From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0062.outbound.protection.outlook.com [104.47.2.62]) by dpdk.org (Postfix) with ESMTP id 792707D00; Sat, 19 Aug 2017 23:24:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uZYD+xS4zSU6fCiv0xeeae340pAYyOBXTqpiWlANE1Y=; b=P06hy9VbXe76MHyBWTbhB8lbdUVnSHS3zgcD2BqWZQZekfiM8le28K5S5iDWVsKX36eFplaTuOk4a83URlB1hKYjNg4AdY2n6ai/hbVQ4Eq5BwYQYdopwLaFiUtE0eIQT/CwJgw0jy7lCosnpmq4F2N4WDuPxpdwSPyIgD5NMSo= Received: from DB6PR0502MB3048.eurprd05.prod.outlook.com (10.172.250.136) by DB6PR0502MB2920.eurprd05.prod.outlook.com (10.172.249.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1362.18; Sat, 19 Aug 2017 21:24:07 +0000 Received: from DB6PR0502MB3048.eurprd05.prod.outlook.com ([fe80::e938:efe9:effc:7ef8]) by DB6PR0502MB3048.eurprd05.prod.outlook.com ([fe80::e938:efe9:effc:7ef8%14]) with mapi id 15.01.1362.019; Sat, 19 Aug 2017 21:24:07 +0000 From: Matan Azrad To: =?iso-8859-1?Q?Ga=EBtan_Rivet?= CC: "dev@dpdk.org" , Ori Kam , "stable@dpdk.org" Thread-Topic: [PATCH] net/failsafe: fix parameters parsing Thread-Index: AQHTF20gviU1FquxMkGyQ9F2MipUdaKIrHzQgAAPZQCAABa8wIABACIAgAJbS5A= Date: Sat, 19 Aug 2017 21:24:06 +0000 Message-ID: References: <1502979581-27282-1-git-send-email-matan@mellanox.com> <20170817152546.GP8124@bidouze.vm.6wind.com> <20170817162458.GQ8124@bidouze.vm.6wind.com> <20170818090303.GS8124@bidouze.vm.6wind.com> In-Reply-To: <20170818090303.GS8124@bidouze.vm.6wind.com> Accept-Language: en-US, he-IL Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=matan@mellanox.com; x-originating-ip: [85.64.136.190] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DB6PR0502MB2920; 6:dygrkJRRty+oiQZFviBvAHu6imFwJKOC7GTpA5zNCdyYYdW58vCqmNyDjzHjADIS6gJMjR8O6djwYVNNqSUXAYdWQ21AHWLILUTZ6Fb2z9GIaKx9JRRjOz7AEkl7yh4rQEz+uINU62QYOwlz1wxtbV3r/w5wgoYqg8Hn8pu8caaIy+gWpTcv4yr9LNFwgMqJXn6Tg+HjCAf+1iLnaAgKRpLGNEKWlckos1dwdOgw7SjpTUhpSaY0emnVW/1K/jtLoefMjH8RUOy1NPn/5Wan+tPSKI0YGM6SXtXXy/TQEHEJ4KJb4muDUR7hczymIMaVwjPv5IW04dS2iPXahPcRUQ==; 5:uk4kZMy5jhUOaBeR0s8m4egXKWJbB/ZrnO1EEkJosf1xr2gS8/y4HUws+y08Kd2+SYvHk5VC4wnVuVD7QJ74mUZP7YIyoAwHJJIBqtPe5DwJ7U5bDYoEL5q1f+Vgg3FAo3dFZDeH3wVK8L5avrQJIw==; 24:e5HT2ZpeX2GblaYvztfKMWy+hy//85DT1BBGXkLEXWPqh4ESi6OR5H01Y1VRI9C0a0PIgSnQIPXwVMZ2JpSWE95eeLBIG79BGMcX4JVbiuE=; 7:xYKdwqG6YwaC9Ufcbe+E5E17+k5LrHQSo6YNQkGOz9hMFsOsEe6RZbMGQNGiLSXAQZnx416WdbQXt4gKnXjBP38IvYbzNnJWmMAbdQ/uu3rCkhhRxFw5ofisPQOGT+TEzWMrAR3khitCvKnXhTMP03BArVa55GjbqwapKmvxK4eeF+t6BH3AaiWriCbj0G/W0mJmcyXkAxIlQS8KsbTcmkyB7CJiIKpXLrkaeWOCpJU= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 7b97ff30-8d0c-4749-ee04-08d4e7489fc4 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DB6PR0502MB2920; x-ms-traffictypediagnostic: DB6PR0502MB2920: x-exchange-antispam-report-test: UriScan:(788757137089); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123560025)(20161123558100)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB6PR0502MB2920; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB6PR0502MB2920; x-forefront-prvs: 04041A2886 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(13464003)(24454002)(51914003)(189002)(199003)(377454003)(43784003)(74316002)(105586002)(5660300001)(106356001)(53546010)(86362001)(3660700001)(2906002)(3280700002)(5250100002)(7696004)(81156014)(6916009)(54356999)(2950100002)(81166006)(66066001)(8676002)(6436002)(6506006)(76176999)(229853002)(7736002)(93886005)(97736004)(189998001)(478600001)(8936002)(68736007)(101416001)(53936002)(2900100001)(33656002)(4326008)(55016002)(54906002)(99286003)(305945005)(9686003)(102836003)(14454004)(25786009)(6116002)(3846002)(50986999)(6246003)(110136004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0502MB2920; H:DB6PR0502MB3048.eurprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2017 