vdpa/ifc/base: fix null pointer dereference

Fix null pointer dereference reported in coverity scan.
Output some log information when lm_cfg is null.
Make sure lm_cfg is not null before operate on lm_cfg.

Coverity issue: 378882
Fixes: d7fe5a2861e7 ("net/ifc: support live migration")
Cc: stable@dpdk.org
Signed-off-by: Andy Pei <andy.pei@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

diff --git a/drivers/vdpa/ifc/base/ifcvf.c b/drivers/vdpa/ifc/base/ifcvf.c
index 0a9f71a..f1e1474 100644 (file)
--- a/drivers/vdpa/ifc/base/ifcvf.c
+++ b/drivers/vdpa/ifc/base/ifcvf.c
@@ -87,6 +87,8 @@ next:
        }
 
        hw->lm_cfg = hw->mem_resource[4].addr;
+       if (!hw->lm_cfg)
+               WARNINGOUT("HW support live migration not support!\n");
 
        if (hw->common_cfg == NULL || hw->notify_base == NULL ||
                        hw->isr == NULL || hw->dev_cfg == NULL) {
@@ -218,17 +220,19 @@ ifcvf_hw_enable(struct ifcvf_hw *hw)
                                &cfg->queue_used_hi);
                IFCVF_WRITE_REG16(hw->vring[i].size, &cfg->queue_size);
 
-               if (hw->device_type == IFCVF_BLK)
-                       *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
-                               i * IFCVF_LM_CFG_SIZE) =
-                               (u32)hw->vring[i].last_avail_idx |
-                               ((u32)hw->vring[i].last_used_idx << 16);
-               else
-                       *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
-                               (i / 2) * IFCVF_LM_CFG_SIZE +
-                               (i % 2) * 4) =
-                               (u32)hw->vring[i].last_avail_idx |
-                               ((u32)hw->vring[i].last_used_idx << 16);
+               if (lm_cfg) {
+                       if (hw->device_type == IFCVF_BLK)
+                               *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
+                                       i * IFCVF_LM_CFG_SIZE) =
+                                       (u32)hw->vring[i].last_avail_idx |
+                                       ((u32)hw->vring[i].last_used_idx << 16);
+                       else
+                               *(u32 *)(lm_cfg + IFCVF_LM_RING_STATE_OFFSET +
+                                       (i / 2) * IFCVF_LM_CFG_SIZE +
+                                       (i % 2) * 4) =
+                                       (u32)hw->vring[i].last_avail_idx |
+                                       ((u32)hw->vring[i].last_used_idx << 16);
+               }
 
                IFCVF_WRITE_REG16(i + 1, &cfg->queue_msix_vector);
                if (IFCVF_READ_REG16(&cfg->queue_msix_vector) ==
@@ -320,6 +324,8 @@ ifcvf_enable_logging(struct ifcvf_hw *hw, u64 log_base, u64 log_size)
        u8 *lm_cfg;
 
        lm_cfg = hw->lm_cfg;
+       if (!lm_cfg)
+               return;
 
        *(u32 *)(lm_cfg + IFCVF_LM_BASE_ADDR_LOW) =
                log_base & IFCVF_32_BIT_MASK;
@@ -342,6 +348,9 @@ ifcvf_disable_logging(struct ifcvf_hw *hw)
        u8 *lm_cfg;
 
        lm_cfg = hw->lm_cfg;
+       if (!lm_cfg)
+               return;
+
        *(u32 *)(lm_cfg + IFCVF_LM_LOGGING_CTRL) = IFCVF_LM_DISABLE;
 }
 

diff --git a/drivers/vdpa/ifc/base/ifcvf_osdep.h b/drivers/vdpa/ifc/base/ifcvf_osdep.h
index 6aef25e..3d56769 100644 (file)
--- a/drivers/vdpa/ifc/base/ifcvf_osdep.h
+++ b/drivers/vdpa/ifc/base/ifcvf_osdep.h
@@ -14,6 +14,7 @@
 #include <rte_log.h>
 #include <rte_io.h>
 
+#define WARNINGOUT(S, args...)  RTE_LOG(WARNING, PMD, S, ##args)
 #define DEBUGOUT(S, args...)    RTE_LOG(DEBUG, PMD, S, ##args)
 #define STATIC                  static