diff mbox series

bus/dpaa: fix outside array bounds error with GCC v13

Message ID	20230721052810.2048437-1-g.singh@nxp.com (mailing list archive)
State	Accepted, archived
Delegated to:	David Marchand
Headers	From: Gagandeep Singh <g.singh@nxp.com> To: ferruh.yigit@amd.com, dev@dpdk.org Cc: jerinj@marvell.com, Gagandeep Singh <g.singh@nxp.com>, stable@dpdk.org Subject: [PATCH] bus/dpaa: fix outside array bounds error with GCC v13 Date: Fri, 21 Jul 2023 10:58:10 +0530 Message-Id: <20230721052810.2048437-1-g.singh@nxp.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Precedence: list Errors-To: dev-bounces@dpdk.org
Series	bus/dpaa: fix outside array bounds error with GCC v13 \| bus/dpaa: fix outside array bounds error with GCC v13

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/github-robot: build	success	github build: passed
ci/intel-Functional	success	Functional PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-aarch-unit-testing	success	Testing PASS
ci/iol-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-unit-testing	fail	Testing issues
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS

Commit Message

Gagandeep Singh July 21, 2023, 5:28 a.m. UTC

  when RTE_ENABLE_ASSERT is enable, DPAA driver is doing
wrong NULL check on frame queue which allows the code
to have access to NULL address.
GCC v13 is giving array bounds error if code is
accessing any memory region less than 4KB.
This patch fixes this issue by adding proper NULL checks
on frame queue.

Please refer: https://bugs.dpdk.org/show_bug.cgi?id=1233

Bugzilla ID: 1233
Fixes: c47ff048b99a ("bus/dpaa: add QMAN driver core routines")
Cc: stable@dpdk.org

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 drivers/bus/dpaa/base/qbman/qman.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Hemant Agrawal July 21, 2023, 10:47 a.m. UTC | #1

Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>

On 21-Jul-23 10:58 AM, Gagandeep Singh wrote:
> Caution: This is an external email. Please take care when clicking links or opening attachments. When in doubt, report the message using the 'Report this email' button
>
>
> when RTE_ENABLE_ASSERT is enable, DPAA driver is doing
> wrong NULL check on frame queue which allows the code
> to have access to NULL address.
> GCC v13 is giving array bounds error if code is
> accessing any memory region less than 4KB.
> This patch fixes this issue by adding proper NULL checks
> on frame queue.
>
> Please refer: https://bugs.dpdk.org/show_bug.cgi?id=1233
>
> Bugzilla ID: 1233
> Fixes: c47ff048b99a ("bus/dpaa: add QMAN driver core routines")
> Cc: stable@dpdk.org
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
>   drivers/bus/dpaa/base/qbman/qman.c | 5 +++--
>   1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/bus/dpaa/base/qbman/qman.c b/drivers/bus/dpaa/base/qbman/qman.c
> index 3949bf8712..83db0a534e 100644
> --- a/drivers/bus/dpaa/base/qbman/qman.c
> +++ b/drivers/bus/dpaa/base/qbman/qman.c
> @@ -1,7 +1,7 @@
>   /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
>    *
>    * Copyright 2008-2016 Freescale Semiconductor Inc.
> - * Copyright 2017,2019 NXP
> + * Copyright 2017,2019-2023 NXP
>    *
>    */
>
> @@ -897,7 +897,7 @@ static u32 __poll_portal_slow(struct qman_portal *p, u32 is)
>                                  /* Lookup in the retirement table */
>                                  fq = table_find_fq(p,
>                                                     be32_to_cpu(msg->fq.fqid));
> -                               DPAA_BUG_ON(!fq);
> +                               DPAA_BUG_ON(fq != NULL);
>                                  fq_state_change(p, fq, &swapped_msg, verb);
>                                  if (fq->cb.fqs)
>                                          fq->cb.fqs(p, fq, &swapped_msg);
> @@ -909,6 +909,7 @@ static u32 __poll_portal_slow(struct qman_portal *p, u32 is)
>   #else
>                                  fq = (void *)(uintptr_t)msg->fq.contextB;
>   #endif
> +                               DPAA_BUG_ON(fq != NULL);
>                                  fq_state_change(p, fq, msg, verb);
>                                  if (fq->cb.fqs)
>                                          fq->cb.fqs(p, fq, &swapped_msg);
> --
> 2.25.1
>

Jerin Jacob July 21, 2023, 12:32 p.m. UTC | #2

On Fri, Jul 21, 2023 at 4:18 PM Hemant Agrawal
<hemant.agrawal@oss.nxp.com> wrote:
>
> Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>


