[v2,1/1] raw/ifpga/base: check size before assigning
Checks
Commit Message
In max10_staging_area_init(), variable "size" from fdt_get_reg() may
be invalid, it should be checked before assigning to member variable
"staging_area_size" of structure "intel_max10_device".
Coverity issue: 367480, 367482
Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device driver")
Signed-off-by: Wei Huang <wei.huang@intel.com>
---
v2: check size before assigning to staging_area_size
---
drivers/raw/ifpga/base/opae_intel_max10.c | 2 +-
drivers/raw/ifpga/base/opae_intel_max10.h | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
Comments
On 4/8/2021 9:51 AM, Wei Huang wrote:
> In max10_staging_area_init(), variable "size" from fdt_get_reg() may
> be invalid, it should be checked before assigning to member variable
> "staging_area_size" of structure "intel_max10_device".
>
> Coverity issue: 367480, 367482
> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device driver")
>
> Signed-off-by: Wei Huang <wei.huang@intel.com>
> ---
> v2: check size before assigning to staging_area_size
> ---
> drivers/raw/ifpga/base/opae_intel_max10.c | 2 +-
> drivers/raw/ifpga/base/opae_intel_max10.h | 1 +
> 2 files changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c b/drivers/raw/ifpga/base/opae_intel_max10.c
> index 443e248fb3..c223fafa03 100644
> --- a/drivers/raw/ifpga/base/opae_intel_max10.c
> +++ b/drivers/raw/ifpga/base/opae_intel_max10.c
> @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct intel_max10_device *dev)
> continue;
>
> ret = fdt_get_reg(fdt_root, offset, 0, &start, &size);
> - if (!ret) {
> + if (!ret && (size <= MAX_STAGING_AREA_SIZE)) {
> dev->staging_area_base = start;
> dev->staging_area_size = size;
> }
> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h b/drivers/raw/ifpga/base/opae_intel_max10.h
> index 670683f017..e7142d6f0d 100644
> --- a/drivers/raw/ifpga/base/opae_intel_max10.h
> +++ b/drivers/raw/ifpga/base/opae_intel_max10.h
> @@ -182,6 +182,7 @@ struct opae_retimer_status {
> #define SBUS_VERSION GENMASK(31, 16)
>
> #define DFT_MAX_SIZE 0x7e0000
> +#define MAX_STAGING_AREA_SIZE 0x3800000
>
> int max10_reg_read(struct intel_max10_device *dev,
> unsigned int reg, unsigned int *val);
>
Hi Aaron, David,
The data flow is complex for this coverity issues [1], at least I can't confirm
that change fixes the issue.
Are you aware of any way to confirm this coverity issue before merging it?
[1]
https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=100181086&defectInstanceId=14238477&mergedDefectId=367480
Ferruh Yigit <ferruh.yigit@intel.com> writes:
> On 4/8/2021 9:51 AM, Wei Huang wrote:
>> In max10_staging_area_init(), variable "size" from fdt_get_reg() may
>> be invalid, it should be checked before assigning to member variable
>> "staging_area_size" of structure "intel_max10_device".
>>
>> Coverity issue: 367480, 367482
>> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device driver")
>>
>> Signed-off-by: Wei Huang <wei.huang@intel.com>
>> ---
>> v2: check size before assigning to staging_area_size
>> ---
>> drivers/raw/ifpga/base/opae_intel_max10.c | 2 +-
>> drivers/raw/ifpga/base/opae_intel_max10.h | 1 +
>> 2 files changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c b/drivers/raw/ifpga/base/opae_intel_max10.c
>> index 443e248fb3..c223fafa03 100644
>> --- a/drivers/raw/ifpga/base/opae_intel_max10.c
>> +++ b/drivers/raw/ifpga/base/opae_intel_max10.c
>> @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct intel_max10_device *dev)
>> continue;
>> ret = fdt_get_reg(fdt_root, offset, 0, &start, &size);
>> - if (!ret) {
>> + if (!ret && (size <= MAX_STAGING_AREA_SIZE)) {
>> dev->staging_area_base = start;
>> dev->staging_area_size = size;
>> }
>> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h b/drivers/raw/ifpga/base/opae_intel_max10.h
>> index 670683f017..e7142d6f0d 100644
>> --- a/drivers/raw/ifpga/base/opae_intel_max10.h
>> +++ b/drivers/raw/ifpga/base/opae_intel_max10.h
>> @@ -182,6 +182,7 @@ struct opae_retimer_status {
>> #define SBUS_VERSION GENMASK(31, 16)
>> #define DFT_MAX_SIZE 0x7e0000
>> +#define MAX_STAGING_AREA_SIZE 0x3800000
>> int max10_reg_read(struct intel_max10_device *dev,
>> unsigned int reg, unsigned int *val);
>>
>
> Hi Aaron, David,
>
> The data flow is complex for this coverity issues [1], at least I
> can't confirm that change fixes the issue.
