[dpdk-dev] [PATCH] net/i40e: fix out of bounds read issue

Ye Xiaolong xiaolong.ye at intel.com
Thu May 7 07:15:12 CEST 2020


On 05/07, Chenxu Di wrote:
>This patch fixes (out-of-bounds read) coverity issue.
>
>Coverity issue: 357699
>Coverity issue: 357694
>Fixes: feaae285b342 ("net/i40e: support hash configuration in RSS flow")
>
>Signed-off-by: Chenxu Di <chenxux.di at intel.com>
>---
> drivers/net/i40e/i40e_ethdev.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
>index 749d85f54..6c295ac5a 100644
>--- a/drivers/net/i40e/i40e_ethdev.c
>+++ b/drivers/net/i40e/i40e_ethdev.c
>@@ -13180,7 +13180,7 @@ i40e_rss_config_hash_function(struct i40e_pf *pf,
> 		}
> 
> 		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
>-		     j < I40E_FILTER_PCTYPE_MAX; j++) {
>+		     j < I40E_FILTER_PCTYPE_MAX && i < UINT64_BIT; j++) {

I see i is defined as uint32_t, why compare it to UINT64_BIT here?
And could you specify where is the out of bounds read before the fix?

> 			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
> 				i40e_write_global_rx_ctl(hw,
> 					I40E_GLQF_HSYM(j),
>@@ -13312,7 +13312,7 @@ i40e_rss_clear_hash_function(struct i40e_pf *pf,
> 		}
> 
> 		for (j = I40E_FILTER_PCTYPE_INVALID + 1;
>-		     j < I40E_FILTER_PCTYPE_MAX; j++) {
>+		     j < I40E_FILTER_PCTYPE_MAX && i < UINT64_BIT; j++) {
> 			if (pf->adapter->pctypes_tbl[i] & (1ULL << j))
> 				i40e_write_global_rx_ctl(hw,
> 					I40E_GLQF_HSYM(j),
>-- 
>2.17.1
>


More information about the dev mailing list