From nobody Sun Feb 8 05:28:12 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1525118654167161.66830236560952; Mon, 30 Apr 2018 13:04:14 -0700 (PDT) Received: from localhost ([::1]:33157 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDF1u-0004uw-3y for importer@patchew.org; Mon, 30 Apr 2018 16:04:10 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48695) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDEzm-0003jZ-8H for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:01:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fDEzk-0005qU-BK for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:01:58 -0400 Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:42873) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fDEzk-0005q5-4l for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:01:56 -0400 Received: by mail-wr0-x243.google.com with SMTP id v5-v6so9131386wrf.9 for ; Mon, 30 Apr 2018 13:01:55 -0700 (PDT) Received: from localhost.localdomain ([176.228.154.53]) by smtp.gmail.com with ESMTPSA id u35-v6sm8455997wrc.29.2018.04.30.13.01.53 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Apr 2018 13:01:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Na7tt5ypP3vhdS/FSS9QkxMmKJOy9mgzaiPHp6SkSQM=; b=QuYb9PJQHnkezESxQcgqKuIQXxi6kWSgeakaL6iXVasZHil59EcHDfKyoyOIJ3I2Ip 5QmvOvfmssc+FXty/OguA0VavmiQ0nM9EXUIO3GZwtjKj43PyVYjkzjlooH2WbBL70YS p1PgH2xyuWeqVMDS/61NBcHtpz3Wz/ePF3CjG6RpKFnkTs55zIP2LRS/JDdvr4JKrQUj TXhzCO7Q1zDtQ6gR/pDq8dfg1+gVAsy8214ov+AynFRAOAvNI9rfFUK3nRNQXuzxKElB dVV1xh3uojFS8gdX/Q63THKpZNt1VPTafJBKdYMObNN6rLdIz0KYz9cJMylUJG/oXewy CoGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Na7tt5ypP3vhdS/FSS9QkxMmKJOy9mgzaiPHp6SkSQM=; b=fIr/j9ME7NCDxMz7Tun0bNYhFPPS8eG9HVVeZF0kM969Xuv+L1kx++AiulVXk7fgfl 9m6tTyhg+9M13y1mgKzTR1AIsCD0KOoaqX7tgytrvA+ndymD8ircQiAe/pHZ18IF37/q 66r0oDmTE1mh84klBa7FLSU9k3LiXd622QKrq52MUHWgs4uOBC+uoPHJGZ7Gr3YPCRhi w72o4BTareKNiF/zg8OkAUVUx6gu98LMv6NXzwA8miPy1J69D3MEwH0BSLbxBAl2unuo ZA9L/NiiIXKw7WSwn1m9/SAAKdHvO4v0oflLg8N+v5G5WAuULIOmHpfsWr7+p+Q8JHqf Ieeg== X-Gm-Message-State: ALQs6tCnIcrp/I/Cwh4MOFeAzPYmjI4aXY2fPL8yOUhr/RwnzS9bwHiZ 9JpCu4BD2bMkQfs0OnRwyoQteQ== X-Google-Smtp-Source: AB8JxZq1RHr1bHowsGzVu1TI2UafqQzt9qpT93rMpDYUCaVazf/dDGFVCm4iGKXhmwIpJIT7tHwTSw== X-Received: by 2002:adf:d10f:: with SMTP id a15-v6mr10330837wri.165.1525118514701; Mon, 30 Apr 2018 13:01:54 -0700 (PDT) From: Marcel Apfelbaum To: qemu-devel@nongnu.org Date: Mon, 30 Apr 2018 23:02:17 +0300 Message-Id: <20180430200223.4119-2-marcel.apfelbaum@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> References: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::243 Subject: [Qemu-devel] [PATCH 1/7] hw/rdma: Fix possible munmap call on a NULL pointer X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, yuval.shaia@oracle.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Coverity CID 1390620: we call munmap() on a NULL pointer. Reported-by: Peter Maydell Signed-off-by: Marcel Apfelbaum Reviewed-by: Yuval Shaia --- hw/rdma/vmw/pvrdma_cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c index 99019d8741..f9dd78cb27 100644 --- a/hw/rdma/vmw/pvrdma_cmd.c +++ b/hw/rdma/vmw/pvrdma_cmd.c @@ -232,7 +232,7 @@ static int create_mr(PVRDMADev *dev, union pvrdma_cmd_r= eq *req, cmd->start, cmd->length, host_virt, cmd->access_flags, &resp->mr_handle, &resp->lkey, &resp->rkey); - if (!resp->hdr.err) { + if (host_virt && !resp->hdr.err) { munmap(host_virt, cmd->length); } =20 --=20 2.14.3 From nobody Sun Feb 8 05:28:12 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1525118817093489.534887520437; Mon, 