hw: rdma: fix an off-by-one issue

[Qemu-devel] [PATCH] hw: rdma: fix an off-by-one issue

Li Qiang posted 1 patch 5 years, 3 months ago

Download mbox

Test asan passed

Test checkpatch passed

Test docker-mingw@fedora passed

Test docker-quick@centos7 passed

Test docker-clang@ubuntu passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20190103131251.49271-1-liq3ea@163.com

hw/rdma/rdma_rm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Expand all Fold all

[Qemu-devel] [PATCH] hw: rdma: fix an off-by-one issue

Posted by Li Qiang 5 years, 3 months ago

In rdma_rm_get_backend_gid_index(), the 'sgid_idx' is used
to index the array 'dev_res->port.gid_tbl' which size is
MAX_PORT_GIDS. Current the 'sgid_idx' may be MAX_PORT_GIDS
thus cause an off-by-one issue.

Spotted by Coverity: CID 1398594

Signed-off-by: Li Qiang <liq3ea@163.com>
---
 hw/rdma/rdma_rm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/rdma/rdma_rm.c b/hw/rdma/rdma_rm.c
index f5b1295890..1bbc5f128f 100644
--- a/hw/rdma/rdma_rm.c
+++ b/hw/rdma/rdma_rm.c
@@ -576,7 +576,7 @@ int rdma_rm_del_gid(RdmaDeviceResources *dev_res, RdmaBackendDev *backend_dev,
 int rdma_rm_get_backend_gid_index(RdmaDeviceResources *dev_res,
                                   RdmaBackendDev *backend_dev, int sgid_idx)
 {
-    if (unlikely(sgid_idx < 0 || sgid_idx > MAX_PORT_GIDS)) {
+    if (unlikely(sgid_idx < 0 || sgid_idx >= MAX_PORT_GIDS)) {
         pr_dbg("Got invalid sgid_idx %d\n", sgid_idx);
         return -EINVAL;
     }
-- 
2.17.1

Re: [Qemu-devel] [PATCH] hw: rdma: fix an off-by-one issue

Posted by Marcel Apfelbaum 5 years, 3 months ago


On 1/3/19 3:12 PM, Li Qiang wrote:
> In rdma_rm_get_backend_gid_index(), the 'sgid_idx' is used
> to index the array 'dev_res->port.gid_tbl' which size is
> MAX_PORT_GIDS. Current the 'sgid_idx' may be MAX_PORT_GIDS
> thus cause an off-by-one issue.
>
> Spotted by Coverity: CID 1398594
>
> Signed-off-by: Li Qiang <liq3ea@163.com>
> ---
>   hw/rdma/rdma_rm.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/rdma/rdma_rm.c b/hw/rdma/rdma_rm.c
> index f5b1295890..1bbc5f128f 100644
> --- a/hw/rdma/rdma_rm.c
> +++ b/hw/rdma/rdma_rm.c
> @@ -576,7 +576,7 @@ int rdma_rm_del_gid(RdmaDeviceResources *dev_res, RdmaBackendDev *backend_dev,
>   int rdma_rm_get_backend_gid_index(RdmaDeviceResources *dev_res,
>                                     RdmaBackendDev *backend_dev, int sgid_idx)
>   {
> -    if (unlikely(sgid_idx < 0 || sgid_idx > MAX_PORT_GIDS)) {
> +    if (unlikely(sgid_idx < 0 || sgid_idx >= MAX_PORT_GIDS)) {
>           pr_dbg("Got invalid sgid_idx %d\n", sgid_idx);
>           return -EINVAL;
>       }

Reviewed-by: Marcel Apfelbaum<marcel.apfelbaum@gmail.com>

Thanks,
Marcel