From: Ferruh Yigit <ferruh.yigit@amd.com>
To: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>,
Igor Russkikh <irusskikh@marvell.com>,
Selwin Sebastian <selwin.sebastian@amd.com>,
Ajit Khaparde <ajit.khaparde@broadcom.com>,
Somnath Kotur <somnath.kotur@broadcom.com>,
Nithin Dabilpuram <ndabilpuram@marvell.com>,
Kiran Kumar K <kirankumark@marvell.com>,
Sunil Kumar Kori <skori@marvell.com>,
Satha Rao <skoteshwar@marvell.com>,
Yuying Zhang <yuying.zhang@intel.com>,
Beilei Xing <beilei.xing@intel.com>,
Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>,
Hemant Agrawal <hemant.agrawal@nxp.com>,
Sachin Saxena <sachin.saxena@nxp.com>,
Simei Su <simei.su@intel.com>, Wenjun Wu <wenjun1.wu@intel.com>,
Gagandeep Singh <g.singh@nxp.com>,
John Daley <johndale@cisco.com>,
Hyong Youb Kim <hyonkim@cisco.com>, Gaetan Rivet <grive@u256.net>,
Qi Zhang <qi.z.zhang@intel.com>,
Xiao Wang <xiao.w.wang@intel.com>, Jie Hai <haijie1@huawei.com>,
Yisen Zhuang <yisen.zhuang@huawei.com>,
Jingjing Wu <jingjing.wu@intel.com>,
Qiming Yang <qiming.yang@intel.com>,
Junfeng Guo <junfeng.guo@intel.com>,
Andrew Boyer <andrew.boyer@amd.com>,
Long Li <longli@microsoft.com>, Matan Azrad <matan@nvidia.com>,
Viacheslav Ovsiienko <viacheslavo@nvidia.com>,
Dariusz Sosnowski <dsosnowski@nvidia.com>,
Ori Kam <orika@nvidia.com>, Suanming Mou <suanmingm@nvidia.com>,
Zyta Szpak <zr@semihalf.com>, Liron Himi <lironh@marvell.com>,
Chaoyong He <chaoyong.he@corigine.com>,
Jiawen Wu <jiawenwu@trustnetic.com>,
Harman Kalra <hkalra@marvell.com>,
Devendra Singh Rawat <dsinghrawat@marvell.com>,
Alok Prasad <palok@marvell.com>,
Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>,
Jerin Jacob <jerinj@marvell.com>,
Maciej Czekaj <mczekaj@marvell.com>,
Jian Wang <jianwang@trustnetic.com>,
Jochen Behrens <jbehrens@vmware.com>,
Thomas Monjalon <thomas@monjalon.net>
Cc: dev@dpdk.org, stable@dpdk.org, ferruh.yigit@intel.com
Subject: Re: [dpdk-dev v4 2/2] net/tap: fix buffer overflow for ptypes list through driver API update
Date: Thu, 11 Jan 2024 15:12:59 +0000 [thread overview]
Message-ID: <790591da-ccae-4716-9149-722d22973f69@amd.com> (raw)
In-Reply-To: <20240104175111.2190075-3-venkatx.sivaramakrishnan@intel.com>
On 1/4/2024 5:51 PM, Sivaramakrishnan Venkat wrote:
> Incorrect ptypes list causes buffer overflow for Address Sanitizer
> run. Previously, the last element in the ptypes lists to be
> "RTE_PTYPE_UNKNOWN" for rte_eth_dev_get_supported_ptypes(), but this was
> not clearly documented and many PMDs did not follow this implementation.
> Instead, the dev_supported_ptypes_get() function pointer now returns the
> number of elements to eliminate the need for "RTE_PTYPE_UNKNOWN"
> as the last item.
>
> Fixes: 47909357a069 ("ethdev: make device operations struct private")
> Cc: ferruh.yigit@intel.com
> Cc: stable@dpdk.org
>
I think this is not fix, your previous patch fixes mentioned issue, but
this patch improved code to make sure it will be correct in the future.
