From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3ED4AA0546; Fri, 30 Apr 2021 11:30:26 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0DDA14014F; Fri, 30 Apr 2021 11:30:26 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mails.dpdk.org (Postfix) with ESMTP id D171D4013F for ; Fri, 30 Apr 2021 11:30:23 +0200 (CEST) IronPort-SDR: 2XdIo3LHyLXXRNmf/63XCbRxCqrKYAkai0FyYECcyQrtW40qc9xB09dLd9/asOX1xGgSTOCI8L UCck4rbOragA== X-IronPort-AV: E=McAfee;i="6200,9189,9969"; a="194048972" X-IronPort-AV: E=Sophos;i="5.82,262,1613462400"; d="scan'208";a="194048972" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Apr 2021 02:30:22 -0700 IronPort-SDR: /I3c7870VOekREkU8FhR/IeA7h1PzxQ1eE8MD6KJs8JOEIyEPleKCRM6xfB8Q3Z4NUfPSzGa6f Sn6E/ocfgpKQ== X-IronPort-AV: E=Sophos;i="5.82,262,1613462400"; d="scan'208";a="404532267" Received: from fyigit-mobl1.ger.corp.intel.com (HELO [10.213.242.68]) ([10.213.242.68]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Apr 2021 02:30:21 -0700 To: "Min Hu (Connor)" , dev@dpdk.org References: <1619083366-63417-1-git-send-email-humin29@huawei.com> <1619487643-27708-1-git-send-email-humin29@huawei.com> <784170e4-7bf0-adf2-3d60-8472603802cc@intel.com> <4a93b0d2-5d19-b0fe-e3d3-a47921d96c25@huawei.com> From: Ferruh Yigit X-User: ferruhy Message-ID: Date: Fri, 30 Apr 2021 10:30:18 +0100 MIME-Version: 1.0 In-Reply-To: <4a93b0d2-5d19-b0fe-e3d3-a47921d96c25@huawei.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [dpdk-dev] [PATCH v2] bonding: fix overflow check X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 4/30/2021 3:54 AM, Min Hu (Connor) wrote: > > > 在 2021/4/29 21:33, Ferruh Yigit 写道: >> On 4/27/2021 2:40 AM, Min Hu (Connor) wrote: >>> Buffer 'test_params->slave_port_ids' of size 6 accessed may >>> overflow, since its index 'i' can have value be is out of range. >>> >>> This patch fixed it. >>> >>> Fixes: 92073ef961ee ("bond: unit tests") >>> Cc: stable@dpdk.org >>> >>> Signed-off-by: Min Hu (Connor) >>> --- >>> v2: >>> * fix bonded_slave_count value. >>> --- >>>   app/test/test_link_bonding.c | 3 +++ >>>   1 file changed, 3 insertions(+) >>> >>> diff --git a/app/test/test_link_bonding.c b/app/test/test_link_bonding.c >>> index 8a5c831..f8abb22 100644 >>> --- a/app/test/test_link_bonding.c >>> +++ b/app/test/test_link_bonding.c >>> @@ -2216,6 +2216,9 @@ test_activebackup_rx_burst(void) >>>               "failed to get primary slave for bonded port (%d)", >>>               test_params->bonded_port_id); >>>   +    if (test_params->bonded_slave_count > TEST_MAX_NUMBER_OF_PORTS) >>> +        test_params->bonded_slave_count = TEST_MAX_NUMBER_OF_PORTS; >>> + >> >> Hi Connor, >> >> Similar comment as previous version, what is the root cause, how >> 'bonded_slave_count' end up being bigger than 'TEST_MAX_NUMBER_OF_PORTS'? >> > Hi Ferruh, > Currently, it will not happen. > But if the testcase extended, for instance, > "test_add_slave_to_bonded_device" is called over > TEST_MAX_NUMBER_OF_PORTS(6) times in > "test_add_already_bonded_slave_to_bonded_device", > then 'bonded_slave_count' will be bigger than > 'TEST_MAX_NUMBER_OF_PORTS'. > What do you think adding 'test_params->bonded_slave_count' check at the beginning of the 'test_add_slave_to_bonded_device()' and fail test case if it is bigger than 'TEST_MAX_NUMBER_OF_PORTS'? >>>       for (i = 0; i < test_params->bonded_slave_count; i++) { >>>           /* Generate test bursts of packets to transmit */ >>>           TEST_ASSERT_EQUAL(generate_test_burst( >>> >> >> . >>