[v3] ethdev: fix strict aliasing lead to link cannot be up
Checks
Commit Message
Fix a problem introduced by a compiler upgrade (from gcc10 to gcc12.3),
which will lead the hns3 NIC can't link up. The root cause is strict
aliasing violation in rte_eth_linkstatus_set() with hns3 driver, see
[1] for more details.
This commit use union to avoid such aliasing violation.
[1] Strict aliasing problem with rte_eth_linkstatus_set()
https://marc.info/?l=dpdk-dev&m=171274148514777&w=3
Cc: stable@dpdk.org
Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
Signed-off-by: Dengdui Huang <huangdengdui@huawei.com>
---
v3: fix checkpatch warning "missing --in-reply-to".
v2: add RTE_ATOMIC(uint64_t) wrap which address Morten's comment.
---
lib/ethdev/ethdev_driver.h | 23 +++++++----------------
lib/ethdev/rte_ethdev.h | 16 ++++++++++------
2 files changed, 17 insertions(+), 22 deletions(-)
Comments
> From: Chengwen Feng [mailto:fengchengwen@huawei.com]
> Sent: Thursday, 11 April 2024 14.04
>
> Fix a problem introduced by a compiler upgrade (from gcc10 to gcc12.3),
> which will lead the hns3 NIC can't link up. The root cause is strict
> aliasing violation in rte_eth_linkstatus_set() with hns3 driver, see
> [1] for more details.
>
> This commit use union to avoid such aliasing violation.
>
> [1] Strict aliasing problem with rte_eth_linkstatus_set()
> https://marc.info/?l=dpdk-dev&m=171274148514777&w=3
>
> Cc: stable@dpdk.org
>
> Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
> Signed-off-by: Dengdui Huang <huangdengdui@huawei.com>
>
> ---
> v3: fix checkpatch warning "missing --in-reply-to".
> v2: add RTE_ATOMIC(uint64_t) wrap which address Morten's comment.
>
> ---
> lib/ethdev/ethdev_driver.h | 23 +++++++----------------
> lib/ethdev/rte_ethdev.h | 16 ++++++++++------
> 2 files changed, 17 insertions(+), 22 deletions(-)
>
> diff --git a/lib/ethdev/ethdev_driver.h b/lib/ethdev/ethdev_driver.h
> index 0dbf2dd6a2..9d831d5c84 100644
> --- a/lib/ethdev/ethdev_driver.h
> +++ b/lib/ethdev/ethdev_driver.h
> @@ -1674,18 +1674,13 @@ static inline int
> rte_eth_linkstatus_set(struct rte_eth_dev *dev,
> const struct rte_eth_link *new_link)
> {
> - RTE_ATOMIC(uint64_t) *dev_link = (uint64_t __rte_atomic *)&(dev-
> >data->dev_link);
> - union {
> - uint64_t val64;
> - struct rte_eth_link link;
> - } orig;
> -
> - RTE_BUILD_BUG_ON(sizeof(*new_link) != sizeof(uint64_t));
> + struct rte_eth_link old_link;
>
> - orig.val64 = rte_atomic_exchange_explicit(dev_link, *(const
> uint64_t *)new_link,
> - rte_memory_order_seq_cst);
> + old_link.val64 = rte_atomic_exchange_explicit(&dev->data-
> >dev_link.val64,
You are right; old_link has local scope and is on the stack, so atomic store is not required.
And since rte_eth_linkstatus_set() is an internal function called from the driver only, it is probably safe to assume that *new_link is on the caller's stack and doesn't change while being accessed by this function.
I guess that new_link is passed by reference for performance and future-proofing reasons; it could have been passed by value instead. If it was passed by value, atomic access would certainly not be required.
In other words: You are right here too; new_link does not require atomic load.
> + new_link->val64,
> + rte_memory_order_seq_cst);
>
> - return (orig.link.link_status == new_link->link_status) ? -1 : 0;
> + return (old_link.link_status == new_link->link_status) ? -1 : 0;
> }
>
> /**
> @@ -1701,12 +1696,8 @@ static inline void
> rte_eth_linkstatus_get(const struct rte_eth_dev *dev,
> struct rte_eth_link *link)
> {
> - RTE_ATOMIC(uint64_t) *src = (uint64_t __rte_atomic *)&(dev->data-
> >dev_link);
> - uint64_t *dst = (uint64_t *)link;
> -
> - RTE_BUILD_BUG_ON(sizeof(*link) != sizeof(uint64_t));
> -
> - *dst = rte_atomic_load_explicit(src, rte_memory_order_seq_cst);
> + link->val64 = rte_atomic_load_explicit(&dev->data->dev_link.val64,
> + rte_memory_order_seq_cst);
It is not safe to assume that the link pointer points to local memory on the caller's stack.