30 Apr 2018 13:06:57 -0700 (PDT) Received: from localhost ([::1]:33182 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDF4a-0007Ug-9d for importer@patchew.org; Mon, 30 Apr 2018 16:06:56 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48703) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDEzm-0003jb-Jg for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:01:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fDEzl-0005rp-T6 for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:01:58 -0400 Received: from mail-wr0-x242.google.com ([2a00:1450:400c:c0c::242]:34938) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fDEzl-0005r3-M5 for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:01:57 -0400 Received: by mail-wr0-x242.google.com with SMTP id i14-v6so5965740wre.2 for ; Mon, 30 Apr 2018 13:01:57 -0700 (PDT) Received: from localhost.localdomain ([176.228.154.53]) by smtp.gmail.com with ESMTPSA id u35-v6sm8455997wrc.29.2018.04.30.13.01.54 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Apr 2018 13:01:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lU7UKKXZzcPj4fwGn+VOvHqu6PXkpW8o/pqWdo0OC8Q=; b=I81zlNCzOc98xKSfQSe9T0Xw8tGk+8CS8OWPr3egq4hBUgpJKH8HY4ytdC7bjux/hU WZB9ZalR/KW3Q9XIKeYcv768swjAgxLsb3eWwMxIt2ArgC+k9joZIrxIUDWU1Z12KiCI OmH9y+Yhlg4s3FpmtFJvYMo++079fOwcms+ccmd54Caqt6Njwz7LP2xzlKghVVzzekR6 ug9O0EN/q1cyuBK5Fy2yzOGgsv7ctRHRq/Lyo/t1iNKWs/g7S4bKXnTjuTzE/P4Udv3d V450Vnk/wz7sH15GFrxJa4k2SHbRZMwsigg6+ZbSni5GE3FqOK2FsQdYJ61wGN5AfW0Z xslQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lU7UKKXZzcPj4fwGn+VOvHqu6PXkpW8o/pqWdo0OC8Q=; b=lz9cDxBBASWYvvxXu4FK4JiXFZDL83w7AeqGIGtPa4IoElBKmiz6srvlycJipaoPx5 uwtAaX86Sw9HUyU09NNXd77aXgp+WiyvQf1OSMBIhbO+XxAmF1IEWgd5m/g8cRZgvqL+ 8LyJMjk/gM17CLfUwKQjhjxTazO1Hd6lmrf7xP/1xLJF7/Ce2MAwIn4b1BfbV1+jIrzk bzzpyhqCg8/lYB+Ea60ZeAZfdWpoa+gzUyibcP0zOJE9rcd1eTfFbkoYVv33pIhRliIg tE1DVc6DIyXMq3onct0Cyu+/8f3bnBUPUHHN6e6Dr9puBw9/qCt9r6DHfB3sxR2VpUQE JR+w== X-Gm-Message-State: ALQs6tCM/9643phYN3B4uRcU2szfnQQn5QZqgA9W+3GGupN56jwKn/5I 9gXsw0+jLxitTALVYBBB3eiJnQ== X-Google-Smtp-Source: AB8JxZou8AoarHL2dPF83QXPJCb1bAMtYJ7lXask6wQQHIGAdU9mUbBZrdtZu2x1LNV5hKMWGzUNaQ== X-Received: by 2002:adf:abab:: with SMTP id s40-v6mr10483566wrc.259.1525118516243; Mon, 30 Apr 2018 13:01:56 -0700 (PDT) From: Marcel Apfelbaum To: qemu-devel@nongnu.org Date: Mon, 30 Apr 2018 23:02:18 +0300 Message-Id: <20180430200223.4119-3-marcel.apfelbaum@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> References: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::242 Subject: [Qemu-devel] [PATCH 2/7] hw/rdma: Fix possible usage of a NULL pointer X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, yuval.shaia@oracle.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Coverity CID 1390586; The cq handle is provided by the guest and cannot be trusted to be previuosly allocated. Fix it by exiting the completion flow. Reported-by: Peter Maydell Signed-off-by: Marcel Apfelbaum Reviewed-by: Yuval Shaia Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- hw/rdma/vmw/pvrdma_qp_ops.