* [dpdk-dev] [PATCH] mem: fix overflowed return value
@ 2016-04-22 10:44 Michal Kobylinski
2016-04-22 16:24 ` Stephen Hemminger
0 siblings, 1 reply; 4+ messages in thread
From: Michal Kobylinski @ 2016-04-22 10:44 UTC (permalink / raw)
To: thomas.monjalon, dev; +Cc: Michal Kobylinski
Fix issue reported by Coverity.
Coverity ID 13255: Overflowed return value: The return value will be too
small or even negative, likely resulting in unexpected behavior in a
caller that uses the return value. In rte_mem_virt2phy: An integer
overflow occurs, with the overflowed value used as the return value of
the function
Fixes: 3097de6e6bfb ("mem: get physical address of any pointer")
Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
---
lib/librte_eal/linuxapp/eal/eal_memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c b/lib/librte_eal/linuxapp/eal/eal_memory.c
index 5b9132c..6ceca5b 100644
--- a/lib/librte_eal/linuxapp/eal/eal_memory.c
+++ b/lib/librte_eal/linuxapp/eal/eal_memory.c
@@ -195,7 +195,7 @@ rte_mem_virt2phy(const void *virtaddr)
* the pfn (page frame number) are bits 0-54 (see
* pagemap.txt in linux Documentation)
*/
- physaddr = ((page & 0x7fffffffffffffULL) * page_size)
+ physaddr = (uint64_t)((page & 0x7fffffffffffffULL) * page_size)
+ ((unsigned long)virtaddr % page_size);
close(fd);
return physaddr;
--
1.9.1
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [dpdk-dev] [PATCH] mem: fix overflowed return value 2016-04-22 10:44 [dpdk-dev] [PATCH] mem: fix overflowed return value Michal Kobylinski @ 2016-04-22 16:24 ` Stephen Hemminger 2016-06-08 11:40 ` Mrzyglod, DanielX T 0 siblings, 1 reply; 4+ messages in thread From: Stephen Hemminger @ 2016-04-22 16:24 UTC (permalink / raw) To: Michal Kobylinski; +Cc: thomas.monjalon, dev On Fri, 22 Apr 2016 12:44:18 +0200 Michal Kobylinski <michalx.kobylinski@intel.com> wrote: > Fix issue reported by Coverity. > > Coverity ID 13255: Overflowed return value: The return value will be too > small or even negative, likely resulting in unexpected behavior in a > caller that uses the return value. In rte_mem_virt2phy: An integer > overflow occurs, with the overflowed value used as the return value of > the function > > Fixes: 3097de6e6bfb ("mem: get physical address of any pointer") > > Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com> > --- > lib/librte_eal/linuxapp/eal/eal_memory.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c b/lib/librte_eal/linuxapp/eal/eal_memory.c > index 5b9132c..6ceca5b 100644 > --- a/lib/librte_eal/linuxapp/eal/eal_memory.c > +++ b/lib/librte_eal/linuxapp/eal/eal_memory.c > @@ -195,7 +195,7 @@ rte_mem_virt2phy(const void *virtaddr) > * the pfn (page frame number) are bits 0-54 (see > * pagemap.txt in linux Documentation) > */ > - physaddr = ((page & 0x7fffffffffffffULL) * page_size) > + physaddr = (uint64_t)((page & 0x7fffffffffffffULL) * page_size) > + ((unsigned long)virtaddr % page_size); > close(fd); > return physaddr; I am not trusting any of these Coverity patches you are sending. It seems you think wraparound can be just fixed by casting, it can't ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [PATCH] mem: fix overflowed return value 2016-04-22 16:24 ` Stephen Hemminger @ 2016-06-08 11:40 ` Mrzyglod, DanielX T 2016-06-28 8:06 ` Jastrzebski, MichalX K 0 siblings, 1 reply; 4+ messages in thread From: Mrzyglod, DanielX T @ 2016-06-08 11:40 UTC (permalink / raw) To: Stephen Hemminger, Kobylinski, MichalX Cc: thomas.monjalon, dev, david.marchand >-----Original Message----- >From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Stephen Hemminger >Sent: Friday, April 22, 2016 6:25 PM >To: Kobylinski, MichalX <michalx.kobylinski@intel.com> >Cc: thomas.monjalon@6wind.com; dev@dpdk.org >Subject: Re: [dpdk-dev] [PATCH] mem: fix overflowed return value > >On Fri, 22 Apr 2016 12:44:18 +0200 >Michal Kobylinski <michalx.kobylinski@intel.com> wrote: > >> Fix issue reported by Coverity. >> >> Coverity ID 13255: Overflowed return value: The return value will be too >> small or even negative, likely resulting in unexpected behavior in a >> caller that uses the return value. In rte_mem_virt2phy: An integer >> overflow occurs, with the overflowed value used as the return value of >> the function >> >> Fixes: 3097de6e6bfb ("mem: get physical address of any pointer") >> >> Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com> >> --- >> lib/librte_eal/linuxapp/eal/eal_memory.