>
> Are you aware of any way to confirm this coverity issue before merging it?
Not generically. :-/
We need someone that understands the data flow and the coverity splat to
know that the fix is correct. Coverity even ratelimits how many
outstanding submissions we can post, iirc, so we don't get to push patch
sets (unless we pay? I don't recall if there's an option for that).
> [1]
> https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=100181086&defectInstanceId=14238477&mergedDefectId=367480
> -----Original Message-----
> From: Aaron Conole <aconole@redhat.com>
> Sent: 2021年4月9日 22:56
> To: Yigit, Ferruh <ferruh.yigit@intel.com>
> Cc: David Marchand <david.marchand@redhat.com>; stable@dpdk.org;
> Zhang, Tianfei <tianfei.zhang@intel.com>; Huang, Wei
> <wei.huang@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>; Xu, Rosen
> <rosen.xu@intel.com>; dev@dpdk.org; Mcnamara, John
> <john.mcnamara@intel.com>
> Subject: Re: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
>
> Ferruh Yigit <ferruh.yigit@intel.com> writes:
>
> > On 4/8/2021 9:51 AM, Wei Huang wrote:
> >> In max10_staging_area_init(), variable "size" from fdt_get_reg() may
> >> be invalid, it should be checked before assigning to member variable
> >> "staging_area_size" of structure "intel_max10_device".
> >>
> >> Coverity issue: 367480, 367482
> >> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device
> >> driver")
> >>
> >> Signed-off-by: Wei Huang <wei.huang@intel.com>
> >> ---
> >> v2: check size before assigning to staging_area_size
> >> ---
> >> drivers/raw/ifpga/base/opae_intel_max10.c | 2 +-
> >> drivers/raw/ifpga/base/opae_intel_max10.h | 1 +
> >> 2 files changed, 2 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c
> >> b/drivers/raw/ifpga/base/opae_intel_max10.c
> >> index 443e248fb3..c223fafa03 100644
> >> --- a/drivers/raw/ifpga/base/opae_intel_max10.c
> >> +++ b/drivers/raw/ifpga/base/opae_intel_max10.c
> >> @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct
> intel_max10_device *dev)
> >> continue;
> >> ret = fdt_get_reg(fdt_root, offset, 0, &start, &size);
> >> - if (!ret) {
> >> + if (!ret && (size <= MAX_STAGING_AREA_SIZE)) {
> >> dev->staging_area_base = start;
> >> dev->staging_area_size = size;
> >> }
> >> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h
> >> b/drivers/raw/ifpga/base/opae_intel_max10.h
> >> index 670683f017..e7142d6f0d 100644
> >> --- a/drivers/raw/ifpga/base/opae_intel_max10.h
> >> +++ b/drivers/raw/ifpga/base/opae_intel_max10.h
> >> @@ -182,6 +182,7 @@ struct opae_retimer_status {
> >> #define SBUS_VERSION GENMASK(31, 16)
> >> #define DFT_MAX_SIZE 0x7e0000
> >> +#define MAX_STAGING_AREA_SIZE 0x3800000
> >> int max10_reg_read(struct intel_max10_device *dev,
> >> unsigned int reg, unsigned int *val);
> >>
> >
> > Hi Aaron, David,
> >
> > The data flow is complex for this coverity issues [1], at least I
> > can't confirm that change fixes the issue.
> >
> > Are you aware of any way to confirm this coverity issue before merging it?
>
> Not generically. :-/
>
> We need someone that understands the data flow and the coverity splat to
> know that the fix is correct. Coverity even ratelimits how many outstanding
> submissions we can post, iirc, so we don't get to push patch sets (unless we
> pay? I don't recall if there's an option for that).
