From 2a213b794fdd255fde7581a7c9bd034ab39e9b6a Mon Sep 17 00:00:00 2001 From: David Marchand Date: Wed, 18 May 2022 12:16:54 +0200 Subject: [PATCH] vdpa/ifc: fix build with GCC 12 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit GCC 12 raises the following warning: ../drivers/vdpa/ifc/ifcvf_vdpa.c: In function ‘vdpa_enable_vfio_intr’: ../drivers/vdpa/ifc/ifcvf_vdpa.c:383:62: error: writing 4 bytes into a region of size 0 [-Werror=stringop-overflow=] 383 | fd_ptr[RTE_INTR_VEC_RXTX_OFFSET + i] = fd; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~ ../drivers/vdpa/ifc/ifcvf_vdpa.c:348:14: note: at offset 32 into destination object ‘irq_set_buf’ of size 32 348 | char irq_set_buf[MSIX_IRQ_SET_BUF_LEN]; | ^~~~~~~~~~~ Validate number of vrings to avoid out of bound access. Bugzilla ID: 855 Cc: stable@dpdk.org Signed-off-by: David Marchand Acked-by: Xiao Wang Acked-by: Stephen Hemminger --- drivers/vdpa/ifc/ifcvf_vdpa.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/vdpa/ifc/ifcvf_vdpa.c b/drivers/vdpa/ifc/ifcvf_vdpa.c index 40a18b2507..8bc971cb12 100644 --- a/drivers/vdpa/ifc/ifcvf_vdpa.c +++ b/drivers/vdpa/ifc/ifcvf_vdpa.c @@ -388,6 +388,8 @@ vdpa_enable_vfio_intr(struct ifcvf_internal *internal, bool m_rx) vring.callfd = -1; nr_vring = rte_vhost_get_vring_num(internal->vid); + if (nr_vring > IFCVF_MAX_QUEUES * 2) + return -1; irq_set = (struct vfio_irq_set *)irq_set_buf; irq_set->argsz = sizeof(irq_set_buf); -- 2.20.1