From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D4436A0546; Fri, 30 Apr 2021 04:54:57 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7948A4069E; Fri, 30 Apr 2021 04:54:57 +0200 (CEST) Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by mails.dpdk.org (Postfix) with ESMTP id 4EE4940395 for ; Fri, 30 Apr 2021 04:54:56 +0200 (CEST) Received: from dggeme756-chm.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4FWcNg3qTFzRg10 for ; Fri, 30 Apr 2021 10:52:35 +0800 (CST) Received: from [10.67.103.128] (10.67.103.128) by dggeme756-chm.china.huawei.com (10.3.19.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Fri, 30 Apr 2021 10:54:53 +0800 To: Ferruh Yigit , References: <1619083366-63417-1-git-send-email-humin29@huawei.com> <1619487643-27708-1-git-send-email-humin29@huawei.com> <784170e4-7bf0-adf2-3d60-8472603802cc@intel.com> From: "Min Hu (Connor)" Message-ID: <4a93b0d2-5d19-b0fe-e3d3-a47921d96c25@huawei.com> Date: Fri, 30 Apr 2021 10:54:53 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 In-Reply-To: <784170e4-7bf0-adf2-3d60-8472603802cc@intel.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.67.103.128] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To dggeme756-chm.china.huawei.com (10.3.19.102) X-CFilter-Loop: Reflected Subject: Re: [dpdk-dev] [PATCH v2] bonding: fix overflow check X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 在 2021/4/29 21:33, Ferruh Yigit 写道: > On 4/27/2021 2:40 AM, Min Hu (Connor) wrote: >> Buffer 'test_params->slave_port_ids' of size 6 accessed may >> overflow, since its index 'i' can have value be is out of range. >> >> This patch fixed it. >> >> Fixes: 92073ef961ee ("bond: unit tests") >> Cc: stable@dpdk.org >> >> Signed-off-by: Min Hu (Connor) >> --- >> v2: >> * fix bonded_slave_count value. >> --- >> app/test/test_link_bonding.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/app/test/test_link_bonding.c b/app/test/test_link_bonding.c >> index 8a5c831..f8abb22 100644 >> --- a/app/test/test_link_bonding.c >> +++ b/app/test/test_link_bonding.c >> @@ -2216,6 +2216,9 @@ test_activebackup_rx_burst(void) >> "failed to get primary slave for bonded port (%d)", >> test_params->bonded_port_id); >> >> + if (test_params->bonded_slave_count > TEST_MAX_NUMBER_OF_PORTS) >> + test_params->bonded_slave_count = TEST_MAX_NUMBER_OF_PORTS; >> + > > Hi Connor, > > Similar comment as previous version, what is the root cause, how > 'bonded_slave_count' end up being bigger than 'TEST_MAX_NUMBER_OF_PORTS'? > Hi Ferruh, Currently, it will not happen. But if the testcase extended, for instance, "test_add_slave_to_bonded_device" is called over TEST_MAX_NUMBER_OF_PORTS(6) times in "test_add_already_bonded_slave_to_bonded_device", then 'bonded_slave_count' will be bigger than 'TEST_MAX_NUMBER_OF_PORTS'. >> for (i = 0; i < test_params->bonded_slave_count; i++) { >> /* Generate test bursts of packets to transmit */ >> TEST_ASSERT_EQUAL(generate_test_burst( >> > > . >