From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5A7E0A00BE; Tue, 14 Jun 2022 11:25:08 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 423D042802; Tue, 14 Jun 2022 11:25:08 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mails.dpdk.org (Postfix) with ESMTP id 5546A4068E; Tue, 14 Jun 2022 11:25:07 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1655198707; x=1686734707; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=SD7xs4QbUgxUSGAVmf+jkNaJqMcud60urPBHHANClwI=; b=ZMKUNGTnqXujnXRxnost4IWffHCJsPpqRIdOoQ9hODi7iYKit4nsPUi4 al1mf9PamdVr4A1Cd1NlFF//yHpmaNlcFV5g9/Cq4m/D29d+C6QKRChTh Hn881EtouAf/yxoBhChvVIAoet+v7K220RhvOkehEjJchMH3qtSYqLE7N TxI+AW63f9NR2h3TWeI/lEbmYzmHrOpPdZj9MR7HmGwWE6CMZYLY2wXon t3388Gy9czaV1sICrcsvltraTktdEoFQHpU72ny8kukB5ROzU6ISEmFfA YRV90asUauv+P6ihyQ+QAcefl6HABIqcptA3Q0qhpS5yGUB9BVPh6RbvR g==; X-IronPort-AV: E=McAfee;i="6400,9594,10377"; a="267249512" X-IronPort-AV: E=Sophos;i="5.91,299,1647327600"; d="scan'208";a="267249512" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jun 2022 02:25:06 -0700 X-IronPort-AV: E=Sophos;i="5.91,299,1647327600"; d="scan'208";a="582615809" Received: from bricha3-mobl.ger.corp.intel.com ([10.55.133.106]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA; 14 Jun 2022 02:25:03 -0700 Date: Tue, 14 Jun 2022 10:25:00 +0100 From: Bruce Richardson To: David Marchand Cc: Fan Zhang , Maxime Coquelin , Chenbo Xia , dev , Thomas Monjalon , Ferruh Yigit , dpdk stable Subject: Re: [PATCH 10/12] vhost/crypto: fix build with GCC 12 Message-ID: References: <20220518101657.1230416-1-david.marchand@redhat.com> <20220518101657.1230416-11-david.marchand@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On Tue, Jun 14, 2022 at 11:22:24AM +0200, David Marchand wrote: > On Thu, Jun 2, 2022 at 12:09 PM Bruce Richardson > wrote: > > > > On Wed, May 18, 2022 at 12:16:55PM +0200, David Marchand wrote: > > > GCC 12 raises the following warning: > > > > > > In file included from ../lib/mempool/rte_mempool.h:46, > > > from ../lib/mbuf/rte_mbuf.h:38, > > > from ../lib/vhost/vhost_crypto.c:7: > > > ../lib/vhost/vhost_crypto.c: In function ‘rte_vhost_crypto_fetch_requests’: > > > ../lib/eal/x86/include/rte_memcpy.h:371:9: warning: array subscript 1 is > > > outside array bounds of ‘struct virtio_crypto_op_data_req[1]’ > > > [-Warray-bounds] > > > 371 | rte_mov32((uint8_t *)dst + 3 * 32, (const uint8_t *)src + 3 * 32); > > > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > ../lib/vhost/vhost_crypto.c:1178:42: note: while referencing ‘req’ > > > 1178 | struct virtio_crypto_op_data_req req; > > > | ^~~ > > > > > > Check that copied length is within req boundaries. > > > > > > Fixes: 3c79609fda7c ("vhost/crypto: handle virtually non-contiguous buffers") > > > Cc: stable@dpdk.org > > > > > > Signed-off-by: David Marchand > > > --- > > > lib/vhost/vhost_crypto.c | 8 ++++---- > > > 1 file changed, 4 insertions(+), 4 deletions(-) > > > > > > diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c > > > index b1c0eb6a0f..83325b7042 100644 > > > --- a/lib/vhost/vhost_crypto.c > > > +++ b/lib/vhost/vhost_crypto.c > > > @@ -576,16 +576,16 @@ copy_data(void *dst_data, struct vhost_crypto_data_req *vc_req, > > > uint32_t to_copy; > > > uint8_t *data = dst_data; > > > uint8_t *src; > > > - int left = size; > > > + uint32_t left = size; > > > > > > - to_copy = RTE_MIN(desc->len, (uint32_t)left); > > > + to_copy = RTE_MIN(desc->len, left); > > > dlen = to_copy; > > > src = IOVA_TO_VVA(uint8_t *, vc_req, desc->addr, &dlen, > > > VHOST_ACCESS_RO); > > > > Tracking the functions which end up being called by this macro, the dlen > > parameter ends up being of type "uint64_t *", passing a value of int * or > > uint32_t * seems wrong to me. If we are changing the type from int to > > uint32_t, I think it should be promoted all the way to uint64_t. > > Indeed. > I'll update in v2. > > We already had some CVE on this part of the code, a careful review is needed. > > > > > > > - if (unlikely(!src || !dlen)) > > > + if (unlikely(!src || !dlen || dlen > left)) > > > return -1; > > > > > > > If this change is omitted, does the compiler still give warnings. Looking > > through the called code, the dlen parameter can only ever be reduced, not > > incremented (function rte_vhost_va_from_guest_pa() in rte_vhost.h). > > If I promote to_copy and left variables as uint64_t, gcc is still > unhappy, for the same reason. > The check on dlen > left seems necessary. > > Ok, just thought I'd ask anyway. I wonder if we need to check for wrap-around in the reduction case, since we are dealing with unsigned values. This additional check should catch that anyway if it does occur. /Bruce