This fix is looks good for me. The fdt_get_reg() function just read out the content of some items from DTS file,
We call the libfdt library API to do this.
The Coverity just assume some attacker broken the DTS file or invoke the function with arbitrary values, it is not safety,
So this patch add some checking after the function return.
>
> > [1]
> > https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=10
> > 0181086&defectInstanceId=14238477&mergedDefectId=367480
On 4/14/2021 3:46 AM, Zhang, Tianfei wrote:
>
>
>> -----Original Message-----
>> From: Aaron Conole <aconole@redhat.com>
>> Sent: 2021年4月9日 22:56
>> To: Yigit, Ferruh <ferruh.yigit@intel.com>
>> Cc: David Marchand <david.marchand@redhat.com>; stable@dpdk.org;
>> Zhang, Tianfei <tianfei.zhang@intel.com>; Huang, Wei
>> <wei.huang@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>; Xu, Rosen
>> <rosen.xu@intel.com>; dev@dpdk.org; Mcnamara, John
>> <john.mcnamara@intel.com>
>> Subject: Re: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
>>
>> Ferruh Yigit <ferruh.yigit@intel.com> writes:
>>
>>> On 4/8/2021 9:51 AM, Wei Huang wrote:
>>>> In max10_staging_area_init(), variable "size" from fdt_get_reg() may
>>>> be invalid, it should be checked before assigning to member variable
>>>> "staging_area_size" of structure "intel_max10_device".
>>>>
>>>> Coverity issue: 367480, 367482
>>>> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device
>>>> driver")
>>>>
>>>> Signed-off-by: Wei Huang <wei.huang@intel.com>
>>>> ---
>>>> v2: check size before assigning to staging_area_size
>>>> ---
>>>> drivers/raw/ifpga/base/opae_intel_max10.c | 2 +-
>>>> drivers/raw/ifpga/base/opae_intel_max10.h | 1 +
>>>> 2 files changed, 2 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> b/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> index 443e248fb3..c223fafa03 100644
>>>> --- a/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> +++ b/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct
>> intel_max10_device *dev)
>>>> continue;
>>>> ret = fdt_get_reg(fdt_root, offset, 0, &start, &size);
>>>> -if (!ret) {
>>>> +if (!ret && (size <= MAX_STAGING_AREA_SIZE)) {
>>>> dev->staging_area_base = start;
>>>> dev->staging_area_size = size;
>>>> }
>>>> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> b/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> index 670683f017..e7142d6f0d 100644
>>>> --- a/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> +++ b/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> @@ -182,6 +182,7 @@ struct opae_retimer_status {
>>>> #define SBUS_VERSIONGENMASK(31, 16)
>>>> #define DFT_MAX_SIZE0x7e0000
>>>> +#define MAX_STAGING_AREA_SIZE0x3800000
>>>> int max10_reg_read(struct intel_max10_device *dev,
>>>> unsigned int reg, unsigned int *val);
>>>>
>>>
>>> Hi Aaron, David,
>>>
>>> The data flow is complex for this coverity issues [1], at least I
>>> can't confirm that change fixes the issue.
>>>
>>> Are you aware of any way to confirm this coverity issue before merging it?
>>
>> Not generically. :-/
>>
>> We need someone that understands the data flow and the coverity splat to
>> know that the fix is correct. Coverity even ratelimits how many outstanding
>> submissions we can post, iirc, so we don't get to push patch sets (unless we
>> pay? I don't recall if there's an option for that).
>
> This fix is looks good for me. The fdt_get_reg() function just read out the content of some items from DTS file,
> We call the libfdt library API to do this.
> The Coverity just assume some attacker broken the DTS file or invoke the function with arbitrary values, it is not safety,
> So this patch add some checking after the function return.
>
Hi Tianfei,
From the CI capacity perspective, it would be better to have a way to verify
Coverity fixes before merging them.
For most of the Coverity fixes we can tell that patch is fixing issue by review,
but for the non trivial cases like this, a way to verify patch, even it is
manual etc.., would be nice, otherwise it turns out to try and see Coverity fixes.
And as far as I remember we had in the past that a Coverity fix result two more
new Coverity issues :)
>>
>>> [1]
>>> https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=10
>>> 0181086&defectInstanceId=14238477&mergedDefectId=367480
>
Hi Ferruh,
We have no way to run Coverity scan manually, if you or someone else know how to do it, please let us know.
