On 1/3/19 3:12 PM, Li Qiang wrote:
> In rdma_rm_get_backend_gid_index(), the 'sgid_idx' is used
> to index the array 'dev_res->port.gid_tbl' which size is
> MAX_PORT_GIDS. Current the 'sgid_idx' may be MAX_PORT_GIDS
> thus cause an off-by-one issue.
>
> Spotted by Coverity: CID 1398594
>
> Signed-off-by: Li Qiang <liq3ea@163.com>
> ---
> hw/rdma/rdma_rm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/rdma/rdma_rm.c b/hw/rdma/rdma_rm.c
> index f5b1295890..1bbc5f128f 100644
> --- a/hw/rdma/rdma_rm.c
> +++ b/hw/rdma/rdma_rm.c
> @@ -576,7 +576,7 @@ int rdma_rm_del_gid(RdmaDeviceResources *dev_res, RdmaBackendDev *backend_dev,
> int rdma_rm_get_backend_gid_index(RdmaDeviceResources *dev_res,
> RdmaBackendDev *backend_dev, int sgid_idx)
> {
> - if (unlikely(sgid_idx < 0 || sgid_idx > MAX_PORT_GIDS)) {
> + if (unlikely(sgid_idx < 0 || sgid_idx >= MAX_PORT_GIDS)) {
> pr_dbg("Got invalid sgid_idx %d\n", sgid_idx);
> return -EINVAL;
> }
Reviewed-by: Marcel Apfelbaum<marcel.apfelbaum@gmail.com>
Thanks,
Marcel