[dpdk-dev] rte mempool: division or modulo by zero
Commit Message
Fix issue reported by Coverity.
Coverity ID 13243: Division or modulo by zero
In function call rte_mempool_xmem_size, division by expression total_size
which may be zero has undefined behavior.
Fixes: 148f963fb532 ("xen: core library changes")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
---
lib/librte_mempool/rte_mempool.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
Comments
Hi Slawomir,
On 05/12/2016 02:46 PM, Slawomir Mrozowicz wrote:
> Fix issue reported by Coverity.
>
> Coverity ID 13243: Division or modulo by zero
> In function call rte_mempool_xmem_size, division by expression total_size
> which may be zero has undefined behavior.
>
> Fixes: 148f963fb532 ("xen: core library changes")
>
> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
> ---
> lib/librte_mempool/rte_mempool.c | 18 +++++++++++-------
> 1 file changed, 11 insertions(+), 7 deletions(-)
>
> diff --git a/lib/librte_mempool/rte_mempool.c b/lib/librte_mempool/rte_mempool.c
> index f8781e1..01668c1 100644
> --- a/lib/librte_mempool/rte_mempool.c
> +++ b/lib/librte_mempool/rte_mempool.c
> @@ -327,15 +327,19 @@ rte_mempool_calc_obj_size(uint32_t elt_size, uint32_t flags,
> size_t
> rte_mempool_xmem_size(uint32_t elt_num, size_t elt_sz, uint32_t pg_shift)
> {
> - size_t n, pg_num, pg_sz, sz;
> + size_t n, pg_num, pg_sz;
> + size_t sz = 0;
>
> - pg_sz = (size_t)1 << pg_shift;
> + if (elt_sz > 0) {
> + pg_sz = (size_t)1 << pg_shift;
> + n = pg_sz / elt_sz;
>
> - if ((n = pg_sz / elt_sz) > 0) {
> - pg_num = (elt_num + n - 1) / n;
> - sz = pg_num << pg_shift;
> - } else {
> - sz = RTE_ALIGN_CEIL(elt_sz, pg_sz) * elt_num;
> + if (n > 0) {
> + pg_num = (elt_num + n - 1) / n;
> + sz = pg_num << pg_shift;
> + } else {
> + sz = RTE_ALIGN_CEIL(elt_sz, pg_sz) * elt_num;
> + }
> }
>
> return sz;
>
I think it would be clearer (either for the patch and the code) to avoid
an additional indent, and do something like that:
size_t
rte_mempool_xmem_size(uint32_t elt_num, size_t elt_sz,
uint32_t pg_shift)
{
if (elt_sz == 0)
return 0;
/* same code as before */
It will also facilitate the merge with
http://patchwork.dpdk.org/dev/patchwork/patch/12057/
Could you please submit a v2 with this logic?
Thanks,
Olivier
Hi Olivier,
I try to marge my change CID 13234 with your patch 12057.
Can you tell me which is the base commit to apply the patch.
I think that I should apply your patches starting from 12834.
Regards,
Slawomir
>-----Original Message-----
>From: Olivier Matz [mailto:olivier.matz@6wind.com]
>Sent: Monday, May 16, 2016 11:23 AM
>To: Mrozowicz, SlawomirX <slawomirx.mrozowicz@intel.com>
>Cc: dev@dpdk.org
>Subject: Re: [PATCH] rte mempool: division or modulo by zero
>
>Hi Slawomir,
>
>On 05/12/2016 02:46 PM, Slawomir Mrozowicz wrote:
>> Fix issue reported by Coverity.
>>
>> Coverity ID 13243: Division or modulo by zero In function call
>> rte_mempool_xmem_size, division by expression total_size which may be
>> zero has undefined behavior.
>>
>> Fixes: 148f963fb532 ("xen: core library changes")
>>
>> Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
>> ---
>> lib/librte_mempool/rte_mempool.c | 18 +++++++++++-------
>> 1 file changed, 11 insertions(+), 7 deletions(-)
>>
>> diff --git a/lib/librte_mempool/rte_mempool.c
>> b/lib/librte_mempool/rte_mempool.c
>> index f8781e1..01668c1 100644
>> --- a/lib/librte_mempool/rte_mempool.c
>> +++ b/lib/librte_mempool/rte_mempool.c
>> @@ -327,15 +327,19 @@ rte_mempool_calc_obj_size(uint32_t elt_size,
>> uint32_t flags, size_t rte_mempool_xmem_size(uint32_t elt_num,
>> size_t elt_sz, uint32_t pg_shift) {
>> - size_t n, pg_num, pg_sz, sz;
>> + size_t n, pg_num, pg_sz;
>> + size_t sz = 0;
>>
>> - pg_sz = (size_t)1 << pg_shift;
>> + if (elt_sz > 0) {
>> + pg_sz = (size_t)1 << pg_shift;
>> + n = pg_sz / elt_sz;
>>
>> - if ((n = pg_sz / elt_sz) > 0) {
>> - pg_num = (elt_num + n - 1) / n;
>> - sz = pg_num << pg_shift;
>> - } else {
>> - sz = RTE_ALIGN_CEIL(elt_sz, pg_sz) * elt_num;
>> + if (n > 0) {
>> + pg_num = (elt_num + n - 1) / n;
>> + sz = pg_num << pg_shift;
>> + } else {
>> + sz = RTE_ALIGN_CEIL(elt_sz, pg_sz) * elt_num;
>> + }
>> }
>>
>> return sz;
>>
>
>I think it would be clearer (either for the patch and the code) to avoid an
>additional indent, and do something like that:
>
> size_t
> rte_mempool_xmem_size(uint32_t elt_num, size_t elt_sz,
> uint32_t pg_shift)
> {
> if (elt_sz == 0)
> return 0;
>
> /* same code as before */
>
>It will also facilitate the merge with
>http://patchwork.dpdk.org/dev/patchwork/patch/12057/
>
>Could you please submit a v2 with this logic?
>
>Thanks,
>Olivier
Hi Slawomir,
On 05/19/2016 12:57 PM, Mrozowicz, SlawomirX wrote:
> Hi Olivier,
>
> I try to marge my change CID 13234 with your patch 12057.
> Can you tell me which is the base commit to apply the patch.
> I think that I should apply your patches starting from 12834.
>
Yes that's correct, the v3 patchset can be found here:
http://dpdk.org/ml/archives/dev/2016-May/039229.html
Regards,
Olivier
@@ -327,15 +327,19 @@ rte_mempool_calc_obj_size(uint32_t elt_size, uint32_t flags,
size_t
rte_mempool_xmem_size(uint32_t elt_num, size_t elt_sz, uint32_t pg_shift)
{
- size_t n, pg_num, pg_sz, sz;
+ size_t n, pg_num, pg_sz;
+ size_t sz = 0;
- pg_sz = (size_t)1 << pg_shift;
+ if (elt_sz > 0) {
+ pg_sz = (size_t)1 << pg_shift;
+ n = pg_sz / elt_sz;
- if ((n = pg_sz / elt_sz) > 0) {
- pg_num = (elt_num + n - 1) / n;
- sz = pg_num << pg_shift;
- } else {
- sz = RTE_ALIGN_CEIL(elt_sz, pg_sz) * elt_num;
+ if (n > 0) {
+ pg_num = (elt_num + n - 1) / n;
+ sz = pg_num << pg_shift;
+ } else {
+ sz = RTE_ALIGN_CEIL(elt_sz, pg_sz) * elt_num;
+ }
}
return sz;