From: HongBo Zheng <zhenghong...@huawei.com>
In function power_guest_channel_read_msg, 'lcore_id' is used before
validity check, which may cause buffer 'global_fds' accessed by index
'lcore_id' overflow.
This patch moves the validity check of 'lcore_id' before the 'lcore_id'
being used for the first time.
Fixes: 9dc843eb273b ("power: extend guest channel API for reading")
Cc: sta...@dpdk.org
Signed-off-by: HongBo Zheng <zhenghong...@huawei.com>
Signed-off-by: Min Hu (Connor) <humi...@huawei.com>
---
v2:
* "global_fds[lcore_id]" check may move before the line
"fds.fd = global_fds[lcore_id].
---
lib/power/guest_channel.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/lib/power/guest_channel.c b/lib/power/guest_channel.c
index 2f7507a..474dd92 100644
--- a/lib/power/guest_channel.c
+++ b/lib/power/guest_channel.c
@@ -166,6 +166,17 @@ int power_guest_channel_read_msg(void *pkt,
if (pkt_len == 0 || pkt == NULL)
return -1;
+ if (lcore_id >= RTE_MAX_LCORE) {
+ RTE_LOG(ERR, GUEST_CHANNEL, "Channel(%u) is out of range
0...%d\n",
+ lcore_id, RTE_MAX_LCORE-1);
+ return -1;
+ }
+
+ if (global_fds[lcore_id] < 0) {
+ RTE_LOG(ERR, GUEST_CHANNEL, "Channel is not connected\n");
+ return -1;
+ }
+
fds.fd = global_fds[lcore_id];
fds.events = POLLIN;
@@ -179,17 +190,6 @@ int power_guest_channel_read_msg(void *pkt,
return -1;
}
- if (lcore_id >= RTE_MAX_LCORE) {
- RTE_LOG(ERR, GUEST_CHANNEL, "Channel(%u) is out of range
0...%d\n",
- lcore_id, RTE_MAX_LCORE-1);
- return -1;
- }
-
- if (global_fds[lcore_id] < 0) {
- RTE_LOG(ERR, GUEST_CHANNEL, "Channel is not connected\n");
- return -1;
- }
-
while (pkt_len > 0) {
ret = read(global_fds[lcore_id],
pkt, pkt_len);
--
2.7.4
