[dpdk-stable] [PATCH v2] net/vmxnet3: fix dereference before null check

Jastrzebski, MichalX K michalx.k.jastrzebski at intel.com
Mon Oct 2 15:58:40 CEST 2017


> -----Original Message-----
> From: Jastrzebski, MichalX K
> Sent: Friday, September 29, 2017 3:04 PM
> To: skhare at vmware.com
> Cc: dev at dpdk.org; Jain, Deepak K <deepak.k.jain at intel.com>; Yigit, Ferruh
> <ferruh.yigit at intel.com>; Jastrzebski, MichalX K
> <michalx.k.jastrzebski at intel.com>; yongwang at vmware.com;
> stable at dpdk.org; Kulasek, TomaszX <tomaszx.kulasek at intel.com>
> Subject: [PATCH v2] net/vmxnet3: fix dereference before null check
> 
> Coverity reports check_after_deref:
> Null-checking rq suggests that it may be null, but it
> has already been dereferenced on all paths leading to
> the check.
> This patch removes NULL checking of "rq" from function
> vmxnet3_dev_rx_queue_reset as it is already checked against NULL
> one level up the callstack (function vmxnet3_dev_clear_queues).
> 
> Coverity issue: 143468
> Fixes: 5aecdc17a97d ("vmxnet3: fix stop/restart")
> Cc: yongwang at vmware.com
> Cc: stable at dpdk.org
> 
> Signed-off-by: Tomasz Kulasek <tomaszx.kulasek at intel.com>
> Signed-off-by: Michal Jastrzebski <michalx.k.jastrzebski at intel.com>
> ---
>  drivers/net/vmxnet3/vmxnet3_rxtx.c | 8 +++-----
>  1 file changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/net/vmxnet3/vmxnet3_rxtx.c
> b/drivers/net/vmxnet3/vmxnet3_rxtx.c
> index d9cf437..0f8cfff 100644
> --- a/drivers/net/vmxnet3/vmxnet3_rxtx.c
> +++ b/drivers/net/vmxnet3/vmxnet3_rxtx.c
> @@ -265,11 +265,9 @@ vmxnet3_dev_rx_queue_reset(void *rxq)
>  	struct vmxnet3_rx_data_ring *data_ring = &rq->data_ring;
>  	int size;
> 
> -	if (rq != NULL) {
> -		/* Release both the cmd_rings mbufs */
> -		for (i = 0; i < VMXNET3_RX_CMDRING_SIZE; i++)
> -			vmxnet3_rx_cmd_ring_release_mbufs(&rq-
> >cmd_ring[i]);
> -	}
> +	/* Release both the cmd_rings mbufs */
> +	for (i = 0; i < VMXNET3_RX_CMDRING_SIZE; i++)
> +		vmxnet3_rx_cmd_ring_release_mbufs(&rq->cmd_ring[i]);
> 
>  	ring0 = &rq->cmd_ring[0];
>  	ring1 = &rq->cmd_ring[1];
> --
> 2.7.4

Hi Shrikrishna Khare,
I would like to ask for a feedback regarding proposed fix.
If everything is ok with it, please send acked-by.

Best regards
Michal.


More information about the stable mailing list