From 1fe00fd358c0b5cab798010a69e758bfead9fd84 Mon Sep 17 00:00:00 2001 From: Hongbo Zheng Date: Wed, 12 May 2021 10:19:19 +0800 Subject: [PATCH] power: fix sanity checks for guest channel read In function power_guest_channel_read_msg, 'lcore_id' is used before validity check, which may cause buffer 'global_fds' accessed by index 'lcore_id' overflow. This patch moves the validity check of 'lcore_id' before the 'lcore_id' being used for the first time. Fixes: 9dc843eb273b ("power: extend guest channel API for reading") Cc: stable@dpdk.org Signed-off-by: Hongbo Zheng Signed-off-by: Min Hu (Connor) Reviewed-by: Reshma Pattan Acked-by: David Hunt --- lib/power/guest_channel.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/power/guest_channel.c b/lib/power/guest_channel.c index 2f7507a03c..474dd92998 100644 --- a/lib/power/guest_channel.c +++ b/lib/power/guest_channel.c @@ -166,6 +166,17 @@ int power_guest_channel_read_msg(void *pkt, if (pkt_len == 0 || pkt == NULL) return -1; + if (lcore_id >= RTE_MAX_LCORE) { + RTE_LOG(ERR, GUEST_CHANNEL, "Channel(%u) is out of range 0...%d\n", + lcore_id, RTE_MAX_LCORE-1); + return -1; + } + + if (global_fds[lcore_id] < 0) { + RTE_LOG(ERR, GUEST_CHANNEL, "Channel is not connected\n"); + return -1; + } + fds.fd = global_fds[lcore_id]; fds.events = POLLIN; @@ -179,17 +190,6 @@ int power_guest_channel_read_msg(void *pkt, return -1; } - if (lcore_id >= RTE_MAX_LCORE) { - RTE_LOG(ERR, GUEST_CHANNEL, "Channel(%u) is out of range 0...%d\n", - lcore_id, RTE_MAX_LCORE-1); - return -1; - } - - if (global_fds[lcore_id] < 0) { - RTE_LOG(ERR, GUEST_CHANNEL, "Channel is not connected\n"); - return -1; - } - while (pkt_len > 0) { ret = read(global_fds[lcore_id], pkt, pkt_len); -- 2.20.1