Thanks,
Wei
-----Original Message-----
From: Ferruh Yigit <ferruh.yigit@intel.com>
Sent: Wednesday, April 14, 2021 15:42
To: Zhang, Tianfei <tianfei.zhang@intel.com>; Aaron Conole <aconole@redhat.com>
Cc: David Marchand <david.marchand@redhat.com>; stable@dpdk.org; Huang, Wei <wei.huang@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>; Xu, Rosen <rosen.xu@intel.com>; dev@dpdk.org; Mcnamara, John <john.mcnamara@intel.com>
Subject: Re: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
On 4/14/2021 3:46 AM, Zhang, Tianfei wrote:
>
>
>> -----Original Message-----
>> From: Aaron Conole <aconole@redhat.com>
>> Sent: 2021年4月9日 22:56
>> To: Yigit, Ferruh <ferruh.yigit@intel.com>
>> Cc: David Marchand <david.marchand@redhat.com>; stable@dpdk.org;
>> Zhang, Tianfei <tianfei.zhang@intel.com>; Huang, Wei
>> <wei.huang@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>; Xu, Rosen
>> <rosen.xu@intel.com>; dev@dpdk.org; Mcnamara, John
>> <john.mcnamara@intel.com>
>> Subject: Re: [PATCH v2 1/1] raw/ifpga/base: check size before
>> assigning
>>
>> Ferruh Yigit <ferruh.yigit@intel.com> writes:
>>
>>> On 4/8/2021 9:51 AM, Wei Huang wrote:
>>>> In max10_staging_area_init(), variable "size" from fdt_get_reg()
>>>> may be invalid, it should be checked before assigning to member
>>>> variable "staging_area_size" of structure "intel_max10_device".
>>>>
>>>> Coverity issue: 367480, 367482
>>>> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device
>>>> driver")
>>>>
>>>> Signed-off-by: Wei Huang <wei.huang@intel.com>
>>>> ---
>>>> v2: check size before assigning to staging_area_size
>>>> ---
>>>> drivers/raw/ifpga/base/opae_intel_max10.c | 2 +-
>>>> drivers/raw/ifpga/base/opae_intel_max10.h | 1 +
>>>> 2 files changed, 2 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> b/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> index 443e248fb3..c223fafa03 100644
>>>> --- a/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> +++ b/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct
>> intel_max10_device *dev)
>>>> continue;
>>>> ret = fdt_get_reg(fdt_root, offset, 0, &start, &size); -if
>>>> (!ret) {
>>>> +if (!ret && (size <= MAX_STAGING_AREA_SIZE)) {
>>>> dev->staging_area_base = start;
>>>> dev->staging_area_size = size;
>>>> }
>>>> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> b/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> index 670683f017..e7142d6f0d 100644
>>>> --- a/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> +++ b/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> @@ -182,6 +182,7 @@ struct opae_retimer_status {
>>>> #define SBUS_VERSIONGENMASK(31, 16)
>>>> #define DFT_MAX_SIZE0x7e0000
>>>> +#define MAX_STAGING_AREA_SIZE0x3800000
>>>> int max10_reg_read(struct intel_max10_device *dev,
>>>> unsigned int reg, unsigned int *val);
>>>>
>>>
>>> Hi Aaron, David,
>>>
>>> The data flow is complex for this coverity issues [1], at least I
>>> can't confirm that change fixes the issue.
>>>
>>> Are you aware of any way to confirm this coverity issue before merging it?
>>
>> Not generically. :-/
>>
>> We need someone that understands the data flow and the coverity splat
>> to know that the fix is correct. Coverity even ratelimits how many
>> outstanding submissions we can post, iirc, so we don't get to push
>> patch sets (unless we pay? I don't recall if there's an option for that).
>
> This fix is looks good for me. The fdt_get_reg() function just read
> out the content of some items from DTS file, We call the libfdt library API to do this.
> The Coverity just assume some attacker broken the DTS file or invoke
> the function with arbitrary values, it is not safety, So this patch add some checking after the function return.
>
Hi Tianfei,
From the CI capacity perspective, it would be better to have a way to verify Coverity fixes before merging them.
For most of the Coverity fixes we can tell that patch is fixing issue by review, but for the non trivial cases like this, a way to verify patch, even it is manual etc.., would be nice, otherwise it turns out to try and see Coverity fixes.
