From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wg0-f54.google.com (mail-wg0-f54.google.com [74.125.82.54]) by dpdk.org (Postfix) with ESMTP id 8D2DCC388 for ; Thu, 9 Jul 2015 11:19:51 +0200 (CEST) Received: by wgxm20 with SMTP id m20so34546126wgx.3 for ; Thu, 09 Jul 2015 02:19:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-type:content-transfer-encoding; bh=fiBpQ9/LdXoB8h7HTmlzEG539pYvUzgnGj9pZ1uLqtE=; b=aa0Gi3PmnXJz0GpaDShO5b6j87r6Jpk04vaYaXN0w61d/c2iN7P6i1+M7I7HltzWs4 uU7IVTvzbrp/B0FWJYrBwiU11mwmK2f7W2u2xg0SA91FHnEbHUvnJY5zcdkTA256t2/1 Nvb67GjbXwnWzceaPVRfG3DWKBKnnqQpuP1rQ6VXiR1JT9E56Lr5yUA7WMz0H0x7fxiN EmsL45cgdTYBuqmbFOboAd5OgrtW+joVzgEGrFx0j4OST/ytB0dU+B9cZWm/viwMHQKt vQMgEuuSm7s0BBvMpAW6cVltXihK8WnxyoR0Pt+swb/r/oFAcsDtUhfU7kAmx8N3WLq8 i8Aw== X-Gm-Message-State: ALoCoQngbjsO1dTM4uhFavKWwoR81Mk6SDhhzQNO9JccjZohSotPhJ4mBGYBn3zF6yZwr7yTEvki X-Received: by 10.180.37.133 with SMTP id y5mr71722105wij.7.1436433591406; Thu, 09 Jul 2015 02:19:51 -0700 (PDT) Received: from alcyon.dev.6wind.com (6wind.net2.nerim.net. [213.41.151.210]) by smtp.gmail.com with ESMTPSA id um5sm7774777wjc.1.2015.07.09.02.19.49 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Jul 2015 02:19:50 -0700 (PDT) From: David Marchand To: dev@dpdk.org Date: Thu, 9 Jul 2015 11:19:26 +0200 Message-Id: <1436433566-328-7-git-send-email-david.marchand@6wind.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1436433566-328-1-git-send-email-david.marchand@6wind.com> References: <1436259634-7077-1-git-send-email-david.marchand@6wind.com> <1436433566-328-1-git-send-email-david.marchand@6wind.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] =?utf-8?q?=5BPATCH_v2_6/6=5D_eal/linux=3A_avoid_out_of?= =?utf-8?q?_bound_access?= X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2015 09:19:51 -0000 Using IBM advance toolchain on Ubuntu 14.04 (package 8.0-3), gcc is complaining about out of bound accesses. CC eal_hugepage_info.o lib/librte_eal/linuxapp/eal/eal_hugepage_info.c: In function ‘eal_hugepage_info_init’: lib/librte_eal/linuxapp/eal/eal_hugepage_info.c:350:35: error: array subscript is above array bounds [-Werror=array-bounds] internal_config.hugepage_info[j].hugepage_sz) ^ lib/librte_eal/linuxapp/eal/eal_hugepage_info.c:350:35: error: array subscript is above array bounds [-Werror=array-bounds] lib/librte_eal/linuxapp/eal/eal_hugepage_info.c:349:37: error: array subscript is above array bounds [-Werror=array-bounds] if (internal_config.hugepage_info[j-1].hugepage_sz < ^ lib/librte_eal/linuxapp/eal/eal_hugepage_info.c:350:35: error: array subscript is above array bounds [-Werror=array-bounds] internal_config.hugepage_info[j].hugepage_sz) Looking at the code, these warnings are invalid from my pov and they disappeared when upgrading the toolchain to new version (8.0-4). However, the code was buggy (sorting code is wrong), so fix this by using qsort and adding a check on num_sizes to avoid potential out of bound accesses. Signed-off-by: David Marchand Acked-by: Sergio Gonzalez Monroy --- lib/librte_eal/linuxapp/eal/eal_hugepage_info.c | 31 ++++++++++------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/lib/librte_eal/linuxapp/eal/eal_hugepage_info.c b/lib/librte_eal/linuxapp/eal/eal_hugepage_info.c index f097e71..cdaa47b 100644 --- a/lib/librte_eal/linuxapp/eal/eal_hugepage_info.c +++ b/lib/librte_eal/linuxapp/eal/eal_hugepage_info.c @@ -189,15 +189,6 @@ get_hugepage_dir(uint64_t hugepage_sz) return retval; } -static inline void -swap_hpi(struct hugepage_info *a, struct hugepage_info *b) -{ - char buf[sizeof(*a)]; - memcpy(buf, a, sizeof(buf)); - memcpy(a, b, sizeof(buf)); - memcpy(b, buf, sizeof(buf)); -} - /* * Clear the hugepage directory of whatever hugepage files * there are. Checks if the file is locked (i.e. @@ -268,6 +259,15 @@ error: return -1; } +static int +compare_hpi(const void *a, const void *b) +{ + const struct hugepage_info *hpi_a = a; + const struct hugepage_info *hpi_b = b; + + return hpi_b->hugepage_sz - hpi_a->hugepage_sz; +} + /* * when we initialize the hugepage info, everything goes * to socket 0 by default. it will later get sorted by memory @@ -294,6 +294,9 @@ eal_hugepage_info_init(void) dirent_start_len) != 0) continue; + if (num_sizes >= MAX_HUGEPAGE_SIZES) + break; + hpi = &internal_config.hugepage_info[num_sizes]; hpi->hugepage_sz = rte_str_to_size(&dirent->d_name[dirent_start_len]); @@ -348,14 +351,8 @@ eal_hugepage_info_init(void) internal_config.num_hugepage_sizes = num_sizes; /* sort the page directory entries by size, largest to smallest */ - for (i = 0; i < num_sizes; i++) { - unsigned j; - for (j = i+1; j < num_sizes; j++) - if (internal_config.hugepage_info[j-1].hugepage_sz < - internal_config.hugepage_info[j].hugepage_sz) - swap_hpi(&internal_config.hugepage_info[j-1], - &internal_config.hugepage_info[j]); - } + qsort(&internal_config.hugepage_info[0], num_sizes, + sizeof(internal_config.hugepage_info[0]), compare_hpi); /* now we have all info, check we have at least one valid size */ for (i = 0; i < num_sizes; i++) -- 1.7.10.4