[PATCH v1 1/1] baseband/acc: fix check after deref and dead code

Maxime Coquelin maxime.coquelin at redhat.com
Fri Nov 4 09:51:40 CET 2022

Previous message (by thread): [PATCH v1 1/1] baseband/acc: fix check after deref and dead code
Next message (by thread): [PATCH v1 1/1] baseband/acc: fix check after deref and dead code
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


On 11/4/22 04:52, Hernan Vargas wrote:
> Fix potential issue of dereferencing a pointer before null check.
> Remove null check for value that could never be null.
> 
> Coverity issue: 381646, 381631
> Fixes: 989dec301a9 ("baseband/acc100: add ring companion address")
> 
> Signed-off-by: Hernan Vargas <hernan.vargas at intel.com>
> ---
>   drivers/baseband/acc/rte_acc100_pmd.c | 4 ----
>   1 file changed, 4 deletions(-)
> 
> diff --git a/drivers/baseband/acc/rte_acc100_pmd.c b/drivers/baseband/acc/rte_acc100_pmd.c
> index 96daef87bc..30a718916d 100644
> --- a/drivers/baseband/acc/rte_acc100_pmd.c
> +++ b/drivers/baseband/acc/rte_acc100_pmd.c
> @@ -4122,15 +4122,11 @@ acc100_dequeue_ldpc_enc(struct rte_bbdev_queue_data *q_data,
>   	struct rte_bbdev_enc_op *op;
>   	union acc_dma_desc *desc;
>   
> -	if (q == NULL)
> -		return 0;

Can we be sure it can never be NULL?

static inline uint16_t
rte_bbdev_dequeue_ldpc_enc_ops(uint16_t dev_id, uint16_t queue_id,
		struct rte_bbdev_enc_op **ops, uint16_t num_ops)
{
	struct rte_bbdev *dev = &rte_bbdev_devices[dev_id];
	struct rte_bbdev_queue_data *q_data = &dev->data->queues[queue_id];
	return dev->dequeue_ldpc_enc_ops(q_data, ops, num_ops);
}

If the application passes an invalid queue_id or dev_id you can easily
get garbage.

It may be worth adding some checks in all the helpers, to be sure dev_id
is valid, and same for queue_id. We do that in Vhost library to improve
robustness.

I know there is this comment:
"
  * This function does not provide any error notification to avoid the
  * corresponding overhead.
"

But to me this is not a good justification, the overhead would be
minimal.

Regards,
Maxime

>   #ifdef RTE_LIBRTE_BBDEV_DEBUG
>   	if (unlikely(ops == 0))
>   		return 0;
>   #endif
>   	desc = q->ring_addr + (q->sw_ring_tail & q->sw_ring_wrap_mask);
> -	if (unlikely(desc == NULL))
> -		return 0;
>   	op = desc->req.op_addr;
>   	if (unlikely(ops == NULL || op == NULL))
>   		return 0;

Previous message (by thread): [PATCH v1 1/1] baseband/acc: fix check after deref and dead code
Next message (by thread): [PATCH v1 1/1] baseband/acc: fix check after deref and dead code
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list