And as far as I remember we had in the past that a Coverity fix result two more new Coverity issues :)
>>
>>> [1]
>>> https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=
>>> 10
>>> 0181086&defectInstanceId=14238477&mergedDefectId=367480
>
> -----Original Message-----
> From: Huang, Wei <wei.huang@intel.com>
> Sent: Thursday, April 8, 2021 4:52 PM
> To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z
> <qi.z.zhang@intel.com>
> Cc: stable@dpdk.org; Zhang, Tianfei <tianfei.zhang@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; Huang, Wei <wei.huang@intel.com>
> Subject: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
>
> In max10_staging_area_init(), variable "size" from fdt_get_reg() may be invalid,
> it should be checked before assigning to member variable "staging_area_size"
> of structure "intel_max10_device".
>
> Coverity issue: 367480, 367482
> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device driver")
>
> Signed-off-by: Wei Huang <wei.huang@intel.com>
> ---
Applied to dpdk-next-net-intel.
Thanks
Qi
On 4/19/2021 9:12 AM, Zhang, Qi Z wrote:
>
>
>> -----Original Message-----
>> From: Huang, Wei <wei.huang@intel.com>
>> Sent: Thursday, April 8, 2021 4:52 PM
>> To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z
>> <qi.z.zhang@intel.com>
>> Cc: stable@dpdk.org; Zhang, Tianfei <tianfei.zhang@intel.com>; Yigit, Ferruh
>> <ferruh.yigit@intel.com>; Huang, Wei <wei.huang@intel.com>
>> Subject: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
>>
>> In max10_staging_area_init(), variable "size" from fdt_get_reg() may be invalid,
>> it should be checked before assigning to member variable "staging_area_size"
>> of structure "intel_max10_device".
>>
>> Coverity issue: 367480, 367482
>> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device driver")
>>
>> Signed-off-by: Wei Huang <wei.huang@intel.com>
>> ---
>
> Applied to dpdk-next-net-intel.
>
This patch is missing the maintainer ack.
Rosen, Tianfei, can you please review the patch?
> -----Original Message-----
> From: Yigit, Ferruh <ferruh.yigit@intel.com>
> Sent: 2021年4月20日 6:36
> To: Zhang, Qi Z <qi.z.zhang@intel.com>; Huang, Wei <wei.huang@intel.com>;
> dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>
> Cc: stable@dpdk.org; Zhang, Tianfei <tianfei.zhang@intel.com>
> Subject: Re: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
>
> On 4/19/2021 9:12 AM, Zhang, Qi Z wrote:
> >
> >
> >> -----Original Message-----
> >> From: Huang, Wei <wei.huang@intel.com>
> >> Sent: Thursday, April 8, 2021 4:52 PM
> >> To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z
> >> <qi.z.zhang@intel.com>
> >> Cc: stable@dpdk.org; Zhang, Tianfei <tianfei.zhang@intel.com>; Yigit,
> >> Ferruh <ferruh.yigit@intel.com>; Huang, Wei <wei.huang@intel.com>
> >> Subject: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
> >>
> >> In max10_staging_area_init(), variable "size" from fdt_get_reg() may
> >> be invalid, it should be checked before assigning to member variable
> "staging_area_size"
> >> of structure "intel_max10_device".
> >>
> >> Coverity issue: 367480, 367482
> >> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device
> >> driver")
> >>
> >> Signed-off-by: Wei Huang <wei.huang@intel.com>
> >> ---
> >
> > Applied to dpdk-next-net-intel.
> >
>
> This patch is missing the maintainer ack.
>
> Rosen, Tianfei, can you please review the patch?
It looks good for me.
