From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <olivier.matz@6wind.com>
Received: from mail.droids-corp.org (zoll.droids-corp.org [94.23.50.67])
 by dpdk.org (Postfix) with ESMTP id 583A2293B
 for <dev@dpdk.org>; Thu, 23 Aug 2018 09:39:48 +0200 (CEST)
Received: from rsa59-2-82-233-193-189.fbx.proxad.net ([82.233.193.189]
 helo=droids-corp.org)
 by mail.droids-corp.org with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.89) (envelope-from <olivier.matz@6wind.com>)
 id 1fskEP-0002Vj-9B; Thu, 23 Aug 2018 09:40:38 +0200
Received: by droids-corp.org (sSMTP sendmail emulation);
 Thu, 23 Aug 2018 09:39:42 +0200
Date: Thu, 23 Aug 2018 09:39:42 +0200
From: Olivier Matz <olivier.matz@6wind.com>
To: David Marchand <david.marchand@6wind.com>
Cc: dev@dpdk.org, Thomas Monjalon <thomas@monjalon.net>,
 Ferruh Yigit <ferruh.yigit@intel.com>,
 Andrew Rybchenko <arybchenko@solarflare.com>
Message-ID: <20180823073942.qnyk3jwqecm6wk3v@platinum>
References: <1534176226-21911-1-git-send-email-david.marchand@6wind.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1534176226-21911-1-git-send-email-david.marchand@6wind.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Subject: Re: [dpdk-dev] [RFC 1/2] mbuf: add a sanity check on segment
	metadata
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Aug 2018 07:39:48 -0000

Hi David,

On Mon, Aug 13, 2018 at 06:03:45PM +0200, David Marchand wrote:
> Add some basic check on the segments offset and length metadata:
> always funny to have a < 0 tailroom cast to uint16_t ;-).
> 
> Signed-off-by: David Marchand <david.marchand@6wind.com>
> ---
>  lib/librte_mbuf/rte_mbuf.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> index e714c5a..7eeef12 100644
> --- a/lib/librte_mbuf/rte_mbuf.c
> +++ b/lib/librte_mbuf/rte_mbuf.c
> @@ -200,6 +200,8 @@ rte_mbuf_sanity_check(const struct rte_mbuf *m, int is_header)
>  	pkt_len = m->pkt_len;
>  
>  	do {
> +		if (m->data_off + m->data_len > m->buf_len)
> +			rte_panic("bad segment metadata\n");

What about spliting the test into two? This would help to clarify
the error messages. I also suggest add casts to uint32 to ensure
that there is no overflow.

		if (m->data_off_len > m->buf_len)
			rte_panic("data offset too big in mbuf segment\n");
		if ((uint32_t)m->data_off + (uint32_t)m->data_len > (uint32_t)m->buf_len)
			rte_panic("data length too big in mbuf segment\n");