[RFC,1/2] mbuf: add a sanity check on segment metadata

Message ID 1534176226-21911-1-git-send-email-david.marchand@6wind.com
State RFC, archived
Delegated to: Thomas Monjalon
Headers show
Series
  • [RFC,1/2] mbuf: add a sanity check on segment metadata
Related show

Checks

Context Check Description
ci/Intel-compilation success Compilation OK
ci/checkpatch success coding style OK

Commit Message

David Marchand Aug. 13, 2018, 4:03 p.m.
Add some basic check on the segments offset and length metadata:
always funny to have a < 0 tailroom cast to uint16_t ;-).

Signed-off-by: David Marchand <david.marchand@6wind.com>
---
 lib/librte_mbuf/rte_mbuf.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Olivier Matz Aug. 23, 2018, 7:39 a.m. | #1
Hi David,

On Mon, Aug 13, 2018 at 06:03:45PM +0200, David Marchand wrote:
> Add some basic check on the segments offset and length metadata:
> always funny to have a < 0 tailroom cast to uint16_t ;-).
> 
> Signed-off-by: David Marchand <david.marchand@6wind.com>
> ---
>  lib/librte_mbuf/rte_mbuf.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> index e714c5a..7eeef12 100644
> --- a/lib/librte_mbuf/rte_mbuf.c
> +++ b/lib/librte_mbuf/rte_mbuf.c
> @@ -200,6 +200,8 @@ rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
>  	pkt_len = m->pkt_len;
>  
>  	do {
> +		if (m->data_off + m->data_len > m->buf_len)
> +			rte_panic("bad segment metadata\n");

What about spliting the test into two? This would help to clarify
the error messages. I also suggest add casts to uint32 to ensure
that there is no overflow.

		if (m->data_off_len > m->buf_len)
			rte_panic("data offset too big in mbuf segment\n");
		if ((uint32_t)m->data_off + (uint32_t)m->data_len > (uint32_t)m->buf_len)
			rte_panic("data length too big in mbuf segment\n");
David Marchand Aug. 23, 2018, 7:45 a.m. | #2
On Thu, Aug 23, 2018 at 9:39 AM, Olivier Matz <olivier.matz@6wind.com> wrote:
> On Mon, Aug 13, 2018 at 06:03:45PM +0200, David Marchand wrote:
>> Add some basic check on the segments offset and length metadata:
>> always funny to have a < 0 tailroom cast to uint16_t ;-).
>>
>> Signed-off-by: David Marchand <david.marchand@6wind.com>
>> ---
>>  lib/librte_mbuf/rte_mbuf.c | 2 ++
>>  1 file changed, 2 insertions(+)
>>
>> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
>> index e714c5a..7eeef12 100644
>> --- a/lib/librte_mbuf/rte_mbuf.c
>> +++ b/lib/librte_mbuf/rte_mbuf.c
>> @@ -200,6 +200,8 @@ rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
>>       pkt_len = m->pkt_len;
>>
>>       do {
>> +             if (m->data_off + m->data_len > m->buf_len)
>> +                     rte_panic("bad segment metadata\n");
>
> What about spliting the test into two? This would help to clarify
> the error messages. I also suggest add casts to uint32 to ensure
> that there is no overflow.

Sure, will do.

Patch

diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
index e714c5a..7eeef12 100644
--- a/lib/librte_mbuf/rte_mbuf.c
+++ b/lib/librte_mbuf/rte_mbuf.c
@@ -200,6 +200,8 @@  rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
 	pkt_len = m->pkt_len;
 
 	do {
+		if (m->data_off + m->data_len > m->buf_len)
+			rte_panic("bad segment metadata\n");
 		nb_segs -= 1;
 		pkt_len -= m->data_len;
 	} while ((m = m->next) != NULL);