From: David Marchand <david.marchand@6wind.com>
To: dev@dpdk.org
Subject: [dpdk-dev] [PATCH 6/6] eal/linux: avoid out of bound access
Date: Tue, 7 Jul 2015 11:00:34 +0200 [thread overview]
Message-ID: <1436259634-7077-7-git-send-email-david.marchand@6wind.com> (raw)
In-Reply-To: <1436259634-7077-1-git-send-email-david.marchand@6wind.com>
Using IBM advance toolchain on Ubuntu 14.04 (package 8.0-3), gcc is complaining
about out of bound accesses.
CC eal_hugepage_info.o
lib/librte_eal/linuxapp/eal/eal_hugepage_info.c:
In function ‘eal_hugepage_info_init’:
lib/librte_eal/linuxapp/eal/eal_hugepage_info.c:350:35:
error: array subscript is above array bounds [-Werror=array-bounds]
internal_config.hugepage_info[j].hugepage_sz)
^
lib/librte_eal/linuxapp/eal/eal_hugepage_info.c:350:35:
error: array subscript is above array bounds [-Werror=array-bounds]
lib/librte_eal/linuxapp/eal/eal_hugepage_info.c:349:37:
error: array subscript is above array bounds [-Werror=array-bounds]
if (internal_config.hugepage_info[j-1].hugepage_sz <
^
lib/librte_eal/linuxapp/eal/eal_hugepage_info.c:350:35:
error: array subscript is above array bounds [-Werror=array-bounds]
internal_config.hugepage_info[j].hugepage_sz)
Looking at the code, these warnings are invalid from my pov and they disappeared
when upgrading the toolchain to new version (8.0-4).
However, the code was buggy (sorting code is wrong), so fix this by using qsort and adding a
check on num_sizes to avoid potential out of bound accesses.
Signed-off-by: David Marchand <david.marchand@6wind.com>
---
lib/librte_eal/linuxapp/eal/eal_hugepage_info.c | 31 ++++++++++-------------
1 file changed, 14 insertions(+), 17 deletions(-)
diff --git a/lib/librte_eal/linuxapp/eal/eal_hugepage_info.c b/lib/librte_eal/linuxapp/eal/eal_hugepage_info.c
index df60f6e..2f96164 100644
--- a/lib/librte_eal/linuxapp/eal/eal_hugepage_info.c
+++ b/lib/librte_eal/linuxapp/eal/eal_hugepage_info.c
@@ -184,15 +184,6 @@ get_hugepage_dir(uint64_t hugepage_sz)
return retval;
}
-static inline void
-swap_hpi(struct hugepage_info *a, struct hugepage_info *b)
-{
- char buf[sizeof(*a)];
- memcpy(buf, a, sizeof(buf));
- memcpy(a, b, sizeof(buf));
- memcpy(b, buf, sizeof(buf));
-}
-
/*
* Clear the hugepage directory of whatever hugepage files
* there are. Checks if the file is locked (i.e.
@@ -263,6 +254,15 @@ error:
return -1;
}
+static int
+compare_hpi(const void *a, const void *b)
+{
+ const struct hugepage_info *hpi_a = a;
+ const struct hugepage_info *hpi_b = b;
+
+ return hpi_b->hugepage_sz - hpi_a->hugepage_sz;
+}
+
/*
* when we initialize the hugepage info, everything goes
* to socket 0 by default. it will later get sorted by memory
@@ -289,6 +289,9 @@ eal_hugepage_info_init(void)
dirent_start_len) != 0)
continue;
+ if (num_sizes >= MAX_HUGEPAGE_SIZES)
+ break;
+
hpi = &internal_config.hugepage_info[num_sizes];
hpi->hugepage_sz =
rte_str_to_size(&dirent->d_name[dirent_start_len]);
@@ -343,14 +346,8 @@ eal_hugepage_info_init(void)
internal_config.num_hugepage_sizes = num_sizes;
/* sort the page directory entries by size, largest to smallest */
- for (i = 0; i < num_sizes; i++) {
- unsigned j;
- for (j = i+1; j < num_sizes; j++)
- if (internal_config.hugepage_info[j-1].hugepage_sz <
- internal_config.hugepage_info[j].hugepage_sz)
- swap_hpi(&internal_config.hugepage_info[j-1],
- &internal_config.hugepage_info[j]);
- }
+ qsort(&internal_config.hugepage_info[0], num_sizes,
+ sizeof(internal_config.hugepage_info[0]), compare_hpi);
/* now we have all info, check we have at least one valid size */
for (i = 0; i < num_sizes; i++)
--
1.7.10.4
next prev parent reply other threads:[~2015-07-07 9:00 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-07 9:00 [dpdk-dev] [PATCH 0/6] eal/linux: cleanup hugepage code David Marchand
2015-07-07 9:00 ` [dpdk-dev] [PATCH 1/6] eal/linux: remove useless check on process type David Marchand
2015-07-07 9:00 ` [dpdk-dev] [PATCH 2/6] eal/linux: remove useless casts David Marchand
2015-07-09 2:04 ` Thomas Monjalon
2015-07-07 9:00 ` [dpdk-dev] [PATCH 3/6] eal/linux: cosmetic change David Marchand
2015-07-07 9:00 ` [dpdk-dev] [PATCH 4/6] eal/linux: rework while loop David Marchand
2015-07-07 9:00 ` [dpdk-dev] [PATCH 5/6] eal/linux: indent file David Marchand
2015-07-07 9:00 ` David Marchand [this message]
2015-07-08 11:03 ` [dpdk-dev] [PATCH 0/6] eal/linux: cleanup hugepage code Gonzalez Monroy, Sergio
2015-07-09 9:19 ` [dpdk-dev] [PATCH v2 " David Marchand
2015-07-09 9:19 ` [dpdk-dev] [PATCH v2 1/6] eal/linux: remove useless check on process type David Marchand
2015-07-09 9:19 ` [dpdk-dev] [PATCH v2 2/6] eal/linux: remove useless casts David Marchand
2015-07-09 9:19 ` [dpdk-dev] [PATCH v2 3/6] eal/linux: cosmetic change David Marchand
2015-07-09 9:19 ` [dpdk-dev] [PATCH v2 4/6] eal/linux: rework while loop David Marchand
2015-07-09 9:19 ` [dpdk-dev] [PATCH v2 5/6] eal/linux: indent file David Marchand
2015-07-09 9:19 ` [dpdk-dev] [PATCH v2 6/6] eal/linux: avoid out of bound access David Marchand
2015-07-09 12:21 ` [dpdk-dev] [PATCH v2 0/6] eal/linux: cleanup hugepage code Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1436259634-7077-7-git-send-email-david.marchand@6wind.com \
--to=david.marchand@6wind.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).