Acked-by: Tianfei zhang <Tianfei.zhang@intel.com>
On 4/20/2021 1:13 AM, Zhang, Tianfei wrote:
>
>
>> -----Original Message-----
>> From: Yigit, Ferruh <ferruh.yigit@intel.com>
>> Sent: 2021年4月20日 6:36
>> To: Zhang, Qi Z <qi.z.zhang@intel.com>; Huang, Wei <wei.huang@intel.com>;
>> dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>
>> Cc: stable@dpdk.org; Zhang, Tianfei <tianfei.zhang@intel.com>
>> Subject: Re: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
>>
>> On 4/19/2021 9:12 AM, Zhang, Qi Z wrote:
>>>
>>>
>>>> -----Original Message-----
>>>> From: Huang, Wei <wei.huang@intel.com>
>>>> Sent: Thursday, April 8, 2021 4:52 PM
>>>> To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z
>>>> <qi.z.zhang@intel.com>
>>>> Cc: stable@dpdk.org; Zhang, Tianfei <tianfei.zhang@intel.com>; Yigit,
>>>> Ferruh <ferruh.yigit@intel.com>; Huang, Wei <wei.huang@intel.com>
>>>> Subject: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
>>>>
>>>> In max10_staging_area_init(), variable "size" from fdt_get_reg() may
>>>> be invalid, it should be checked before assigning to member variable
>> "staging_area_size"
>>>> of structure "intel_max10_device".
>>>>
>>>> Coverity issue: 367480, 367482
>>>> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device
>>>> driver")
>>>>
>>>> Signed-off-by: Wei Huang <wei.huang@intel.com>
>>>> ---
>>>
>>> Applied to dpdk-next-net-intel.
>>>
>>
>> This patch is missing the maintainer ack.
>>
>> Rosen, Tianfei, can you please review the patch?
>
> It looks good for me.
>
> Acked-by: Tianfei zhang <Tianfei.zhang@intel.com>
>
Thanks, added in next-net.
Thanks all.
-----Original Message-----
From: Yigit, Ferruh <ferruh.yigit@intel.com>
Sent: Tuesday, April 20, 2021 9:01 AM
To: Zhang, Tianfei <tianfei.zhang@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>; Huang, Wei <wei.huang@intel.com>; dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>
Cc: stable@dpdk.org
Subject: Re: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
On 4/20/2021 1:13 AM, Zhang, Tianfei wrote:
>
>
>> -----Original Message-----
>> From: Yigit, Ferruh <ferruh.yigit@intel.com>
>> Sent: 2021年4月20日 6:36
>> To: Zhang, Qi Z <qi.z.zhang@intel.com>; Huang, Wei
>> <wei.huang@intel.com>; dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>
>> Cc: stable@dpdk.org; Zhang, Tianfei <tianfei.zhang@intel.com>
>> Subject: Re: [PATCH v2 1/1] raw/ifpga/base: check size before
>> assigning
>>
>> On 4/19/2021 9:12 AM, Zhang, Qi Z wrote:
>>>
>>>
>>>> -----Original Message-----
>>>> From: Huang, Wei <wei.huang@intel.com>
>>>> Sent: Thursday, April 8, 2021 4:52 PM
>>>> To: dev@dpdk.org; Xu, Rosen <rosen.xu@intel.com>; Zhang, Qi Z
>>>> <qi.z.zhang@intel.com>
>>>> Cc: stable@dpdk.org; Zhang, Tianfei <tianfei.zhang@intel.com>;
>>>> Yigit, Ferruh <ferruh.yigit@intel.com>; Huang, Wei
>>>> <wei.huang@intel.com>
>>>> Subject: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
>>>>
>>>> In max10_staging_area_init(), variable "size" from fdt_get_reg()
>>>> may be invalid, it should be checked before assigning to member
>>>> variable
>> "staging_area_size"
>>>> of structure "intel_max10_device".
>>>>
>>>> Coverity issue: 367480, 367482
>>>> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device
>>>> driver")
>>>>
>>>> Signed-off-by: Wei Huang <wei.huang@intel.com>
>>>> ---
>>>
>>> Applied to dpdk-next-net-intel.
>>>
>>
>> This patch is missing the maintainer ack.
>>
>> Rosen, Tianfei, can you please review the patch?
>
> It looks good for me.
>
> Acked-by: Tianfei zhang <Tianfei.zhang@intel.com>
>
Thanks, added in next-net.