Acked-by: Jerin Jacob <jerinj@marvell.com>


>
> On 21-Jul-23 10:58 AM, Gagandeep Singh wrote:
> > Caution: This is an external email. Please take care when clicking links or opening attachments. When in doubt, report the message using the 'Report this email' button
> >
> >
> > when RTE_ENABLE_ASSERT is enable, DPAA driver is doing
> > wrong NULL check on frame queue which allows the code
> > to have access to NULL address.
> > GCC v13 is giving array bounds error if code is
> > accessing any memory region less than 4KB.
> > This patch fixes this issue by adding proper NULL checks
> > on frame queue.
> >
> > Please refer: https://bugs.dpdk.org/show_bug.cgi?id=1233
> >
> > Bugzilla ID: 1233
> > Fixes: c47ff048b99a ("bus/dpaa: add QMAN driver core routines")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
> >   drivers/bus/dpaa/base/qbman/qman.c | 5 +++--
> >   1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/bus/dpaa/base/qbman/qman.c b/drivers/bus/dpaa/base/qbman/qman.c
> > index 3949bf8712..83db0a534e 100644
> > --- a/drivers/bus/dpaa/base/qbman/qman.c
> > +++ b/drivers/bus/dpaa/base/qbman/qman.c
> > @@ -1,7 +1,7 @@
> >   /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
> >    *
> >    * Copyright 2008-2016 Freescale Semiconductor Inc.
> > - * Copyright 2017,2019 NXP
> > + * Copyright 2017,2019-2023 NXP
> >    *
> >    */
> >
> > @@ -897,7 +897,7 @@ static u32 __poll_portal_slow(struct qman_portal *p, u32 is)
> >                                  /* Lookup in the retirement table */
> >                                  fq = table_find_fq(p,
> >                                                     be32_to_cpu(msg->fq.fqid));
> > -                               DPAA_BUG_ON(!fq);
> > +                               DPAA_BUG_ON(fq != NULL);
> >                                  fq_state_change(p, fq, &swapped_msg, verb);
> >                                  if (fq->cb.fqs)
> >                                          fq->cb.fqs(p, fq, &swapped_msg);
> > @@ -909,6 +909,7 @@ static u32 __poll_portal_slow(struct qman_portal *p, u32 is)
> >   #else
> >                                  fq = (void *)(uintptr_t)msg->fq.contextB;
> >   #endif
> > +                               DPAA_BUG_ON(fq != NULL);
> >                                  fq_state_change(p, fq, msg, verb);
> >                                  if (fq->cb.fqs)
> >                                          fq->cb.fqs(p, fq, &swapped_msg);
> > --
> > 2.25.1
> >

David Marchand Oct. 4, 2023, 12:28 p.m. UTC | #3

On Fri, Jul 21, 2023 at 7:28 AM Gagandeep Singh <g.singh@nxp.com> wrote:
>
> when RTE_ENABLE_ASSERT is enable, DPAA driver is doing
> wrong NULL check on frame queue which allows the code
> to have access to NULL address.
> GCC v13 is giving array bounds error if code is
> accessing any memory region less than 4KB.
> This patch fixes this issue by adding proper NULL checks
> on frame queue.
>
> Bugzilla ID: 1233
> Fixes: c47ff048b99a ("bus/dpaa: add QMAN driver core routines")
> Cc: stable@dpdk.org
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> Acked-by: Jerin Jacob <jerinj@marvell.com>

Applied, thanks.

diff mbox series

Patch

diff --git a/drivers/bus/dpaa/base/qbman/qman.c b/drivers/bus/dpaa/base/qbman/qman.c
index 3949bf8712..83db0a534e 100644
--- a/drivers/bus/dpaa/base/qbman/qman.c
+++ b/drivers/bus/dpaa/base/qbman/qman.c
@@ -1,7 +1,7 @@ 
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
  *
  * Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2017,2019 NXP
+ * Copyright 2017,2019-2023 NXP
  *
  */
 
@@ -897,7 +897,7 @@  static u32 __poll_portal_slow(struct qman_portal *p, u32 is)
 				/* Lookup in the retirement table */
 				fq = table_find_fq(p,
 						   be32_to_cpu(msg->fq.fqid));
-				DPAA_BUG_ON(!fq);
+				DPAA_BUG_ON(fq != NULL);
 				fq_state_change(p, fq, &swapped_msg, verb);
 				if (fq->cb.fqs)
 					fq->cb.fqs(p, fq, &swapped_msg);
@@ -909,6 +909,7 @@  static u32 __poll_portal_slow(struct qman_portal *p, u32 is)
 #else
 				fq = (void *)(uintptr_t)msg->fq.contextB;
 #endif
+				DPAA_BUG_ON(fq != NULL);
 				fq_state_change(p, fq, msg, verb);
 				if (fq->cb.fqs)
 					fq->cb.fqs(p, fq, &swapped_msg);