Can you please update the commit log accordingly, remove fixes and
stable tag and patch title can be something like:
"drivers/net: return number of types in get supported ptypes"
> Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
> ---
>
<...>
>
> diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
> index 3a028f4290..bc087738e4 100644
> --- a/drivers/net/atlantic/atl_ethdev.c
> +++ b/drivers/net/atlantic/atl_ethdev.c
> @@ -43,7 +43,8 @@ static int atl_dev_stats_reset(struct rte_eth_dev *dev);
> static int atl_fw_version_get(struct rte_eth_dev *dev, char *fw_version,
> size_t fw_size);
>
> -static const uint32_t *atl_dev_supported_ptypes_get(struct rte_eth_dev *dev);
> +static const uint32_t *atl_dev_supported_ptypes_get(struct rte_eth_dev *dev,
> + size_t *no_of_elements);
>
> static int atl_dev_mtu_set(struct rte_eth_dev *dev, uint16_t mtu);
>
> @@ -1132,7 +1133,8 @@ atl_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
> }
>
> static const uint32_t *
> -atl_dev_supported_ptypes_get(struct rte_eth_dev *dev)
> +atl_dev_supported_ptypes_get(struct rte_eth_dev *dev,
> + size_t *no_of_elements)
>
Can be single line, no need to break the line.
Same for some other drivers, can you please check all.
> {
> static const uint32_t ptypes[] = {
> RTE_PTYPE_L2_ETHER,
> @@ -1143,12 +1145,13 @@ atl_dev_supported_ptypes_get(struct rte_eth_dev *dev)
> RTE_PTYPE_L4_TCP,
> RTE_PTYPE_L4_UDP,
> RTE_PTYPE_L4_SCTP,
> - RTE_PTYPE_L4_ICMP,
> - RTE_PTYPE_UNKNOWN
> + RTE_PTYPE_L4_ICMP
>
Better to keep trailing ',' to reduce change when new ptypes appended in
the future, like:
"RTE_PTYPE_L4_ICMP,"
<...>
> @@ -348,7 +348,8 @@ dpaa_eth_dev_configure(struct rte_eth_dev *dev)
> }
>
> static const uint32_t *
> -dpaa_supported_ptypes_get(struct rte_eth_dev *dev)
> +dpaa_supported_ptypes_get(struct rte_eth_dev *dev,
> + size_t *no_of_elements)
> {
> static const uint32_t ptypes[] = {
> RTE_PTYPE_L2_ETHER,
> @@ -363,14 +364,16 @@ dpaa_supported_ptypes_get(struct rte_eth_dev *dev)
> RTE_PTYPE_L4_TCP,
> RTE_PTYPE_L4_UDP,
> RTE_PTYPE_L4_SCTP,
> - RTE_PTYPE_TUNNEL_ESP,
> - RTE_PTYPE_UNKNOWN
> + RTE_PTYPE_TUNNEL_ESP
> };
>
> PMD_INIT_FUNC_TRACE();
>
> - if (dev->rx_pkt_burst == dpaa_eth_queue_rx)
> + if (dev->rx_pkt_burst == dpaa_eth_queue_rx) {
> + *no_of_elements = RTE_DIM(ptypes);
> return ptypes;
> + }
> + *no_of_elements = 0;
No need to set it to '0' when NULL returned, it is already 0 by default.
There are other drivers doing this, can you please check all?
<...>
> @@ -2261,19 +2261,22 @@ ice_dev_supported_ptypes_get(struct rte_eth_dev *dev)
> RTE_PTYPE_INNER_L4_UDP,
> RTE_PTYPE_TUNNEL_GTPC,
> RTE_PTYPE_TUNNEL_GTPU,
> - RTE_PTYPE_L2_ETHER_PPPOE,
> - RTE_PTYPE_UNKNOWN
> + RTE_PTYPE_L2_ETHER_PPPOE
> };
>
> - if (ad->active_pkg_type == ICE_PKG_TYPE_COMMS)
> + if (ad->active_pkg_type == ICE_PKG_TYPE_COMMS) {
> + *no_of_elements = RTE_DIM(ptypes_comms);
> ptypes = ptypes_comms;
> - else
> + } else {
> + *no_of_elements = RTE_DIM(ptypes_os);
> ptypes = ptypes_os;
> + }
>
> if (dev->rx_pkt_burst == ice_recv_pkts ||
> dev->rx_pkt_burst == ice_recv_pkts_bulk_alloc ||
> - dev->rx_pkt_burst == ice_recv_scattered_pkts)
> + dev->rx_pkt_burst == ice_recv_scattered_pkts) {
> return ptypes;
> + }
>
No need to add { }, same below.
