[dpdk-dev] [PATCH v3 1/8] bus/fslmc: fix dereferencing null pointer

Ferruh Yigit ferruh.yigit at intel.com
Wed May 6 23:14:14 CEST 2020


On 5/4/2020 1:41 PM, Hemant Agrawal wrote:
> From: Apeksha Gupta <apeksha.gupta at nxp.com>
> 
> This patch fixees the nxp internal coverity reported
> null pointer dereferncing issue.
> 
> Fixes: 6fef517e17cf ("bus/fslmc: add qman HW fq query count API")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Apeksha Gupta <apeksha.gupta at nxp.com>
> ---
>  drivers/bus/fslmc/qbman/qbman_debug.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/bus/fslmc/qbman/qbman_debug.c b/drivers/bus/fslmc/qbman/qbman_debug.c
> index 0bb2ce880f..34374ae4b6 100644
> --- a/drivers/bus/fslmc/qbman/qbman_debug.c
> +++ b/drivers/bus/fslmc/qbman/qbman_debug.c
> @@ -20,26 +20,27 @@ struct qbman_fq_query_desc {
>  	uint8_t verb;
>  	uint8_t reserved[3];
>  	uint32_t fqid;
> -	uint8_t reserved2[57];
> +	uint8_t reserved2[56];

Is decreasing 'reserved2' size related to null pointer de-referencing? This
looks unrelated.

>  };
>  
>  int qbman_fq_query_state(struct qbman_swp *s, uint32_t fqid,
>  			 struct qbman_fq_query_np_rslt *r)
>  {
>  	struct qbman_fq_query_desc *p;
> +	struct qbman_fq_query_np_rslt *var;
>  
>  	p = (struct qbman_fq_query_desc *)qbman_swp_mc_start(s);
>  	if (!p)
>  		return -EBUSY;
>  
>  	p->fqid = fqid;
> -	*r = *(struct qbman_fq_query_np_rslt *)qbman_swp_mc_complete(s, p,
> -						QBMAN_FQ_QUERY_NP);
> -	if (!r) {
> +	var = qbman_swp_mc_complete(s, p, QBMAN_FQ_QUERY_NP);
> +	if (!var) {
>  		pr_err("qbman: Query FQID %d NP fields failed, no response\n",
>  		       fqid);
>  		return -EIO;
>  	}
> +	*r = *var;
>  
>  	/* Decode the outcome */
>  	QBMAN_BUG_ON((r->verb & QBMAN_RESPONSE_VERB_MASK) != QBMAN_FQ_QUERY_NP);
> 



More information about the dev mailing list