[dpdk-dev,v2] enic: negative array index write
Commit Message
Negative array index write using variable pos as an index to array
enic->fdir.nodes. Fixed by add array index check.
Fixes: fefed3d1e62c ("enic: new driver") Coverity ID 13270
Signed-off-by: John Daley <johndale@cisco.com>
---
Here is a version 2. Differences with fix proposed by Slawomir Mrozowicz:
- handle the return code error condition for both calls to rte_hash_add_key()
not just the the 2nd one.
- no need to check for pos >= ENICPMD_FDIR_MAX since it should already be
validated by rte_hash_add_key(). rte_hash_create() takes an 'entries'
parameter which is used to cap the max return value of rte_hash_add_key().
- when pos is < 0, return the actual error (pos), instead of -EINVAL.
drivers/net/enic/enic_clsf.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
Comments
On Mon, Jun 20, 2016 at 12:27:46PM -0700, John Daley wrote:
> Negative array index write using variable pos as an index to array
> enic->fdir.nodes. Fixed by add array index check.
>
> Fixes: fefed3d1e62c ("enic: new driver") Coverity ID 13270
> Signed-off-by: John Daley <johndale@cisco.com>
> ---
>
Applied to dpdk-next-net/rel_16_07
/Bruce
@@ -148,9 +148,13 @@ int enic_fdir_add_fltr(struct enic *enic, struct rte_eth_fdir_filter *params)
enic->fdir.nodes[pos] = NULL;
if (unlikely(key->rq_index == queue)) {
/* Nothing to be done */
+ enic->fdir.stats.f_add++;
pos = rte_hash_add_key(enic->fdir.hash, params);
+ if (pos < 0) {
+ dev_err(enic, "Add hash key failed\n");
+ return pos;
+ }
enic->fdir.nodes[pos] = key;
- enic->fdir.stats.f_add++;
dev_warning(enic,
"FDIR rule is already present\n");
return 0;
@@ -213,6 +217,11 @@ int enic_fdir_add_fltr(struct enic *enic, struct rte_eth_fdir_filter *params)
}
pos = rte_hash_add_key(enic->fdir.hash, params);
+ if (pos < 0) {
+ dev_err(enic, "Add hash key failed\n");
+ return pos;
+ }
+
enic->fdir.nodes[pos] = key;
return 0;
}