coverity issue: 371913
Fixes: ef1cc88f1837 ("power: support cppc_cpufreq driver")
Cc: richael.zhuang@arm.com
Cc: stable@dpdk.org

Signed-off-by: Richael Zhuang <richael.zhuang@arm.com>
---
 lib/power/power_cppc_cpufreq.c   | 5 +++++
 lib/power/power_pstate_cpufreq.c | 5 +++++
 2 files changed, 10 insertions(+)

Comments

Hunt, David July 23, 2021, 8:37 a.m. UTC | #1 
Hi Richael,

On 23/7/2021 3:22 AM, Richael Zhuang wrote:
> The freqs array size is RTE_MAX_LCORE_FREQS. Before filling the
> array with num_freqs elements, restrict the total num to
> RTE_MAX_LCORE_FREQS. This fix aims to fix the coverity scan issue
> like:
> Overrunning array "pi->freqs" of 256 bytes by passing it to a
> function which accesses it at byte offset 464.
>
> Coverity issue: 371913
> Fixes: ef1cc88f1837 ("power: support cppc_cpufreq driver")
> Cc: richael.zhuang@arm.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Richael Zhuang <richael.zhuang@arm.com>
> ---
>   lib/power/power_cppc_cpufreq.c   | 5 +++++
>   lib/power/power_pstate_cpufreq.c | 5 +++++
>   2 files changed, 10 insertions(+)
>
---snip---

LGTM to fix the coverity issue.

Acked-by: David Hunt <david.hunt@intel.com>
Thomas Monjalon July 24, 2021, 8:11 a.m. UTC | #2 
23/07/2021 10:37, David Hunt:
> Hi Richael,
> 
> On 23/7/2021 3:22 AM, Richael Zhuang wrote:
> > The freqs array size is RTE_MAX_LCORE_FREQS. Before filling the
> > array with num_freqs elements, restrict the total num to
> > RTE_MAX_LCORE_FREQS. This fix aims to fix the coverity scan issue
> > like:
> > Overrunning array "pi->freqs" of 256 bytes by passing it to a
> > function which accesses it at byte offset 464.
> >
> > Coverity issue: 371913
> > Fixes: ef1cc88f1837 ("power: support cppc_cpufreq driver")
> > Cc: richael.zhuang@arm.com
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Richael Zhuang <richael.zhuang@arm.com>
> 
> LGTM to fix the coverity issue.
> 
> Acked-by: David Hunt <david.hunt@intel.com>

Removed the space before ":" and applied, thanks.
diff mbox series

Patch

diff --git a/lib/power/power_cppc_cpufreq.c b/lib/power/power_cppc_cpufreq.c
index e92973ab54..db63c2cc10 100644
--- a/lib/power/power_cppc_cpufreq.c
+++ b/lib/power/power_cppc_cpufreq.c
@@ -246,6 +246,11 @@  power_get_available_freqs(struct cppc_power_info *pi)
 			pi->nominal_perf * UNIT_DIFF : pi->nominal_perf;
 	num_freqs = (nominal_perf - scaling_min_freq) / BUS_FREQ + 1 +
 		pi->turbo_available;
+	if (num_freqs >= RTE_MAX_LCORE_FREQS) {
+		RTE_LOG(ERR, POWER, "Too many available frequencies : %d\n",
+				num_freqs);
+		goto out;
+	}
 
 	/* Generate the freq bucket array. */
 	for (i = 0, pi->nb_freqs = 0; i < num_freqs; i++) {
diff --git a/lib/power/power_pstate_cpufreq.c b/lib/power/power_pstate_cpufreq.c
index 3b607515fd..619090c8d1 100644
--- a/lib/power/power_pstate_cpufreq.c
+++ b/lib/power/power_pstate_cpufreq.c
@@ -419,6 +419,11 @@  power_get_available_freqs(struct pstate_power_info *pi)
 	 */
 	num_freqs = (base_max_freq - sys_min_freq) / BUS_FREQ + 1 +
 		pi->turbo_available;
+	if (num_freqs >= RTE_MAX_LCORE_FREQS) {
+		RTE_LOG(ERR, POWER, "Too many available frequencies : %d\n",
+				num_freqs);
+		goto out;
+	}
 
 	/* Generate the freq bucket array.
 	 * If turbo is available the freq bucket[0] value is base_max +1