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/rdma/vmw/pvrdma_qp_ops.c b/hw/rdma/vmw/pvrdma_qp_ops.c index 750ade6c31..99bb51111e 100644 --- a/hw/rdma/vmw/pvrdma_qp_ops.c +++ b/hw/rdma/vmw/pvrdma_qp_ops.c @@ -216,6 +216,7 @@ void pvrdma_cq_poll(RdmaDeviceResources *dev_res, uint3= 2_t cq_handle) cq =3D rdma_rm_get_cq(dev_res, cq_handle); if (!cq) { pr_dbg("Invalid CQ# %d\n", cq_handle); + return; } =20 rdma_backend_poll_cq(dev_res, &cq->backend_cq); --=20 2.14.3 From nobody Sun Feb 8 05:28:12 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1525118654214308.1783384457219; Mon, 30 Apr 2018 13:04:14 -0700 (PDT) Received: from localhost ([::1]:33158 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDF1w-0004wo-4K for importer@patchew.org; Mon, 30 Apr 2018 16:04:12 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48720) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDEzn-0003jo-MZ for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fDEzm-0005sU-UY for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:01:59 -0400 Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:40091) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fDEzm-0005rz-Oi for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:01:58 -0400 Received: by mail-wr0-x243.google.com with SMTP id v60-v6so9125600wrc.7 for ; Mon, 30 Apr 2018 13:01:58 -0700 (PDT) Received: from localhost.localdomain ([176.228.154.53]) by smtp.gmail.com with ESMTPSA id u35-v6sm8455997wrc.29.2018.04.30.13.01.56 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Apr 2018 13:01:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PaWrojOQmXRWjeKvLmvqU8f87sNMplBW385V/J255mw=; b=cy7wkZMiWhNXd32BrUq0lSn9DJU5WsmyEXXujNONbLNo5CE5KYIknkfPIhnifJp/pR idqvTiqUfR7Rk+fJFysJPmZo4NGla9C38SkHjMHFI5xRAXvjiEYwOHQ/iv+040k2h5Sk GZ0JKN6t0V2UFJ47UGLXPvY92U/CcZRMuelKBdiXWL8f9QxoXH21SzCk/3x5aAlKXMnr Vg7/4+nqruNwvUa97EzaM+DePcT9yraQrtPBA9xRFGBDaRqvxp/ZPDRk5pe3pbyf5Xbt XMzo5/356o7HgUCzsCjitM69imfnd2he0gj6FjRca/1dnKDnF5eiN1qI1GfWeVbORwR8 Xuwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PaWrojOQmXRWjeKvLmvqU8f87sNMplBW385V/J255mw=; b=FVEdcva46pubhX2uCWOUG8EI5iWcv+Yq2lhFIq+8yxWvVBj7DULjRVWpxf/oCmlrcr f1pOC4byyx7FXuFWR8JNGZnjzwL1K/ARzlSQ+G3tQLnlx0+6fyXcSc85Qtv1g6OrrZT3 OkjrOstyGKYrvq+NCJjsDdq3kVldf1NmRyN1DkQqmZkBv8l3ADy7FXOC1gV52fZPL8o7 hgxAkXGRc1DK55oiInP1WufRM3Yf9zCZqnzZnOo2Sz2gJRMoq/lDFPjUlunwiEyunGbF JpNL0aehX4odB/r3W9iaSXtU2HvDWUFJNVL6LvrE6IxETN3zrOAKKl0CK7LXmz+G7MEE ChHg== X-Gm-Message-State: ALQs6tBvPHXXNpLpEQVfIWeiZWiRHoxqxVWfa7GsZ+0SEMRIl2olMC7G eWzXD368iHejiQUED7oeLQiOhQ== X-Google-Smtp-Source: AB8JxZrL5dNTLZTyZzmc95DR7dRGmVLzq5kFVAqYGJ9KVZdoOUbi2bK3RhkWQFCQlSv+UTEmNOi6rA== X-Received: by 2002:adf:e447:: with SMTP id t7-v6mr9720946wrm.143.1525118517488; Mon, 30 Apr 2018 13:01:57 -0700 (PDT) From: Marcel Apfelbaum To: qemu-devel@nongnu.org Date: Mon, 30 Apr 2018 23:02:19 +0300 Message-Id: <20180430200223.4119-4-marcel.apfelbaum@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> References: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::243 Subject: [Qemu-devel] [PATCH 3/7] hw/rdma: Delete port's pkey table X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, yuval.shaia@oracle.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Yuval Shaia Support for PKEY is not yet implemented. Removing the unneeded table until a support will be added. Signed-off-by: Yuval Shaia Reviewed-by: Marcel Apfelbaum --- hw/rdma/rdma_rm_defs.h | 3 +-- hw/rdma/vmw/pvrdma_main.c | 15 --------------- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/hw/rdma/rdma_rm_defs.h b/hw/rdma/rdma_rm_defs.h index fc646da61f..45503f14e0 100644 --- a/hw/rdma/rdma_rm_defs.h +++ b/hw/rdma/rdma_rm_defs.h @@ -21,7 +21,7 @@ #define MAX_PORTS 1 #define MAX_PORT_GIDS 1 #define MAX_PORT_PKEYS 1 -#define MAX_PKEYS 1 +#define MAX_PKEYS MAX_PORT_PKEYS #define MAX_GIDS 2048 #define MAX_UCS 512 #define MAX_MR_SIZE (1UL << 27) @@ -87,7 +87,6 @@ typedef struct RdmaRmQP { typedef struct RdmaRmPort { union