Negative array index write using variable pos as an index to array
enic->fdir.nodes. Fixed by add array index check.
Fixes: fefed3d1e62c ("enic: new driver") Coverity ID 13270
Signed-off-by: John Daley <johndale at cisco.com>
---
Here is a version 2. Differences with fix proposed by Slawomir Mrozowicz:
- handle the return code error condition for both calls to rte_hash_add_key()
not just the the 2nd one.
- no need to check for pos >= ENICPMD_FDIR_MAX since it should already be
validated by rte_hash_add_key(). rte_hash_create() takes an 'entries'
parameter which is used to cap the max return value of rte_hash_add_key().
- when pos is < 0, return the actual error (pos), instead of -EINVAL.
drivers/net/enic/enic_clsf.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/net/enic/enic_clsf.c b/drivers/net/enic/enic_clsf.c
index edb56e1..7d2bb78 100644
--- a/drivers/net/enic/enic_clsf.c
+++ b/drivers/net/enic/enic_clsf.c
@@ -148,9 +148,13 @@ int enic_fdir_add_fltr(struct enic *enic, struct
rte_eth_fdir_filter *params)
enic->fdir.nodes[pos] = NULL;
if (unlikely(key->rq_index == queue)) {
/* Nothing to be done */
+ enic->fdir.stats.f_add++;
pos = rte_hash_add_key(enic->fdir.hash, params);
+ if (pos < 0) {
+ dev_err(enic, "Add hash key failed\n");
+ return pos;
+ }
enic->fdir.nodes[pos] = key;
- enic->fdir.stats.f_add++;
dev_warning(enic,
"FDIR rule is already present\n");
return 0;
@@ -213,6 +217,11 @@ int enic_fdir_add_fltr(struct enic *enic, struct
rte_eth_fdir_filter *params)
}
pos = rte_hash_add_key(enic->fdir.hash, params);
+ if (pos < 0) {
+ dev_err(enic, "Add hash key failed\n");
+ return pos;
+ }
+
enic->fdir.nodes[pos] = key;
return 0;
}
--
2.7.0
