From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephen Hemminger Subject: [RFT] vmxnet3: coverity reported defect Date: Thu, 5 Apr 2018 08:36:18 -0700 Message-ID: <20180405083618.61509f5d@xeon-e3> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: dev@dpdk.org To: ferruh.yigit@intel.com Return-path: Received: from mail-pl0-f44.google.com (mail-pl0-f44.google.com [209.85.160.44]) by dpdk.org (Postfix) with ESMTP id 616DD1CC99 for ; Thu, 5 Apr 2018 17:36:21 +0200 (CEST) Received: by mail-pl0-f44.google.com with SMTP id v18-v6so17659169ply.12 for ; Thu, 05 Apr 2018 08:36:21 -0700 (PDT) List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" I noticed Coverity defect in DPDK number 124563 was assigned to me. It looks like vmxnet3 driver code doesn't handle case where host incorrectly sends a frame with out setting SOP bit in first segment. This would lead to rxq->start_seq being NULL. Maybe something like this would fix it. I don't have VMware (or time) to test. diff --git a/drivers/net/vmxnet3/vmxnet3_rxtx.c b/drivers/net/vmxnet3/vmxnet3_rxtx.c index 57557492e0f5..3118d94add90 100644 --- a/drivers/net/vmxnet3/vmxnet3_rxtx.c +++ b/drivers/net/vmxnet3/vmxnet3_rxtx.c @@ -813,6 +813,13 @@ vmxnet3_recv_pkts(void *rx_queue, struct rte_mbuf **rx_pkts, uint16_t nb_pkts) RTE_ASSERT(rxd->btype == VMXNET3_RXD_BTYPE_BODY); + if (unlikely(start == NULL)) { + PMD_RX_LOG(ERR, "Missing sop"); + + rte_pktmbuf_free_seg(rxm); + goto rcd_done; + } + start->pkt_len += rxm->data_len; start->nb_segs++; PS: the email for the VMXNET3 maintainer Shrikrishna Khare bounces.