21:24:06.8664 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0502MB2920 Subject: Re: [dpdk-dev] [PATCH] net/failsafe: fix parameters parsing X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Aug 2017 21:24:10 -0000 Hi Gaetan > -----Original Message----- > From: Ga=EBtan Rivet [mailto:gaetan.rivet@6wind.com] > Sent: Friday, August 18, 2017 12:03 PM > To: Matan Azrad > Cc: dev@dpdk.org; Ori Kam ; stable@dpdk.org > Subject: Re: [PATCH] net/failsafe: fix parameters parsing >=20 > On Thu, Aug 17, 2017 at 06:52:48PM +0000, Matan Azrad wrote: > > Hi Gaetan > > > > > -----Original Message----- > > > From: Ga=EBtan Rivet [mailto:gaetan.rivet@6wind.com] > > > Sent: Thursday, August 17, 2017 7:25 PM > > > To: Matan Azrad > > > Cc: dev@dpdk.org; Ori Kam ; stable@dpdk.org > > > Subject: Re: [PATCH] net/failsafe: fix parameters parsing > > > > > > On Thu, Aug 17, 2017 at 03:54:23PM +0000, Matan Azrad wrote: > > > > > > > > > > > > > -----Original Message----- > > > > > From: Ga=EBtan Rivet [mailto:gaetan.rivet@6wind.com] > > > > > Sent: Thursday, August 17, 2017 6:26 PM > > > > > To: Matan Azrad > > > > > Cc: dev@dpdk.org; Ori Kam ; > stable@dpdk.org > > > > > Subject: Re: [PATCH] net/failsafe: fix parameters parsing > > > > > > > > > > Hi Matan, > > > > > > > > > > Thanks for spotting the bug. > > > > > > > > > > On Thu, Aug 17, 2017 at 05:19:41PM +0300, Matan Azrad wrote: > > > > > > The corrupted code used wrongly snprintf return value as the > > > > > > number of characters actually copied, in spite of the meanning > > > > > > is the number of characters which would be generated for the > > > > > > given > > > input. > > > > > > > > > > > > It caused to remain zerod bytes between the failsafe command > > > > > > line non sub device parameters indicates end of string. > > > > > > > > > > > > Hence, when rte_kvargs_parse tried to parse all parameters, it > > > > > > got end of string after the first one and the others weren't pa= rsed. > > > > > > > > > > > > So, if the mac parameters was the first in command line it was > > > > > > taken while hotplug_poll was left default, and vice versa. > > > > > > > > > > > > The fix updates the buffer index by dedicated variable > > > > > > contains the copy size, by the way uses memcpy instead of > > > > > > snprintf which is good enouth for this copy scenario. > > > > > > > > > > Actually snprintf should still be used. > > > > > > > > > Why? > > > > We just want to copy from buffer to buffer, no needs snprintf > > > > overheads If actually we are not using complicated format. > > > > > > > > > > snprintf plays nice with strings and ensure that it will be terminate= d by a > '\0'. > > > It is generally preferable, particularly considering that the > > > parameter string we are building here is meant to be parsed by anothe= r > lib (rte_kvargs). > > > > > In this specific scenario it is not needed because we for sure know tha= t the > length doesn't pass after '\0'. > > By using memcpy we can prevent format parsing and other checks done by > snprintf. > > >=20 > This overhead is negligible. > snprintf is preferred over memcpy / strncpy in DPDK. >=20 I don't think it is negligible (think only about the switch statement=20 which should be used for format parsing). In this case we know by sure that the copy size is not dangerous and there is not justify to use snprintf function. I think also if we wouldn't know the '\0' place, it is preferred to use strlen and memcpy instead of snprintf in any uncomplicated format cases. Maybe it is behind to this fix(only enhancement) but I suggest you to replace all failsafe snprintf usages for simple formats include this fix= line after this