On 4/14/2021 3:46 AM, Zhang, Tianfei wrote:
>
>
>> -----Original Message-----
>> From: Aaron Conole <aconole@redhat.com>
>> Sent: 2021年4月9日 22:56
>> To: Yigit, Ferruh <ferruh.yigit@intel.com>
>> Cc: David Marchand <david.marchand@redhat.com>; stable@dpdk.org;
>> Zhang, Tianfei <tianfei.zhang@intel.com>; Huang, Wei
>> <wei.huang@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>; Xu, Rosen
>> <rosen.xu@intel.com>; dev@dpdk.org; Mcnamara, John
>> <john.mcnamara@intel.com>
>> Subject: Re: [PATCH v2 1/1] raw/ifpga/base: check size before assigning
>>
>> Ferruh Yigit <ferruh.yigit@intel.com> writes:
>>
>>> On 4/8/2021 9:51 AM, Wei Huang wrote:
>>>> In max10_staging_area_init(), variable "size" from fdt_get_reg() may
>>>> be invalid, it should be checked before assigning to member variable
>>>> "staging_area_size" of structure "intel_max10_device".
>>>>
>>>> Coverity issue: 367480, 367482
>>>> Fixes: 96ebfcf8125c ("raw/ifpga/base: add SPI and MAX10 device
>>>> driver")
>>>>
>>>> Signed-off-by: Wei Huang <wei.huang@intel.com>
>>>> ---
>>>> v2: check size before assigning to staging_area_size
>>>> ---
>>>> drivers/raw/ifpga/base/opae_intel_max10.c | 2 +-
>>>> drivers/raw/ifpga/base/opae_intel_max10.h | 1 +
>>>> 2 files changed, 2 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> b/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> index 443e248fb3..c223fafa03 100644
>>>> --- a/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> +++ b/drivers/raw/ifpga/base/opae_intel_max10.c
>>>> @@ -593,7 +593,7 @@ static int max10_staging_area_init(struct
>> intel_max10_device *dev)
>>>> continue;
>>>> ret = fdt_get_reg(fdt_root, offset, 0, &start, &size);
>>>> -if (!ret) {
>>>> +if (!ret && (size <= MAX_STAGING_AREA_SIZE)) {
>>>> dev->staging_area_base = start;
>>>> dev->staging_area_size = size;
>>>> }
>>>> diff --git a/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> b/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> index 670683f017..e7142d6f0d 100644
>>>> --- a/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> +++ b/drivers/raw/ifpga/base/opae_intel_max10.h
>>>> @@ -182,6 +182,7 @@ struct opae_retimer_status {
>>>> #define SBUS_VERSIONGENMASK(31, 16)
>>>> #define DFT_MAX_SIZE0x7e0000
>>>> +#define MAX_STAGING_AREA_SIZE0x3800000
>>>> int max10_reg_read(struct intel_max10_device *dev,
>>>> unsigned int reg, unsigned int *val);
>>>>
>>>
>>> Hi Aaron, David,
>>>
>>> The data flow is complex for this coverity issues [1], at least I
>>> can't confirm that change fixes the issue.
>>>
>>> Are you aware of any way to confirm this coverity issue before merging it?
>>
>> Not generically. :-/
>>
>> We need someone that understands the data flow and the coverity splat to
>> know that the fix is correct. Coverity even ratelimits how many outstanding
>> submissions we can post, iirc, so we don't get to push patch sets (unless we
>> pay? I don't recall if there's an option for that).
>
> This fix is looks good for me. The fdt_get_reg() function just read out the content of some items from DTS file,
> We call the libfdt library API to do this.
> The Coverity just assume some attacker broken the DTS file or invoke the function with arbitrary values, it is not safety,
> So this patch add some checking after the function return.
>
Hi Tianfei, Wei, Rosen,
The defect is reported in Coverity, as concerned, can you please look at it?
>>
>>> [1]
>>> https://scan4.coverity.com/reports.htm#v26325/p10075/fileInstanceId=10
>>> 0181086&defectInstanceId=14238477&mergedDefectId=367480
>
@@ -593,7 +593,7 @@ static int max10_staging_area_init(struct intel_max10_device *dev)
continue;
ret = fdt_get_reg(fdt_root, offset, 0, &start, &size);
- if (!ret) {
+ if (!ret && (size <= MAX_STAGING_AREA_SIZE)) {
dev->staging_area_base = start;
dev->staging_area_size = size;
}
@@ -182,6 +182,7 @@ struct opae_retimer_status {
#define SBUS_VERSION GENMASK(31, 16)
#define DFT_MAX_SIZE 0x7e0000
+#define MAX_STAGING_AREA_SIZE 0x3800000
int max10_reg_read(struct intel_max10_device *dev,
unsigned int reg, unsigned int *val);