ibv_gid gid_tbl[MAX_PORT_GIDS]; enum ibv_port_state state; - int *pkey_tbl; /* TODO: Not yet supported */ } RdmaRmPort; =20 typedef struct RdmaDeviceResources { diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c index c552248c90..994220b58e 100644 --- a/hw/rdma/vmw/pvrdma_main.c +++ b/hw/rdma/vmw/pvrdma_main.c @@ -275,15 +275,6 @@ static void init_dsr_dev_caps(PVRDMADev *dev) pr_dbg("Initialized\n"); } =20 -static void free_ports(PVRDMADev *dev) -{ - int i; - - for (i =3D 0; i < MAX_PORTS; i++) { - g_free(dev->rdma_dev_res.ports[i].gid_tbl); - } -} - static void init_ports(PVRDMADev *dev, Error **errp) { int i; @@ -292,10 +283,6 @@ static void init_ports(PVRDMADev *dev, Error **errp) =20 for (i =3D 0; i < MAX_PORTS; i++) { dev->rdma_dev_res.ports[i].state =3D IBV_PORT_DOWN; - - dev->rdma_dev_res.ports[i].pkey_tbl =3D - g_malloc0(sizeof(*dev->rdma_dev_res.ports[i].pkey_tbl) * - MAX_PORT_PKEYS); } } =20 @@ -622,8 +609,6 @@ static void pvrdma_exit(PCIDevice *pdev) =20 pvrdma_qp_ops_fini(); =20 - free_ports(dev); - rdma_rm_fini(&dev->rdma_dev_res); =20 rdma_backend_fini(&dev->backend_dev); --=20 2.14.3 From nobody Sun Feb 8 05:28:12 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1525118656458687.8563889620644; Mon, 30 Apr 2018 13:04:16 -0700 (PDT) Received: from localhost ([::1]:33159 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDF1w-0004ws-6o for importer@patchew.org; Mon, 30 Apr 2018 16:04:12 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48741) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDEzp-0003kf-2X for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fDEzo-0005tO-9B for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:01 -0400 Received: from mail-wr0-x241.google.com ([2a00:1450:400c:c0c::241]:33223) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fDEzo-0005so-3s for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:00 -0400 Received: by mail-wr0-x241.google.com with SMTP id o4-v6so9128981wrm.0 for ; Mon, 30 Apr 2018 13:01:59 -0700 (PDT) Received: from localhost.localdomain ([176.228.154.53]) by smtp.gmail.com with ESMTPSA id u35-v6sm8455997wrc.29.2018.04.30.13.01.57 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Apr 2018 13:01:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=mOBL3/tVrjzihB2tcQlm73fbfVyrymtWB3zM5FZ/oLA=; b=V0cXHagItMiGUa6xn2d++nFDtApfeyn/jkw+PO7BaQ2ctd1Zne+Ikl+QAUSQA1W7LD 43Kn2cbuBXzajijkiLZlBmqo5RTDjvJXUbAiA/dRx877mmkkyLFk9y3tZxRcEfFPcML9 krqZqvSHalbBMV3+kcc26jJbagD4sc2Jn3Fgnpzr9wQHqQ3rA2RZlXQu0T9/zaZDak6a pu6S+JX3hpoAT+d+Gt9V8h/BvcteGm1l8bs4jsj8F57sldJ2HP74ks6Z6kQhxWVmcEER lDnrG9sK8b2UZ50QhQ/+IP2TYpOd22gnrSXI6cs4PtG60Uq4GqUGM9wMN+jYdGFvOQzv EZIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=mOBL3/tVrjzihB2tcQlm73fbfVyrymtWB3zM5FZ/oLA=; b=uckxGHGd5awGkwI9v5XeGMmpughwqw6LrxFDDwxm59cPo1TR5TDIwFRveKt16T9SEI 6ju6Am1U56bs6OSfzXvGekXUN6TkHCScv3ftiRXnxvkYQwrpFoy0sBzNilRelbJdAgdC +TDmbBaVShHLksgFuDbsGc/SxSTNqc/djycCnCE8UcYAOTnWJq3Tr0Z6UawbWI0fgjgK TPQBCXhG9NvFLRD/wA4jpOmtLVh/vV24ieTEwuxjGnv7HPNn+nzGJdBB8sxgLnDYSBRr tfvJQH1VUxGpz/xZr6tVVkfD9p7bG32W1VFQq4/XTlQ1OWHeuIlMaIykHBRNLxI3btIc PkjQ== X-Gm-Message-State: ALQs6tAHakhAPRLpC3/DvZRkzUdvvg5Heh2lv4rq9v0Y3WD4aChYw00w rFy6Z2tRyIEg2FR8xPrnb+cVqg== X-Google-Smtp-Source: AB8JxZrbPOhN9LZ5pAcpecEVlbmGB2kqa6BTfRHEpLdRiTGZIqzsseSs+UgtdBH7d/ApB4VPS7Vf9A== X-Received: by 2002:adf:9cc2:: with SMTP id h2-v6mr397466wre.11.1525118518785; Mon, 30 Apr 2018 13:01:58 -0700 (PDT) From: Marcel Apfelbaum To: qemu-devel@nongnu.org Date: Mon, 30 Apr 2018 23:02:20 +0300 Message-Id: <20180430200223.4119-5-marcel.apfelbaum@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> References: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::241 Subject: [Qemu-devel] [PATCH 4/7] hw/rdma: Fix possible out of bounds access to GID table X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, yuval.shaia@oracle.