diff mbox series

[1/3] mbuf: add sanity checks on segment metadata

Message ID	20180910054547.18494-2-david.marchand@6wind.com (mailing list archive)
State	Changes Requested, archived
Delegated to:	Thomas Monjalon
Headers	From: David Marchand <david.marchand@6wind.com> To: dev@dpdk.org Cc: olivier.matz@6wind.com, wenzhuo.lu@intel.com, jingjing.wu@intel.com, bernard.iremonger@intel.com Date: Mon, 10 Sep 2018 07:45:45 +0200 Message-Id: <20180910054547.18494-2-david.marchand@6wind.com> In-Reply-To: <20180910054547.18494-1-david.marchand@6wind.com> References: <20180910054547.18494-1-david.marchand@6wind.com> Subject: [dpdk-dev] [PATCH 1/3] mbuf: add sanity checks on segment metadata Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	segment sanity checks \| [0/3] segment sanity checks [1/3] mbuf: add sanity checks on segment metadata [2/3] mbuf: add a non fatal sanity check helper [3/3] app/testpmd: add sanity checks on received/sent packets

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK

Commit Message

David Marchand Sept. 10, 2018, 5:45 a.m. UTC

  Add some basic checks on the segments offset and length metadata:
always funny to have a < 0 tailroom cast to uint16_t ;-).

Signed-off-by: David Marchand <david.marchand@6wind.com>
---
 lib/librte_mbuf/rte_mbuf.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Yongseok Koh Sept. 11, 2018, 6:16 p.m. UTC | #1

> On Sep 9, 2018, at 10:45 PM, David Marchand <david.marchand@6wind.com> wrote:
> 
> Add some basic checks on the segments offset and length metadata:
> always funny to have a < 0 tailroom cast to uint16_t ;-).
> 
> Signed-off-by: David Marchand <david.marchand@6wind.com>
> ---
> lib/librte_mbuf/rte_mbuf.c | 5 +++++
> 1 file changed, 5 insertions(+)
> 
> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> index e714c5a59..137a320ed 100644
> --- a/lib/librte_mbuf/rte_mbuf.c
> +++ b/lib/librte_mbuf/rte_mbuf.c
> @@ -200,6 +200,11 @@ rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
> 	pkt_len = m->pkt_len;
> 
> 	do {
> +		if (m->data_off > m->buf_len)
> +			rte_panic("data offset too big in mbuf segment\n");
> +		if ((uint32_t)m->data_off + (uint32_t)m->data_len >
> +				(uint32_t)m->buf_len)

Casting to uint32_t is needed? All of the three fields are uint16_t and it would
anyway happen because of the integer promotion rule. Right?


Thanks,
Yongseok

> +			rte_panic("data length too big in mbuf segment\n");
> 		nb_segs -= 1;
> 		pkt_len -= m->data_len;
> 	} while ((m = m->next) != NULL);
> -- 
> 2.17.1
>

David Marchand Sept. 13, 2018, 6:55 a.m. UTC | #2

Hello Yongseok,

On Tue, Sep 11, 2018 at 8:16 PM, Yongseok Koh <yskoh@mellanox.com> wrote:
>
>> On Sep 9, 2018, at 10:45 PM, David Marchand <david.marchand@6wind.com> wrote:
>>
>> Add some basic checks on the segments offset and length metadata:
>> always funny to have a < 0 tailroom cast to uint16_t ;-).
>>
>> Signed-off-by: David Marchand <david.marchand@6wind.com>
>> ---
>> lib/librte_mbuf/rte_mbuf.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
>> index e714c5a59..137a320ed 100644
>> --- a/lib/librte_mbuf/rte_mbuf.c
>> +++ b/lib/librte_mbuf/rte_mbuf.c
>> @@ -200,6 +200,11 @@ rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
>>       pkt_len = m->pkt_len;
>>
>>       do {
>> +             if (m->data_off > m->buf_len)
>> +                     rte_panic("data offset too big in mbuf segment\n");
>> +             if ((uint32_t)m->data_off + (uint32_t)m->data_len >
>> +                             (uint32_t)m->buf_len)
>
> Casting to uint32_t is needed? All of the three fields are uint16_t and it would
> anyway happen because of the integer promotion rule. Right?

Indeed, this is unnecessary.
Will send a v2 without this.

Olivier Matz Oct. 9, 2018, 9:11 a.m. UTC | #3

Hi David,

On Thu, Sep 13, 2018 at 08:55:40AM +0200, David Marchand wrote:
> Hello Yongseok,
> 
> On Tue, Sep 11, 2018 at 8:16 PM, Yongseok Koh <yskoh@mellanox.com> wrote:
> >
> >> On Sep 9, 2018, at 10:45 PM, David Marchand <david.marchand@6wind.com> wrote:
> >>
> >> Add some basic checks on the segments offset and length metadata:
> >> always funny to have a < 0 tailroom cast to uint16_t ;-).
> >>
> >> Signed-off-by: David Marchand <david.marchand@6wind.com>
> >> ---
> >> lib/librte_mbuf/rte_mbuf.c | 5 +++++
> >> 1 file changed, 5 insertions(+)
> >>
> >> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> >> index e714c5a59..137a320ed 100644
> >> --- a/lib/librte_mbuf/rte_mbuf.c
> >> +++ b/lib/librte_mbuf/rte_mbuf.c
> >> @@ -200,6 +200,11 @@ rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
> >>       pkt_len = m->pkt_len;
> >>
> >>       do {
> >> +             if (m->data_off > m->buf_len)
> >> +                     rte_panic("data offset too big in mbuf segment\n");
> >> +             if ((uint32_t)m->data_off + (uint32_t)m->data_len >
> >> +                             (uint32_t)m->buf_len)
> >
> > Casting to uint32_t is needed? All of the three fields are uint16_t and it would
> > anyway happen because of the integer promotion rule. Right?
> 
> Indeed, this is unnecessary.
> Will send a v2 without this.

You can add my ack in your v2 with this change.

Thanks,
Olivier

diff mbox series

Patch

diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
index e714c5a59..137a320ed 100644
--- a/lib/librte_mbuf/rte_mbuf.c
+++ b/lib/librte_mbuf/rte_mbuf.c
@@ -200,6 +200,11 @@  rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
 	pkt_len = m->pkt_len;
 
 	do {
+		if (m->data_off > m->buf_len)
+			rte_panic("data offset too big in mbuf segment\n");
+		if ((uint32_t)m->data_off + (uint32_t)m->data_len >
+				(uint32_t)m->buf_len)
+			rte_panic("data length too big in mbuf segment\n");
 		nb_segs -= 1;
 		pkt_len -= m->data_len;
 	} while ((m = m->next) != NULL);