From patchwork Fri Jul  8 05:57:41 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Pei, Andy" <andy.pei@intel.com>
X-Patchwork-Id: 113824
X-Patchwork-Delegate: maxime.coquelin@redhat.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 04D8BA0540;
	Fri,  8 Jul 2022 07:50:43 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 8E8A0406B4;
	Fri,  8 Jul 2022 07:50:43 +0200 (CEST)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mails.dpdk.org (Postfix) with ESMTP id 067EC4069D
 for <dev@dpdk.org>; Fri,  8 Jul 2022 07:50:41 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1657259442; x=1688795442;
 h=from:to:cc:subject:date:message-id;
 bh=KMoppmkbMYVbf5zC7FfwEPKfH9JUXOnbKXfeuAeZls8=;
 b=g6EWwM6QzPrLzMdIDHKzoU79/NaYM3ADJnKXd4ZVPpClg2VzfuirUTCz
 py9WzDNVfO+ofjzTwHsiYZ3Dh16HiJwT+tn64CPHwsVWLBz2PxigqKKnS
 ugL3iUXkA9uZOGXiGfWyfSHGvH8x4BP87qyQ4cGbh1vfE3PUjaINFVQL1
 QJPqBOItzCLYWwOfNdIdplfzmmNnFq7pWZ8dKdU5dvy7bGodNa3cxuMBU
 N3MUAVVPJzEj8er6Z1QiauEblmHkzARu+bCnE2bV6vMX6x5dKNAXP5nxW
 XOsEVyU0HTzd9KmDjxVHevXyLTEDcG23ohuUgt3C2t0CKu2XXP4l+UHir A==;
X-IronPort-AV: E=McAfee;i="6400,9594,10401"; a="264611056"
X-IronPort-AV: E=Sophos;i="5.92,254,1650956400"; d="scan'208";a="264611056"
Received: from orsmga006.jf.intel.com ([10.7.209.51])
 by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 07 Jul 2022 22:50:40 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.92,254,1650956400"; d="scan'208";a="568817319"
Received: from dpdk-dipei.sh.intel.com ([10.67.110.238])
 by orsmga006.jf.intel.com with ESMTP; 07 Jul 2022 22:50:38 -0700
From: Andy Pei <andy.pei@intel.com>
To: dev@dpdk.org
Cc: chenbo.xia@intel.com,
	maxime.coquelin@redhat.com,
	xiao.w.wang@intel.com
Subject: [PATCH] vdpa/ifc/base: fix null pointer dereference
Date: Fri,  8 Jul 2022 13:57:41 +0800
Message-Id: <1657259861-75138-1-git-send-email-andy.pei@intel.com>
X-Mailer: git-send-email 1.8.3.1
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Fix null pointer dereference reported in coverity scan.
Output some log information when lm_cfg is null.
Make lm_cfg is not null before operate on lm_cfg.

Coverity issue: 378882
Fixes: d7fe5a2861e7 ("net/ifc: support live migration")

Signed-off-by: Andy Pei <andy.pei@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
 drivers/vdpa/ifc/base/ifcvf.c       | 31 ++++++++++++++++++++-----------
 drivers/vdpa/ifc/base/ifcvf_osdep.h |  1 +
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/drivers/vdpa/ifc/base/ifcvf.c b/drivers/vdpa/ifc/base/ifcvf.c
index 0a9f71a..f1e1474 100644
--- a/drivers/vdpa/ifc/base/ifcvf.c
+++ b/drivers/vdpa/ifc/base/ifcvf.c
@@ -87,6 +87,8 @@
 	}
 
 	hw->lm_cfg = hw->mem_resource[4].addr;
+	if (!hw->lm_cfg)
+		WARNINGOUT("HW support live migration not support!\n");
 
 	if (hw->common_cfg == NULL || hw->notify_base == NULL ||
 			hw->isr == NULL || hw->dev_cfg == NULL) {
@@ -218,17 +220,19 @@
 				&cfg->queue_used_hi);
 		IFCVF_WRITE_REG16(hw->vring[i].size, &cfg->queue_size);
 
-		if (hw->device_type == IFCVF_BLK)
-			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
-				i * IFCVF_LM_CFG_SIZE) =
-				(u32)hw->vring[i].last_avail_idx |
-				((u32)hw->vring[i].last_used_idx << 16);
-		else
-			*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
-				(i / 2) * IFCVF_LM_CFG_SIZE +
-				(i % 2) * 4) =
-				(u32)hw->vring[i].last_avail_idx |
-				((u32)hw->vring[i].last_used_idx << 16);
+		if (lm_cfg) {
+			if (hw->device_type == IFCVF_BLK)
+				*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
+					i * IFCVF_LM_CFG_SIZE) =
+					(u32)hw->vring[i].last_avail_idx |
+					((u32)hw->vring[i].last_used_idx << 16);
+			else
+				*(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
+					(i / 2) * IFCVF_LM_CFG_SIZE +
+					(i % 2) * 4) =
+					(u32)hw->vring[i].last_avail_idx |
+					((u32)hw->vring[i].last_used_idx << 16);
+		}
 
 		IFCVF_WRITE_REG16(i + 1, &cfg->queue_msix_vector);
 		if (IFCVF_READ_REG16(&cfg->queue_msix_vector) ==
@@ -320,6 +324,8 @@
 	u8 *lm_cfg;
 
 	lm_cfg = hw->lm_cfg;
+	if (!lm_cfg)
+		return;
 
 	*(u32 *)(lm_cfg + IFCVF_LM_BASE_ADDR_LOW) =
 		log_base & IFCVF_32_BIT_MASK;
@@ -342,6 +348,9 @@
 	u8 *lm_cfg;
 
 	lm_cfg = hw->lm_cfg;
+	if (!lm_cfg)
+		return;
+
 	*(u32 *)(lm_cfg + IFCVF_LM_LOGGING_CTRL) = IFCVF_LM_DISABLE;
 }
 
diff --git a/drivers/vdpa/ifc/base/ifcvf_osdep.h b/drivers/vdpa/ifc/base/ifcvf_osdep.h
index 6aef25e..8a47fcb 100644
--- a/drivers/vdpa/ifc/base/ifcvf_osdep.h
+++ b/drivers/vdpa/ifc/base/ifcvf_osdep.h
@@ -14,6 +14,7 @@
 #include <rte_log.h>
 #include <rte_io.h>
 
+#define WARNINGOUT(S, args...)    RTE_LOG(WARNING, PMD, S, ##args)
 #define DEBUGOUT(S, args...)    RTE_LOG(DEBUG, PMD, S, ##args)
 #define STATIC                  static