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Yuval Shaia Array size is MAX_PORT_GIDS, let's make sure the given index is in range. While there limit device table size to 1. Reported-by: Peter Maydell Signed-off-by: Yuval Shaia Reviewed-by: Marcel Apfelbaum --- hw/rdma/rdma_rm_defs.h | 2 +- hw/rdma/vmw/pvrdma_cmd.c | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/hw/rdma/rdma_rm_defs.h b/hw/rdma/rdma_rm_defs.h index 45503f14e0..4d22a20e4c 100644 --- a/hw/rdma/rdma_rm_defs.h +++ b/hw/rdma/rdma_rm_defs.h @@ -20,9 +20,9 @@ =20 #define MAX_PORTS 1 #define MAX_PORT_GIDS 1 +#define MAX_GIDS MAX_PORT_GIDS #define MAX_PORT_PKEYS 1 #define MAX_PKEYS MAX_PORT_PKEYS -#define MAX_GIDS 2048 #define MAX_UCS 512 #define MAX_MR_SIZE (1UL << 27) #define MAX_QP 1024 diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c index f9dd78cb27..14255d609f 100644 --- a/hw/rdma/vmw/pvrdma_cmd.c +++ b/hw/rdma/vmw/pvrdma_cmd.c @@ -576,7 +576,7 @@ static int create_bind(PVRDMADev *dev, union pvrdma_cmd= _req *req, =20 pr_dbg("index=3D%d\n", cmd->index); =20 - if (cmd->index > MAX_PORT_GIDS) { + if (cmd->index >=3D MAX_PORT_GIDS) { return -EINVAL; } =20 @@ -603,7 +603,11 @@ static int destroy_bind(PVRDMADev *dev, union pvrdma_c= md_req *req, { struct pvrdma_cmd_destroy_bind *cmd =3D &req->destroy_bind; =20 - pr_dbg("clear index %d\n", cmd->index); + pr_dbg("index=3D%d\n", cmd->index); + + if (cmd->index >=3D MAX_PORT_GIDS) { + return -EINVAL; + } =20 memset(dev->rdma_dev_res.ports[0].gid_tbl[cmd->index].raw, 0, sizeof(dev->rdma_dev_res.ports[0].gid_tbl[cmd->index].raw)); --=20 2.14.3 From nobody Sun Feb 8 05:28:12 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 15251188161141006.2148081465392; Mon, 30 Apr 2018 13:06:56 -0700 (PDT) Received: from localhost ([::1]:33181 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDF4Z-0007T6-A5 for importer@patchew.org; Mon, 30 Apr 2018 16:06:55 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48755) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDEzq-0003lH-BO for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fDEzp-0005uV-IE for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:02 -0400 Received: from mail-wr0-x242.google.com ([2a00:1450:400c:c0c::242]:34813) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fDEzp-0005th-CA for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:01 -0400 Received: by mail-wr0-x242.google.com with SMTP id p18-v6so9135316wrm.1 for ; Mon, 30 Apr 2018 13:02:01 -0700 (PDT) Received: from localhost.localdomain ([176.228.154.53]) by smtp.gmail.com with ESMTPSA id u35-v6sm8455997wrc.29.2018.04.30.13.01.58 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Apr 2018 13:01:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WP7YJheR7gZp/nLMkwzhujaIfzdejjDjBQNUIfkZrs0=; b=ZBhszrA4uviGYZoBW9/I97e9pOkG+gjT7OTIpOlWGiEi6dNTkETXvP427ZxQumjF0f Mda3VkiK5L4a3+k/Egu3SAhT7OZ69XR+paKq8DIYCk6v9w4LubWMgEW0B936jiNsiJRY F2XHTV5jgeYUP1noVoav9kgIDgX3Yd5rBFEtS7DhQKW8vnOFSpmUA1jy1qGiIPGf2QQm dxrGtpfZZ1qOTLJFYTQcEyr4HfwlivNXHGDqdJdTK72CEpdDPtRo+p0CD33+7ThCUHAZ dwhCaAS9lpBGMF7PYs1I4OvucLns3lnXDVld19Vw4rZIuhme7l0unexdMbF95sofxq03 HlPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=WP7YJheR7gZp/nLMkwzhujaIfzdejjDjBQNUIfkZrs0=; b=bDkLEisQ+lF0cMjBAoy+dVAWUwTtUdjtqaQfRK+vSKK6RAMslthn1TYGN9+Jx+snIP yuvTN4Nt/gxKLChMSwRBiO8WOrKFo5fEDjGtF4wUtTaGsIyUjSgmf6arhe8B17E4s1wT X/sG6aw25Tzq8fBaUD+YLmecgTk7ZDOVr9lk3yQTUk/m58XVPYCLBCLnWbJe3z+NJ1eH JLIUYtM2/V2mpkKVM8chKNhlno/ZMkucJVvQTN24y9Xay4Rtfx2kNfkV5WWQBAo+hfgj 92/O5GXOn/mDcLi4GU4zaFEL7gFiNxCmT4r03/KBnNSYF2CSNKViSvvKbga8LB909UaT 6gbQ== X-Gm-Message-State: ALQs6tBR1LkBzjKBdKsRJDIRiragCQmBZDM9s5rlEON1KNWRJN+Pg1Dx fDybuiQvtXaF/mRXqodxBK7CAg== X-Google-Smtp-Source: AB8JxZpwMuuMw94mJYD9IOB5ci2nlCI61lfqYBNnny1gngwXr+FoZ7IeIIGFr2I5sPA2dva31ltKmA== X-Received: by 2002:adf:86ed:: with SMTP id 42-v6mr10457050wry.158.1525118520056; Mon, 30 Apr 2018 13:02:00 -0700 (PDT) From: Marcel Apfelbaum To: qemu-devel@nongnu.org Date: Mon, 30 Apr 2018 23:02:21 +0300 Message-Id: <20180430200223.4119-6-marcel.apfelbaum@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> References: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::242 Subject: [Qemu-devel] [PATCH 5/7] hw/rdma: Fix possible out of bounds access to regs array X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, yuval.shaia@oracle.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Yuval Shaia Coverity (CID1390589, CID1390608). Array size is RDMA_BAR1_REGS_SIZE, let's make sure the given address is in range. While there also: 1. Adjust the size of this bar to reasonable size 2. Report the size of the array with sizeof(array) Reported-by: Peter Maydell Signed-off-by: Yuval Shaia Reviewed-by: Marcel Apfelbaum --- hw/rdma/vmw/pvrdma.h | 6 +++--- hw/rdma/vmw/pvrdma_main.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hw/rdma/vmw/pvrdma.h b/hw/rdma/vmw/pvrdma.h index 8c173cb824..0b46dc5a9b 100644 --- a/hw/rdma/vmw/pvrdma.h +++ b/hw/rdma/vmw/pvrdma.h @@ -31,7 +31,7 @@ #define RDMA_REG_BAR_IDX 1 #define RDMA_UAR_BAR_IDX 2 #define RDMA_BAR0_MSIX_SIZE (16 * 1024) -#define RDMA_BAR1_REGS_SIZE 256 +#define RDMA_BAR1_REGS_SIZE 64 #define RDMA_BAR2_UAR_SIZE (0x1000 * MAX_UCS) /* each uc gets page */ =20 /* MSIX */ @@ -86,7 +86,7 @@ static inline int get_reg_val(PVRDMADev *dev, hwaddr addr= , uint32_t *val) { int idx =3D addr >> 2; =20 - if (idx > RDMA_BAR1_REGS_SIZE) { + if (idx >=3D RDMA_BAR1_REGS_SIZE) { return -EINVAL; } =20 @@ -99,7 +99,7 @@ static inline int set_reg_val(PVRDMADev *dev, hwaddr addr= , uint32_t val) { int idx =3D addr >> 2; =20 - if (idx > RDMA_BAR1_REGS_SIZE) { + if (idx >=3D RDMA_BAR1_REGS_SIZE) { return -EINVAL; } =20 diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c index 994220b58e..3ed7409763 100644 --- a/hw/rdma/vmw/pvrdma_main.c +++ b/hw/rdma/vmw/pvrdma_main.c @@ -449,14 +449,14 @@ static void init_bars(PCIDevice *pdev) /* BAR 1 - Registers */ memset(&dev->regs_data, 0, sizeof(dev->regs_data)); memory_region_init_io(&dev->regs, OBJECT(dev), ®s_ops, dev, - "pvrdma-regs", RDMA_BAR1_REGS_SIZE); + "pvrdma-regs", sizeof(dev->regs_data)); pci_register_bar(pdev, RDMA_REG_BAR_IDX, PCI_BASE_ADDRESS_SPACE_MEMORY, &dev->regs); =20 /* BAR 2 - UAR */ memset(&dev->uar_data, 0, sizeof(dev->uar_data)); memory_region_init_io(&dev->uar, OBJECT(dev), &uar_ops, dev, "rdma-uar= ", - RDMA_BAR2_UAR_SIZE); + sizeof(dev->uar_data)); pci_register_bar(pdev, RDMA_UAR_BAR_IDX, PCI_BASE_ADDRESS_SPACE_MEMORY, &dev->uar); } --=20 2.14.3 From nobody Sun Feb 8 05:28:12 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1525118966253527.8397587992193; Mon, 30 Apr 2018 13:09:26 -0700 (PDT) Received: from localhost ([::1]:33193 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDF6t-00016H-RJ for