Skip to content

Commit

Permalink
vdpa/ifc: fix build with GCC 12
Browse files Browse the repository at this point in the history 
[ upstream commit 2a213b794fdd255fde7581a7c9bd034ab39e9b6a ]

GCC 12 raises the following warning:

../drivers/vdpa/ifc/ifcvf_vdpa.c: In function ‘vdpa_enable_vfio_intr’:
../drivers/vdpa/ifc/ifcvf_vdpa.c:383:62: error: writing 4 bytes into a
    region of size 0 [-Werror=stringop-overflow=]
  383 |                         fd_ptr[RTE_INTR_VEC_RXTX_OFFSET + i] = fd;
      |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
../drivers/vdpa/ifc/ifcvf_vdpa.c:348:14: note: at offset 32 into
    destination object ‘irq_set_buf’ of size 32
  348 |         char irq_set_buf[MSIX_IRQ_SET_BUF_LEN];
      |              ^~~~~~~~~~~

Validate number of vrings to avoid out of bound access.

Bugzilla ID: 855

Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Xiao Wang <xiao.w.wang@intel.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
  • Loading branch information
@david-marchand @cpaelzer
david-marchand authored and cpaelzer committed Jul 7, 2022
1 parent b4c2dfe commit 777f883
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions drivers/net/ifc/ifcvf_vdpa.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -356,6 +356,8 @@ vdpa_enable_vfio_intr(struct ifcvf_internal *internal, bool m_rx)
vring.callfd = -1;

nr_vring = rte_vhost_get_vring_num(internal->vid);
if (nr_vring > IFCVF_MAX_QUEUES * 2)
return -1;

irq_set = (struct vfio_irq_set *)irq_set_buf;
irq_set->argsz = sizeof(irq_set_buf);
Expand Down

0 comments on commit 777f883

Please sign in to comment.