patch. > > > > > > > > > > > > Fixes: a46f8d584eb8 ("net/failsafe: add fail-safe PMD") > > > > > > Cc: stable@dpdk.org > > > > > > > > > > > > Signed-off-by: Matan Azrad > > > > > > --- > > > > > > drivers/net/failsafe/failsafe_args.c | 14 ++++++++------ > > > > > > 1 file changed, 8 insertions(+), 6 deletions(-) > > > > > > > > > > > > diff --git a/drivers/net/failsafe/failsafe_args.c > > > > > > b/drivers/net/failsafe/failsafe_args.c > > > > > > index 1f22416..0a98b04 100644 > > > > > > --- a/drivers/net/failsafe/failsafe_args.c > > > > > > +++ b/drivers/net/failsafe/failsafe_args.c > > > > > > @@ -271,7 +271,7 @@ static int > > > > > > fs_remove_sub_devices_definition(char > params[DEVARGS_MAXLEN]) > > > { > > > > > > char buffer[DEVARGS_MAXLEN] =3D {0}; > > > > > > - size_t a, b; > > > > > > + size_t a, b, temp; > > > > > > > > > > temp is not descriptive enough. > > > > > > > > What are about a, b, i ? > > > > > > > > > You are declaring this variable here because you want to re-use > > > > > it instead of `start`. This is an overreach however, this fix > > > > > must be restricted to the actual bug. > > > > > > > > temp is helping to address the original bug, don't we want to > > > > reuse variable Instead of 2 if statement variables, maybe other na= me > for all? > > > > > > > > > > The compiler should be able to see that their use does not overlap. > > > > > > > This is new for me, thanks for the lesson. > > I will update it to len & start as you suggested. > > > > > The issue is that temp is meant to describe a length limit in one > > > branch and be a marker of a starting point in another. Thus both > > > variable should be named differently to make the intent clear. > > > > > > When declaring temp (or saved_val) in the higher-scope, you are thus > > > forced to use generic, non-descriptive name precisely because you > > > are sharing the variable between two different uses. > > > > > > > Something like: > > > > a=3D> start > > > > b=3D> end > > > > i =3D> next > > > > temp=3D> saved_val > > > > > > > > > > You didn't answer what are about my suggestions for new names instead > > of a,b and I which are not descriptive too (like temp :)) > > >=20 > Sure :) . Had I reviewed myself I would probably have asked for better > names. > I was writing the parsing utilities all at once and used the same convent= ions > throughout failsafe_args.c >=20 > There might be a patch at some point changing all those names. > But I think this is going beyond the scope of fixing the isolation of kva= rgs. My > point there is only to avoid making things worse than they are. By sure this patch is not making the things worse than they are(even v1) := ) >=20 > > > > > > > > > > > int i; > > > > > > > > > > > > a =3D 0; > > > > > > @@ -286,12 +286,14 @@ fs_remove_sub_devices_definition(char > > > > > params[DEVARGS_MAXLEN]) > > > > > > ERROR("Invalid parameter"); > > > > > > return -EINVAL; > > > > > > } > > > > > > - if (params[b] =3D=3D ',' || params[b] =3D=3D '\0') > > > > > > > > > > Declare the temporary variable in this scope, with a descriptive > > > > > name such as "len", "length", "param_len" or something close. > > > > > > > > > > > - i +=3D snprintf(&buffer[i], b - a + 1, "%s", > ¶ms[a]); > > > > > > - if (params[b] =3D=3D '(') { > > > > > > - size_t start =3D b; > > > > > > + if (params[b] =3D=3D ',' || params[b] =3D=3D '\0') { > > > > > > + temp =3D b - a + 1; > > > > > > > > > > The value here should be "b - a". > > > > > If a !