importer@patchew.org; Mon, 30 Apr 2018 16:09:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48771) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDEzr-0003mh-Ny for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fDEzq-0005vG-Ss for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:03 -0400 Received: from mail-wm0-x241.google.com ([2a00:1450:400c:c09::241]:39291) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fDEzq-0005uk-ME for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:02 -0400 Received: by mail-wm0-x241.google.com with SMTP id f8so5600710wmc.4 for ; Mon, 30 Apr 2018 13:02:02 -0700 (PDT) Received: from localhost.localdomain ([176.228.154.53]) by smtp.gmail.com with ESMTPSA id u35-v6sm8455997wrc.29.2018.04.30.13.02.00 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Apr 2018 13:02:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Sdj+EajAYAErTPrG5OrM+pOsun/qTmTifTmWwUJVAtw=; b=kevST0EhzpssV7ETTFUxeVVmdxvZoU3hWFD0DzGc+bQ39AkQnPUy1CWkhgOJACW+BH i+02jYPOzD6XjVF4HC6Bd7r+7H+K1s/fW5jryQUGMQPHaiRgZN48G4wjcdJyNy090irV wf2FrUKrgsUZaQPMkme63LVXj8Ik+wxXUNTSArM0olZAv3p3CC1J3llDxdqmdjP/wXuJ NQxID1ODnayeMzSrb8EMlO4/Xplu3yVvgUp/tMX4WYGIUleSAGHeWBG+xHfibGXY7Frm 0Sax1NmIMYUMANVkbGk2QoXaqcXIhQ658Sx5rJT3qygtZNPJx4MicReimrF2KuhDwf+S k9WA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Sdj+EajAYAErTPrG5OrM+pOsun/qTmTifTmWwUJVAtw=; b=GOrDUFSgsiF7Aujnpssder//tFV4j2QBGZ6GQzhsy18TtI++NPDlQYABkLpXruZrY5 LL9kLB2C7ETJLa8ihIkX9WAA5yeSx2bN/q1CCOgXdloZ14DnekBx9xh2gbzG3BA4DiQJ /A4u475FkltRjrJU0AzVtWrJOdVbg9MT7/lziVlCO23qtk1Po9DJjkYiZ1btyzlkRjPM Ya4Kgr5uyclakc3SBbGArSBtFT1s86FTX96kg+TiU9hxRrR4JOmbop6jzSY5OPps4M3v wIkbNLEL05fxDfO4EnILKlaDpBN1sYmqtu+ktUgGwjA2p8FUo7h69ptM8e5pwkGWYpcX y+Jg== X-Gm-Message-State: ALQs6tAUkTJKzDLMLonhF6QOnHVlCiJg4gAk7txLI4prUy3oa5REY+7+ PbqsI2cd8sXvemkQH72Zy30/Nw== X-Google-Smtp-Source: AB8JxZr9c7uD8h/o+WcqTRWnQgtB3TCPvu25AwPH9C9pUhTwTuM8mfXVXk1X60u0PQAW3CdqR90uSQ== X-Received: by 10.28.31.71 with SMTP id f68mr7669839wmf.4.1525118521283; Mon, 30 Apr 2018 13:02:01 -0700 (PDT) From: Marcel Apfelbaum To: qemu-devel@nongnu.org Date: Mon, 30 Apr 2018 23:02:22 +0300 Message-Id: <20180430200223.4119-7-marcel.apfelbaum@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> References: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c09::241 Subject: [Qemu-devel] [PATCH 6/7] hw/rdma: Delete duplicate definition of MAX_RM_TBL_NAME X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, yuval.shaia@oracle.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Yuval Shaia By a mistake this constant was defined twice - remove the duplication. Signed-off-by: Yuval Shaia Reviewed-by: Marcel Apfelbaum --- hw/rdma/rdma_rm.c | 2 -- hw/rdma/rdma_rm_defs.h | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/hw/rdma/rdma_rm.c b/hw/rdma/rdma_rm.c index 51a47d7292..415da15efe 100644 --- a/hw/rdma/rdma_rm.c +++ b/hw/rdma/rdma_rm.c @@ -21,8 +21,6 @@ #include "rdma_backend.h" #include "rdma_rm.h" =20 -#define MAX_RM_TBL_NAME 16 - /* Page directory and page tables */ #define PG_DIR_SZ { TARGET_PAGE_SIZE / sizeof(__u64) } #define PG_TBL_SZ { TARGET_PAGE_SIZE / sizeof(__u64) } diff --git a/hw/rdma/rdma_rm_defs.h b/hw/rdma/rdma_rm_defs.h index 4d22a20e4c..226011176d 100644 --- a/hw/rdma/rdma_rm_defs.h +++ b/hw/rdma/rdma_rm_defs.h @@ -34,9 +34,9 @@ #define MAX_QP_INIT_RD_ATOM 16 #define MAX_AH 64 =20 -#define MAX_RMRESTBL_NAME_SZ 16 +#define MAX_RM_TBL_NAME 16 typedef struct RdmaRmResTbl { - char name[MAX_RMRESTBL_NAME_SZ]; + char name[MAX_RM_TBL_NAME]; QemuMutex lock; unsigned long *bitmap; size_t tbl_sz; --=20 2.14.3 From nobody Sun Feb 8 05:28:12 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1525118970001901.1903521378746; Mon, 30 Apr 2018 13:09:30 -0700 (PDT) Received: from localhost ([::1]:33192 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDF6t-00016A-4s for importer@patchew.org; Mon, 30 Apr 2018 16:09:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48808) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fDEzv-0003q4-67 for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fDEzs-0005w0-2j for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:07 -0400 Received: from mail-wr0-x242.google.com ([2a00:1450:400c:c0c::242]:46807) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fDEzr-0005vd-Sn for qemu-devel@nongnu.org; Mon, 30 Apr 2018 16:02:04 -0400 Received: by mail-wr0-x242.google.com with SMTP id o2-v6so6222091wrj.13 for ; Mon, 30 Apr 2018 13:02:03 -0700 (PDT) Received: from localhost.localdomain ([176.228.154.53]) by smtp.gmail.com with ESMTPSA id u35-v6sm8455997wrc.29.2018.04.30.13.02.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Apr 2018 13:02:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=7ugAkZJhfcx2u404ZDEySVaLZ85tbo/HJHmayOZiSLs=; b=eUBxsNgSMtqrMXSdRhj+GBRg1Dzf7GrumAtJtEDwOy3iW6raWcJTq3W6l/b3/cTLtI 21k/Bfd+JQHi461hBuC8HpMNn+KPYjTXd9NaK+prCl81PnftWf69rm4gMT+ZIv9iMrps thswYFZElJiWRF9+NdM9JKI4tDbjTLbmAj5flA4X63nsuWsaPBN72qzYfpk0TbNkGZuQ CdLw8sHmIP8l6tZiKmur98qt7hDXC3Psv3lMDdtDQYwGOWCR3mcBENfiF28uBhm9YFwr gNuhCWU7WhyoDzuqNMHKwYiUr686o0mV09HuGExPHA1l0PUcC94OCfjIpB/LUUmA9xs9 shwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=7ugAkZJhfcx2u404ZDEySVaLZ85tbo/HJHmayOZiSLs=; b=mrCmcXDClxqefab4pKjVg38VTIhG6Td3JS2vOYuOs7aZVxhBTBJoxV7sj2AFe2uH19 nV4kOTSov2YnPxASlqVdbJNUKVdeHXBB1LmBvqyWs1LpI7d4ZiQ8Vwm0q3cNAMQ2WQTv Y92+M7pfrt94+DnvPdYbEiPx0/PAaaT1nfbEioZr9Gx7vkWpYNaNsek93vAZvH9BdkDo VgmasSP5D/OSy0qNOPrf2OoX2Ha9Ly1kgLtWuNpLroXbv3+5k/5hqZErDF9ee6itHOYM UDLKNSecJAVLX1rkI4zmHc+QAfQUJUcr4wa/WZYT6qr/Y332tUehytok5A2D16zzMlWp mx4Q== X-Gm-Message-State: ALQs6tDiVXbHHBeAJwLitviRbk/6V0W/Uf9WLEJFWACpoqSyh+1oZulk a1EvoyKmzZ6WvjjpiF6tTEdyzw== X-Google-Smtp-Source: AB8JxZodR63eDS+5dxs2WpWEYXpw0Yh2Cu+Q8Zye/5t3Xjn3PqA3rukct/9wIbvzVE67HppZRfUGtA== X-Received: by 2002:adf:85dd:: with SMTP id 29-v6mr9792316wru.120.1525118522586; Mon, 30 Apr 2018 13:02:02 -0700 (PDT) From: Marcel Apfelbaum To: qemu-devel@nongnu.org Date: Mon, 30 Apr 2018 23:02:23 +0300 Message-Id: <20180430200223.4119-8-marcel.apfelbaum@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> References: <20180430200223.4119-1-marcel.apfelbaum@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::242 Subject: [Qemu-devel] [PATCH 7/7] hw/rdma: Fix possible out of bounds access to port GID index X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, yuval.shaia@oracle.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Make sure the backend GID index is less then port's git table length. Signed-off-by: Marcel Apfelbaum Reviewed-by: Yuval Shaia --- hw/rdma/rdma_backend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c index 5c7b3d8949..e9ced6f9ef 100644 --- a/hw/rdma/rdma_backend.c +++ b/hw/rdma/rdma_backend.c @@ -774,7 +774,7 @@ int rdma_backend_init(RdmaBackendDev *backend_dev, goto out_destroy_comm_channel; } =20 - if (backend_dev->backend_gid_idx > port_attr.gid_tbl_len) { + if (backend_dev->backend_gid_idx >=3D port_attr.gid_tbl_len) { error_setg(errp, "Invalid backend_gid_idx, should be less than %d", port_attr.gid_tbl_len); goto out_destroy_comm_channel; --=20 2.14.3