bus/pci: fix allocation of PCI device path
Checks
Commit Message
The pci_resource_by_index called strlen() on uninitialized
memory which would lead to the wrong size of memory allocated
for the path portion of the resource map. This would either cause
excessively large allocation, or worse memory corruption.
Coverity Issue: 300868
Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
---
drivers/bus/pci/linux/pci_uio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Please, anyone for a review and a test?
23/11/2018 01:29, Ferruh Yigit:
> The pci_resource_by_index called strlen() on uninitialized
> memory which would lead to the wrong size of memory allocated
> for the path portion of the resource map. This would either cause
> excessively large allocation, or worse memory corruption.
>
> Coverity Issue: 300868
> Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
> Cc: stable@dpdk.org
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
> ---
> drivers/bus/pci/linux/pci_uio.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/bus/pci/linux/pci_uio.c b/drivers/bus/pci/linux/pci_uio.c
> index a7c14421a..09ecbb7aa 100644
> --- a/drivers/bus/pci/linux/pci_uio.c
> +++ b/drivers/bus/pci/linux/pci_uio.c
> @@ -296,7 +296,7 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx,
> maps = uio_res->maps;
>
> /* allocate memory to keep path */
> - maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0);
> + maps[map_idx].path = rte_malloc(NULL, sizeof(devname), 0);
> if (maps[map_idx].path == NULL) {
> RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n",
> strerror(errno));
>
On 11/23/18 1:45 PM, Thomas Monjalon wrote:
> Please, anyone for a review and a test?
>
> 23/11/2018 01:29, Ferruh Yigit:
>> The pci_resource_by_index called strlen() on uninitialized
>> memory which would lead to the wrong size of memory allocated
>> for the path portion of the resource map. This would either cause
>> excessively large allocation, or worse memory corruption.
>>
>> Coverity Issue: 300868
>> Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
>> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Reviewed-by: Andrew Rybchenko <arybchenko@solarflare.com>
On 11/23/18 1:29 AM, Ferruh Yigit wrote:
> The pci_resource_by_index called strlen() on uninitialized
> memory which would lead to the wrong size of memory allocated
> for the path portion of the resource map. This would either cause
> excessively large allocation, or worse memory corruption.
>
> Coverity Issue: 300868
> Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
> Cc: stable@dpdk.org
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
> ---
> drivers/bus/pci/linux/pci_uio.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/bus/pci/linux/pci_uio.c b/drivers/bus/pci/linux/pci_uio.c
> index a7c14421a..09ecbb7aa 100644
> --- a/drivers/bus/pci/linux/pci_uio.c
> +++ b/drivers/bus/pci/linux/pci_uio.c
> @@ -296,7 +296,7 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx,
> maps = uio_res->maps;
>
> /* allocate memory to keep path */
> - maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0);
> + maps[map_idx].path = rte_malloc(NULL, sizeof(devname), 0);
> if (maps[map_idx].path == NULL) {
> RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n",
> strerror(errno));
>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Thanks,
Maxime
23/11/2018 12:01, Maxime Coquelin:
> On 11/23/18 1:29 AM, Ferruh Yigit wrote:
> > The pci_resource_by_index called strlen() on uninitialized
> > memory which would lead to the wrong size of memory allocated
> > for the path portion of the resource map. This would either cause
> > excessively large allocation, or worse memory corruption.
> >
> > Coverity Issue: 300868
> > Fixes: ea9d56226e72 ("pci: introduce function to map uio resource by index")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> > Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
>
> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Applied, thanks
@@ -296,7 +296,7 @@ pci_uio_map_resource_by_index(struct rte_pci_device *dev, int res_idx,
maps = uio_res->maps;
/* allocate memory to keep path */
- maps[map_idx].path = rte_malloc(NULL, strlen(devname) + 1, 0);
+ maps[map_idx].path = rte_malloc(NULL, sizeof(devname), 0);
if (maps[map_idx].path == NULL) {
RTE_LOG(ERR, EAL, "Cannot allocate memory for path: %s\n",
strerror(errno));