diff mbox series

[RFC,1/2] mbuf: add a sanity check on segment metadata

Message ID	1534176226-21911-1-git-send-email-david.marchand@6wind.com (mailing list archive)
State	RFC, archived
Delegated to:	Thomas Monjalon
Headers	From: David Marchand <david.marchand@6wind.com> To: dev@dpdk.org Cc: Thomas Monjalon <thomas@monjalon.net>, Ferruh Yigit <ferruh.yigit@intel.com>, Andrew Rybchenko <arybchenko@solarflare.com>, Olivier Matz <olivier.matz@6wind.com> Date: Mon, 13 Aug 2018 18:03:45 +0200 Message-Id: <1534176226-21911-1-git-send-email-david.marchand@6wind.com> Subject: [dpdk-dev] [RFC 1/2] mbuf: add a sanity check on segment metadata Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	[RFC,1/2] mbuf: add a sanity check on segment metadata \| [RFC,1/2] mbuf: add a sanity check on segment metadata [RFC,2/2] ethdev: check received mbufs sanity

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK

Commit Message

David Marchand Aug. 13, 2018, 4:03 p.m. UTC

  Add some basic check on the segments offset and length metadata:
always funny to have a < 0 tailroom cast to uint16_t ;-).

Signed-off-by: David Marchand <david.marchand@6wind.com>
---
 lib/librte_mbuf/rte_mbuf.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Olivier Matz Aug. 23, 2018, 7:39 a.m. UTC | #1

Hi David,

On Mon, Aug 13, 2018 at 06:03:45PM +0200, David Marchand wrote:
> Add some basic check on the segments offset and length metadata:
> always funny to have a < 0 tailroom cast to uint16_t ;-).
> 
> Signed-off-by: David Marchand <david.marchand@6wind.com>
> ---
>  lib/librte_mbuf/rte_mbuf.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> index e714c5a..7eeef12 100644
> --- a/lib/librte_mbuf/rte_mbuf.c
> +++ b/lib/librte_mbuf/rte_mbuf.c
> @@ -200,6 +200,8 @@ rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
>  	pkt_len = m->pkt_len;
>  
>  	do {
> +		if (m->data_off + m->data_len > m->buf_len)
> +			rte_panic("bad segment metadata\n");

What about spliting the test into two? This would help to clarify
the error messages. I also suggest add casts to uint32 to ensure
that there is no overflow.

		if (m->data_off_len > m->buf_len)
			rte_panic("data offset too big in mbuf segment\n");
		if ((uint32_t)m->data_off + (uint32_t)m->data_len > (uint32_t)m->buf_len)
			rte_panic("data length too big in mbuf segment\n");

David Marchand Aug. 23, 2018, 7:45 a.m. UTC | #2

On Thu, Aug 23, 2018 at 9:39 AM, Olivier Matz <olivier.matz@6wind.com> wrote:
> On Mon, Aug 13, 2018 at 06:03:45PM +0200, David Marchand wrote:
>> Add some basic check on the segments offset and length metadata:
>> always funny to have a < 0 tailroom cast to uint16_t ;-).
>>
>> Signed-off-by: David Marchand <david.marchand@6wind.com>
>> ---
>>  lib/librte_mbuf/rte_mbuf.c | 2 ++
>>  1 file changed, 2 insertions(+)
>>
>> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
>> index e714c5a..7eeef12 100644
>> --- a/lib/librte_mbuf/rte_mbuf.c
>> +++ b/lib/librte_mbuf/rte_mbuf.c
>> @@ -200,6 +200,8 @@ rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
>>       pkt_len = m->pkt_len;
>>
>>       do {
>> +             if (m->data_off + m->data_len > m->buf_len)
>> +                     rte_panic("bad segment metadata\n");
>
> What about spliting the test into two? This would help to clarify
> the error messages. I also suggest add casts to uint32 to ensure
> that there is no overflow.

Sure, will do.

diff mbox series

Patch

diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
index e714c5a..7eeef12 100644
--- a/lib/librte_mbuf/rte_mbuf.c
+++ b/lib/librte_mbuf/rte_mbuf.c
@@ -200,6 +200,8 @@  rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
 	pkt_len = m->pkt_len;
 
 	do {
+		if (m->data_off + m->data_len > m->buf_len)
+			rte_panic("bad segment metadata\n");
 		nb_segs -= 1;
 		pkt_len -= m->data_len;
 	} while ((m = m->next) != NULL);