The link pointer might point to a shared memory area, used by multiple threads/processes, so it needs to be stored atomically using rte_atomic_store_explicit(&link->val64, ..., rte_memory_order_seq_cst).
> }
>
> /**
> diff --git a/lib/ethdev/rte_ethdev.h b/lib/ethdev/rte_ethdev.h
> index 147257d6a2..ccf43e468a 100644
> --- a/lib/ethdev/rte_ethdev.h
> +++ b/lib/ethdev/rte_ethdev.h
> @@ -332,12 +332,16 @@ struct rte_eth_stats {
> /**
> * A structure used to retrieve link-level information of an Ethernet
> port.
> */
> -__extension__
> -struct __rte_aligned(8) rte_eth_link { /**< aligned for atomic64
> read/write */
> - uint32_t link_speed; /**< RTE_ETH_SPEED_NUM_ */
> - uint16_t link_duplex : 1; /**< RTE_ETH_LINK_[HALF/FULL]_DUPLEX
> */
> - uint16_t link_autoneg : 1; /**< RTE_ETH_LINK_[AUTONEG/FIXED] */
> - uint16_t link_status : 1; /**< RTE_ETH_LINK_[DOWN/UP] */
> +struct rte_eth_link {
> + union {
> + RTE_ATOMIC(uint64_t) val64; /**< used for atomic64
> read/write */
> + struct {
> + uint32_t link_speed; /**< RTE_ETH_SPEED_NUM_
> */
> + uint16_t link_duplex : 1; /**<
> RTE_ETH_LINK_[HALF/FULL]_DUPLEX */
> + uint16_t link_autoneg : 1; /**<
> RTE_ETH_LINK_[AUTONEG/FIXED] */
> + uint16_t link_status : 1; /**<
> RTE_ETH_LINK_[DOWN/UP] */
> + };
> + };
> };
>
> /**@{@name Link negotiation
> --
> 2.17.1
Hi Morten,
On 2024/4/11 20:44, Morten Brørup wrote:
>> From: Chengwen Feng [mailto:fengchengwen@huawei.com]
>> Sent: Thursday, 11 April 2024 14.04
>>
>> Fix a problem introduced by a compiler upgrade (from gcc10 to gcc12.3),
>> which will lead the hns3 NIC can't link up. The root cause is strict
>> aliasing violation in rte_eth_linkstatus_set() with hns3 driver, see
>> [1] for more details.
>>
>> This commit use union to avoid such aliasing violation.
>>
>> [1] Strict aliasing problem with rte_eth_linkstatus_set()
>> https://marc.info/?l=dpdk-dev&m=171274148514777&w=3
>>
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
>> Signed-off-by: Dengdui Huang <huangdengdui@huawei.com>
>>
>> ---
>> v3: fix checkpatch warning "missing --in-reply-to".
>> v2: add RTE_ATOMIC(uint64_t) wrap which address Morten's comment.
>>
>> ---
>> lib/ethdev/ethdev_driver.h | 23 +++++++----------------
>> lib/ethdev/rte_ethdev.h | 16 ++++++++++------
>> 2 files changed, 17 insertions(+), 22 deletions(-)
>>
>> diff --git a/lib/ethdev/ethdev_driver.h b/lib/ethdev/ethdev_driver.h
>> index 0dbf2dd6a2..9d831d5c84 100644
>> --- a/lib/ethdev/ethdev_driver.h
>> +++ b/lib/ethdev/ethdev_driver.h
>> @@ -1674,18 +1674,13 @@ static inline int
>> rte_eth_linkstatus_set(struct rte_eth_dev *dev,
>> const struct rte_eth_link *new_link)
>> {
>> - RTE_ATOMIC(uint64_t) *dev_link = (uint64_t __rte_atomic *)&(dev-
>>> data->dev_link);
>> - union {
>> - uint64_t val64;
>> - struct rte_eth_link link;
>> - } orig;
>> -
>> - RTE_BUILD_BUG_ON(sizeof(*new_link) != sizeof(uint64_t));
>> + struct rte_eth_link old_link;
>>
>> - orig.val64 = rte_atomic_exchange_explicit(dev_link, *(const
>> uint64_t *)new_link,
>> - rte_memory_order_seq_cst);
>> + old_link.val64 = rte_atomic_exchange_explicit(&dev->data-
>>> dev_link.val64,
>
> You are right; old_link has local scope and is on the stack, so atomic store is not required.