=3D 0 however, then we are parsing a new parameter and > > > > > buffer already contains at least one. A comma should be added to > > > > > separate the > > > two. > > > > > > > > > > An example might clarify what I mean: > > > > > > > > > > if (params[b] =3D=3D ',' || params[b] =3D=3D '\0'= ) { > > > > > size_t param_len =3D b - a; > > > > > > > > > > if (a) > > > > > param_len +=3D 1; > > > > > snprintf(&buffer[i], param_len + 1, "%s%s= ", > > > > > a ? "," : "", ¶ms[a]); > > > > > i +=3D param_len; > > > > > } > > > > > > > > > > The conditionals about `a` are ugly however, if you find a > > > > > better way to write those you are most welcome :). > > > > > > > > > > > + memcpy(&buffer[i], ¶ms[a], temp); > > > > > > + i +=3D temp; > > > > > > + } else if (params[b] =3D=3D '(') { > > > > > > + temp =3D b; > > > > > > b +=3D closing_paren(¶ms[b]); > > > > > > - if (b =3D=3D start) > > > > > > > > > > > > > I think the last comma is harmless for next parse But I can just > > > > change the last coma to '\0' in the end of function(if exists). > > > > But, This solves another issue, don't it? Maybe in different patch= ? > > > > > > > > > > It might be harmless, but I prefer having a clean output. > > > Which other issue? Handling the commas seems in line with properly > > > copying regular parameters. > > > > Yes, but it is another issue in this specific copy (don't refer to > > snprintf return value) But, it's OK, I think them both can be handle > > by this patch :) > > > > > > > > You could certainly check for the presence of a comma, but you > > > already see how ugly the code flow would be ("if it exists"), and > > > you will keep a dirty string between two loops, with possibly other > > > branches wanting to return on error. > > > > > > I prefer having a compact, self-contained logic addressing kvargs > > > which should not leak conceptual gotcha that the next programmer > > > would need to be wary of when trying to touch the code in other parts= of > the function. > > > > > > > If we leave always b-a+1 we potentially can get the next buffer strings= : > > p1,p2...pN, > > or > > p1,p2,pN(\0) > > while i is the index of the character after a comma or '\0' > > > > so, for prevent the last comma we can override always in the end of > function(not between 2 loops) '\0' like this: > > if (i >0 ) > > /* For prevent last comma. */ > > buffer[i-1] =3D '\0'; > > instead of using 2 conditions per non sub device param - 'if(a)' and 'a= ? "," : > ""' > > I think each future programmer can easily understand it. > > > > >=20 > Sure, I agree that it would work. It would also probably be parseable. > But it depends on your implementation. I think you'll have to write this > `buffer[i-1] =3D '\0';` outside the branch dealing with proper kvargs, wh= ich > mean scattering within the rest of the function code that should be deali= ng > with how those kvargs are presented to the next stage. >=20 > I think the most constructive thing to do would be for you to write a v2 > proposing your solution. If you are able to contain all logic pertaining = to the > kvargs within this single branch along with the other remarks (keeping > snprintf, using a local "len" variable), then perfect :). Otherwise, whil= e > imperfect I proposed an alternative that should be able to do that. >=20 OK, I will create V2, thanks for this review! > > > > > The changes should be limited to the actual bug. No need to chang= e > this. > > > > > > > > > > > + if (b =3D=3D temp) > > > > > > return -EINVAL; > > > > > > b +=3D 1; > > > > > > if (params[b] =3D=3D '\0') > > > > > > -- > > > > > > 2.7.4 > > > > > > > > > > > > > > > > Thanks again for the debug and sorry for being nitpicky. > > > > > > > > > > -- > > > > > Ga=EBtan Rivet > > > > > 6WIND > > > > > > > > Regards, > > > > Matan Azrad. > > > > > > -- > > > Ga=EBtan Rivet > > > 6WIND > > > > > > Regards > > Matan Azrad. >=20 > -- > Ga=EBtan Rivet > 6WIND Regards Matan Azrad