diff mbox series

[09/12] vdpa/ifc: fix build with GCC 12

Message ID 20220518101657.1230416-10-david.marchand@redhat.com (mailing list archive)
State Accepted
Delegated to: Thomas Monjalon
Headers show
Series Fix compilation with gcc 12 | expand

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

David Marchand May 18, 2022, 10:16 a.m. UTC
GCC 12 raises the following warning:

../drivers/vdpa/ifc/ifcvf_vdpa.c: In function ‘vdpa_enable_vfio_intr’:
../drivers/vdpa/ifc/ifcvf_vdpa.c:383:62: error: writing 4 bytes into a
    region of size 0 [-Werror=stringop-overflow=]
  383 |                         fd_ptr[RTE_INTR_VEC_RXTX_OFFSET + i] = fd;
      |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
../drivers/vdpa/ifc/ifcvf_vdpa.c:348:14: note: at offset 32 into
    destination object ‘irq_set_buf’ of size 32
  348 |         char irq_set_buf[MSIX_IRQ_SET_BUF_LEN];
      |              ^~~~~~~~~~~

Validate number of vrings to avoid out of bound access.

Cc: stable@dpdk.org

Signed-off-by: David Marchand <david.marchand@redhat.com>
---
 drivers/vdpa/ifc/ifcvf_vdpa.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Wang, Xiao W May 18, 2022, 11:48 a.m. UTC | #1
Hi,

> -----Original Message-----
> From: David Marchand <david.marchand@redhat.com>
> Sent: Wednesday, May 18, 2022 6:17 PM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; ferruh.yigit@xilinx.com; stable@dpdk.org;
> Wang, Xiao W <xiao.w.wang@intel.com>
> Subject: [PATCH 09/12] vdpa/ifc: fix build with GCC 12
> 
> GCC 12 raises the following warning:
> 
> ../drivers/vdpa/ifc/ifcvf_vdpa.c: In function ‘vdpa_enable_vfio_intr’:
> ../drivers/vdpa/ifc/ifcvf_vdpa.c:383:62: error: writing 4 bytes into a
>     region of size 0 [-Werror=stringop-overflow=]
>   383 |                         fd_ptr[RTE_INTR_VEC_RXTX_OFFSET + i] = fd;
>       |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
> ../drivers/vdpa/ifc/ifcvf_vdpa.c:348:14: note: at offset 32 into
>     destination object ‘irq_set_buf’ of size 32
>   348 |         char irq_set_buf[MSIX_IRQ_SET_BUF_LEN];
>       |              ^~~~~~~~~~~
> 
> Validate number of vrings to avoid out of bound access.
> 
> Cc: stable@dpdk.org
> 
> Signed-off-by: David Marchand <david.marchand@redhat.com>
> ---
>  drivers/vdpa/ifc/ifcvf_vdpa.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/vdpa/ifc/ifcvf_vdpa.c b/drivers/vdpa/ifc/ifcvf_vdpa.c
> index 9f05595b6b..6708849bd3 100644
> --- a/drivers/vdpa/ifc/ifcvf_vdpa.c
> +++ b/drivers/vdpa/ifc/ifcvf_vdpa.c
> @@ -354,6 +354,8 @@ vdpa_enable_vfio_intr(struct ifcvf_internal *internal,
> bool m_rx)
>  	vring.callfd = -1;
> 
>  	nr_vring = rte_vhost_get_vring_num(internal->vid);
> +	if (nr_vring > IFCVF_MAX_QUEUES * 2)
> +		return -1;
> 
>  	irq_set = (struct vfio_irq_set *)irq_set_buf;
>  	irq_set->argsz = sizeof(irq_set_buf);
> --
> 2.36.1

Acked-by: Xiao Wang <xiao.w.wang@intel.com>

BRs,
Xiao
Stephen Hemminger June 11, 2022, 3:36 p.m. UTC | #2
On Wed, 18 May 2022 12:16:54 +0200
David Marchand <david.marchand@redhat.com> wrote:

> GCC 12 raises the following warning:
> 
> ../drivers/vdpa/ifc/ifcvf_vdpa.c: In function ‘vdpa_enable_vfio_intr’:
> ../drivers/vdpa/ifc/ifcvf_vdpa.c:383:62: error: writing 4 bytes into a
>     region of size 0 [-Werror=stringop-overflow=]
>   383 |                         fd_ptr[RTE_INTR_VEC_RXTX_OFFSET + i] = fd;
>       |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
> ../drivers/vdpa/ifc/ifcvf_vdpa.c:348:14: note: at offset 32 into
>     destination object ‘irq_set_buf’ of size 32
>   348 |         char irq_set_buf[MSIX_IRQ_SET_BUF_LEN];
>       |              ^~~~~~~~~~~
> 
> Validate number of vrings to avoid out of bound access.
> 
> Cc: stable@dpdk.org
> 
> Signed-off-by: David Marchand <david.marchand@redhat.com>


Acked-by: Stephen Hemminger <stephen@networkplumber.org>
diff mbox series

Patch

diff --git a/drivers/vdpa/ifc/ifcvf_vdpa.c b/drivers/vdpa/ifc/ifcvf_vdpa.c
index 9f05595b6b..6708849bd3 100644
--- a/drivers/vdpa/ifc/ifcvf_vdpa.c
+++ b/drivers/vdpa/ifc/ifcvf_vdpa.c
@@ -354,6 +354,8 @@  vdpa_enable_vfio_intr(struct ifcvf_internal *internal, bool m_rx)
 	vring.callfd = -1;
 
 	nr_vring = rte_vhost_get_vring_num(internal->vid);
+	if (nr_vring > IFCVF_MAX_QUEUES * 2)
+		return -1;
 
 	irq_set = (struct vfio_irq_set *)irq_set_buf;
 	irq_set->argsz = sizeof(irq_set_buf);