>
> And since rte_eth_linkstatus_set() is an internal function called from the driver only, it is probably safe to assume that *new_link is on the caller's stack and doesn't change while being accessed by this function.
> I guess that new_link is passed by reference for performance and future-proofing reasons; it could have been passed by value instead. If it was passed by value, atomic access would certainly not be required.
> In other words: You are right here too; new_link does not require atomic load.
>
>> + new_link->val64,
>> + rte_memory_order_seq_cst);
>>
>> - return (orig.link.link_status == new_link->link_status) ? -1 : 0;
>> + return (old_link.link_status == new_link->link_status) ? -1 : 0;
>> }
>>
>> /**
>> @@ -1701,12 +1696,8 @@ static inline void
>> rte_eth_linkstatus_get(const struct rte_eth_dev *dev,
>> struct rte_eth_link *link)
>> {
>> - RTE_ATOMIC(uint64_t) *src = (uint64_t __rte_atomic *)&(dev->data-
>>> dev_link);
>> - uint64_t *dst = (uint64_t *)link;
>> -
>> - RTE_BUILD_BUG_ON(sizeof(*link) != sizeof(uint64_t));
>> -
>> - *dst = rte_atomic_load_explicit(src, rte_memory_order_seq_cst);
>> + link->val64 = rte_atomic_load_explicit(&dev->data->dev_link.val64,
>> + rte_memory_order_seq_cst);
>
> It is not safe to assume that the link pointer points to local memory on the caller's stack.
> The link pointer might point to a shared memory area, used by multiple threads/processes, so it needs to be stored atomically using rte_atomic_store_explicit(&link->val64, ..., rte_memory_order_seq_cst).
I checked every call of rte_eth_linkstatus_get in DPDK, and all the link parameters are local variables.
The dev->data->dev_link is placed in shared memory which could access from different threads/processes, it seems no need maintain another link struct which act the same role.
So I think we should keep current impl, and not using rte_atomic_store_explicit(&link->val64,...
Thanks
>
>> }
>>
>> /**
>> diff --git a/lib/ethdev/rte_ethdev.h b/lib/ethdev/rte_ethdev.h
>> index 147257d6a2..ccf43e468a 100644
>> --- a/lib/ethdev/rte_ethdev.h
>> +++ b/lib/ethdev/rte_ethdev.h
>> @@ -332,12 +332,16 @@ struct rte_eth_stats {
>> /**
>> * A structure used to retrieve link-level information of an Ethernet
>> port.
>> */
>> -__extension__
>> -struct __rte_aligned(8) rte_eth_link { /**< aligned for atomic64
>> read/write */
>> - uint32_t link_speed; /**< RTE_ETH_SPEED_NUM_ */
>> - uint16_t link_duplex : 1; /**< RTE_ETH_LINK_[HALF/FULL]_DUPLEX
>> */
>> - uint16_t link_autoneg : 1; /**< RTE_ETH_LINK_[AUTONEG/FIXED] */
>> - uint16_t link_status : 1; /**< RTE_ETH_LINK_[DOWN/UP] */
>> +struct rte_eth_link {
>> + union {
>> + RTE_ATOMIC(uint64_t) val64; /**< used for atomic64
>> read/write */
>> + struct {
>> + uint32_t link_speed; /**< RTE_ETH_SPEED_NUM_
>> */
>> + uint16_t link_duplex : 1; /**<
>> RTE_ETH_LINK_[HALF/FULL]_DUPLEX */
>> + uint16_t link_autoneg : 1; /**<
>> RTE_ETH_LINK_[AUTONEG/FIXED] */
>> + uint16_t link_status : 1; /**<
>> RTE_ETH_LINK_[DOWN/UP] */
>> + };
>> + };
>> };
>>
>> /**@{@name Link negotiation
>> --
>> 2.17.1
>
> .
>
> From: fengchengwen [mailto:fengchengwen@huawei.com]
> Sent: Friday, 12 April 2024 05.28
[...]