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c >b/lib/librte_eal/linuxapp/eal/eal_memory.c >> index 5b9132c..6ceca5b 100644 >> --- a/lib/librte_eal/linuxapp/eal/eal_memory.c >> +++ b/lib/librte_eal/linuxapp/eal/eal_memory.c >> @@ -195,7 +195,7 @@ rte_mem_virt2phy(const void *virtaddr) >> * the pfn (page frame number) are bits 0-54 (see >> * pagemap.txt in linux Documentation) >> */ >> - physaddr = ((page & 0x7fffffffffffffULL) * page_size) >> + physaddr = (uint64_t)((page & 0x7fffffffffffffULL) * page_size) >> + ((unsigned long)virtaddr % page_size); >> close(fd); >> return physaddr; > >I am not trusting any of these Coverity patches you are sending. >It seems you think wraparound can be just fixed by casting, it can't >From my point of view it's False Possitive there is no chance that page_size will be bigger than long. Coverity Assume that page_size may be 18446744071562067968 but it can't. Only for glibc<2.1 we probably should change page_size = getpagesize(); to page_size = sysconf(_SC_PAGESIZE); May I change this Coverity to False Positive or I missed something ? What's your opinion ? ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [PATCH] mem: fix overflowed return value 2016-06-08 11:40 ` Mrzyglod, DanielX T @ 2016-06-28 8:06 ` Jastrzebski, MichalX K 0 siblings, 0 replies; 4+ messages in thread From: Jastrzebski, MichalX K @ 2016-06-28 8:06 UTC (permalink / raw) To: david.marchand Cc: thomas.monjalon, dev, Stephen Hemminger, Kobylinski, MichalX, Mrzyglod, DanielX T > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Mrzyglod, DanielX > T > Sent: Wednesday, June 08, 2016 1:41 PM > To: Stephen Hemminger <stephen@networkplumber.org>; Kobylinski, > MichalX <michalx.kobylinski@intel.com> > Cc: thomas.monjalon@6wind.com; dev@dpdk.org; > david.marchand@6wind.com > Subject: Re: [dpdk-dev] [PATCH] mem: fix overflowed return value > > > > >-----Original Message----- > >From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Stephen > Hemminger > >Sent: Friday, April 22, 2016 6:25 PM > >To: Kobylinski, MichalX <michalx.kobylinski@intel.com> > >Cc: thomas.monjalon@6wind.com; dev@dpdk.org > >Subject: Re: [dpdk-dev] [PATCH] mem: fix overflowed return value > > > >On Fri, 22 Apr 2016 12:44:18 +0200 > >Michal Kobylinski <michalx.kobylinski@intel.com> wrote: > > > >> Fix issue reported by Coverity. > >> > >> Coverity ID 13255: Overflowed return value: The return value will be too > >> small or even negative, likely resulting in unexpected behavior in a > >> caller that uses the return value. In rte_mem_virt2phy: An integer > >> overflow occurs, with the overflowed value used as the return value of > >> the function > >> > >> Fixes: 3097de6e6bfb ("mem: get physical address of any pointer") > >> > >> Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com> > >> --- > >> lib/librte_eal/linuxapp/eal/eal_memory.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c > >b/lib/librte_eal/linuxapp/eal/eal_memory.c > >> index 5b9132c..6ceca5b 100644 > >> --- a/lib/librte_eal/linuxapp/eal/eal_memory.c > >> +++ b/lib/librte_eal/linuxapp/eal/eal_memory.c > >> @@ -195,7 +195,7 @@ rte_mem_virt2phy(const void *virtaddr) > >> * the pfn (page frame number) are bits 0-54 (see > >> * pagemap.txt in linux Documentation) > >> */ > >> - physaddr = ((page & 0x7fffffffffffffULL) * page_size) > >> + physaddr = (uint64_t)((page & 0x7fffffffffffffULL) * page_size) > >> + ((unsigned long)virtaddr % page_size); > >> close(fd); > >> return physaddr; > > > >I am not trusting any of these Coverity patches you are sending. > >It seems you think wraparound can be just fixed by casting, it can't > > From my point of view it's False Possitive there is no chance that page_size > will be bigger than long. > Coverity Assume that page_size may be 18446744071562067968 but it can't. > > Only for glibc<2.1 we probably should change page_size = getpagesize(); to > page_size = sysconf(_SC_PAGESIZE); > May I change this Coverity to False Positive or I missed something ? What's > your opinion ? Hi David, What is Your opinion about classifying this defect as false/positive? We would like to move forward with this work. Michal ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-06-28 8:06 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-04-22 10:44 [dpdk-dev] [PATCH] mem: fix overflowed return value Michal Kobylinski 2016-04-22 16:24 ` Stephen Hemminger 2016-06-08 11:40 ` Mrzyglod, DanielX T 2016-06-28 8:06 ` Jastrzebski, MichalX K
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).