> >> @@ -1701,12 +1696,8 @@ static inline void
> >> rte_eth_linkstatus_get(const struct rte_eth_dev *dev,
> >> struct rte_eth_link *link)
> >> {
> >> - RTE_ATOMIC(uint64_t) *src = (uint64_t __rte_atomic *)&(dev->data-
> >>> dev_link);
> >> - uint64_t *dst = (uint64_t *)link;
> >> -
> >> - RTE_BUILD_BUG_ON(sizeof(*link) != sizeof(uint64_t));
> >> -
> >> - *dst = rte_atomic_load_explicit(src, rte_memory_order_seq_cst);
> >> + link->val64 = rte_atomic_load_explicit(&dev->data->dev_link.val64,
> >> + rte_memory_order_seq_cst);
> >
> > It is not safe to assume that the link pointer points to local memory
> on the caller's stack.
> > The link pointer might point to a shared memory area, used by multiple
> threads/processes, so it needs to be stored atomically using
> rte_atomic_store_explicit(&link->val64, ..., rte_memory_order_seq_cst).
>
> I checked every call of rte_eth_linkstatus_get in DPDK, and all the link
> parameters are local variables.
> The dev->data->dev_link is placed in shared memory which could access
> from different threads/processes, it seems no need maintain another link
> struct which act the same role.
>
> So I think we should keep current impl, and not using
> rte_atomic_store_explicit(&link->val64,...
The application may pass a pointer to shared memory to the public rte_eth_link_get() function, which passes the pointer on to rte_eth_linkstatus_get():
https://elixir.bootlin.com/dpdk/v24.03/source/lib/ethdev/rte_ethdev.c#L2986
@@ -1674,18 +1674,13 @@ static inline int
rte_eth_linkstatus_set(struct rte_eth_dev *dev,
const struct rte_eth_link *new_link)
{
- RTE_ATOMIC(uint64_t) *dev_link = (uint64_t __rte_atomic *)&(dev->data->dev_link);
- union {
- uint64_t val64;
- struct rte_eth_link link;
- } orig;
-
- RTE_BUILD_BUG_ON(sizeof(*new_link) != sizeof(uint64_t));
+ struct rte_eth_link old_link;
- orig.val64 = rte_atomic_exchange_explicit(dev_link, *(const uint64_t *)new_link,
- rte_memory_order_seq_cst);
+ old_link.val64 = rte_atomic_exchange_explicit(&dev->data->dev_link.val64,
+ new_link->val64,
+ rte_memory_order_seq_cst);
- return (orig.link.link_status == new_link->link_status) ? -1 : 0;
+ return (old_link.link_status == new_link->link_status) ? -1 : 0;
}
/**
@@ -1701,12 +1696,8 @@ static inline void
rte_eth_linkstatus_get(const struct rte_eth_dev *dev,
struct rte_eth_link *link)
{
- RTE_ATOMIC(uint64_t) *src = (uint64_t __rte_atomic *)&(dev->data->dev_link);
- uint64_t *dst = (uint64_t *)link;
-
- RTE_BUILD_BUG_ON(sizeof(*link) != sizeof(uint64_t));
-
- *dst = rte_atomic_load_explicit(src, rte_memory_order_seq_cst);
+ link->val64 = rte_atomic_load_explicit(&dev->data->dev_link.val64,
+ rte_memory_order_seq_cst);
}
/**
@@ -332,12 +332,16 @@ struct rte_eth_stats {
/**
* A structure used to retrieve link-level information of an Ethernet port.
*/
-__extension__
-struct __rte_aligned(8) rte_eth_link { /**< aligned for atomic64 read/write */
- uint32_t link_speed; /**< RTE_ETH_SPEED_NUM_ */
- uint16_t link_duplex : 1; /**< RTE_ETH_LINK_[HALF/FULL]_DUPLEX */
- uint16_t link_autoneg : 1; /**< RTE_ETH_LINK_[AUTONEG/FIXED] */
- uint16_t link_status : 1; /**< RTE_ETH_LINK_[DOWN/UP] */
+struct rte_eth_link {
+ union {
+ RTE_ATOMIC(uint64_t) val64; /**< used for atomic64 read/write */
+ struct {
+ uint32_t link_speed; /**< RTE_ETH_SPEED_NUM_ */
+ uint16_t link_duplex : 1; /**< RTE_ETH_LINK_[HALF/FULL]_DUPLEX */
+ uint16_t link_autoneg : 1; /**< RTE_ETH_LINK_[AUTONEG/FIXED] */
+ uint16_t link_status : 1; /**< RTE_ETH_LINK_[DOWN/UP] */
+ };
+ };
};
/**@{@name Link negotiation