<...>
> @@ -3978,7 +3979,8 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
> }
>
> static const uint32_t *
> -ixgbe_dev_supported_ptypes_get(struct rte_eth_dev *dev)
> +ixgbe_dev_supported_ptypes_get(struct rte_eth_dev *dev,
> + size_t *no_of_elements)
> {
> static const uint32_t ptypes[] = {
> /* For non-vec functions,
> @@ -3998,21 +4000,25 @@ ixgbe_dev_supported_ptypes_get(struct rte_eth_dev *dev)
> RTE_PTYPE_INNER_L3_IPV6,
> RTE_PTYPE_INNER_L3_IPV6_EXT,
> RTE_PTYPE_INNER_L4_TCP,
> - RTE_PTYPE_INNER_L4_UDP,
> - RTE_PTYPE_UNKNOWN
> + RTE_PTYPE_INNER_L4_UDP
> };
>
> if (dev->rx_pkt_burst == ixgbe_recv_pkts ||
> dev->rx_pkt_burst == ixgbe_recv_pkts_lro_single_alloc ||
> dev->rx_pkt_burst == ixgbe_recv_pkts_lro_bulk_alloc ||
> - dev->rx_pkt_burst == ixgbe_recv_pkts_bulk_alloc)
> + dev->rx_pkt_burst == ixgbe_recv_pkts_bulk_alloc) {
> + *no_of_elements = RTE_DIM(ptypes);
> return ptypes;
> + }
>
> #if defined(RTE_ARCH_X86) || defined(__ARM_NEON)
> if (dev->rx_pkt_burst == ixgbe_recv_pkts_vec ||
> - dev->rx_pkt_burst == ixgbe_recv_scattered_pkts_vec)
> + dev->rx_pkt_burst == ixgbe_recv_scattered_pkts_vec) {
> + *no_of_elements = (sizeof(ptypes) / sizeof(uint32_t));
>
Why not use 'RTE_DIM()' here?
<...>
> diff --git a/lib/ethdev/ethdev_driver.h b/lib/ethdev/ethdev_driver.h
> index b482cd12bb..9b03d27e62 100644
> --- a/lib/ethdev/ethdev_driver.h
> +++ b/lib/ethdev/ethdev_driver.h
> @@ -448,7 +448,8 @@ typedef int (*eth_dev_infos_get_t)(struct rte_eth_dev *dev,
> struct rte_eth_dev_info *dev_info);
>
> /** @internal Get supported ptypes of an Ethernet device. */
> -typedef const uint32_t *(*eth_dev_supported_ptypes_get_t)(struct rte_eth_dev *dev);
> +typedef const uint32_t *(*eth_dev_supported_ptypes_get_t)(struct rte_eth_dev *dev,
> + size_t *no_of_elements);
>
Can you please add doxygen comments, and document new paramter there.
There are samples in same file, like 'eth_promiscuous_enable_t' one.
Thanks,
Ferruh
next prev parent reply other threads:[~2024-01-11 15:13 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-12 14:37 [PATCH v1] net/tap: fix buffer overflow for ptypes list Sivaramakrishnan Venkat
2023-12-12 15:23 ` Ferruh Yigit
2023-12-15 13:38 ` [PATCH v2] " Sivaramakrishnan Venkat
2023-12-15 13:52 ` Ferruh Yigit
2023-12-15 13:55 ` Sivaramakrishnan, VenkatX
2023-12-15 17:21 ` Ferruh Yigit
2023-12-21 18:40 ` [PATCH v3] ethdev: fix getting supported " Sivaramakrishnan Venkat
2023-12-21 21:03 ` Tyler Retzlaff
2023-12-22 8:21 ` David Marchand
2024-01-04 17:51 ` [dpdk-dev v4 2/2] net/tap: fix buffer overflow for " Sivaramakrishnan Venkat
2024-01-04 17:51 ` [dpdk-dev v4 1/2] net/tap: fix buffer overflow for ptypes list through updation of last element Sivaramakrishnan Venkat
2024-01-11 15:11 ` Ferruh Yigit
2024-01-04 17:51 ` [dpdk-dev v4 2/2] net/tap: fix buffer overflow for ptypes list through driver API update Sivaramakrishnan Venkat
2024-01-11 15:12 ` Ferruh Yigit [this message]
2024-01-11 16:29 ` Andrew Rybchenko
2024-01-18 12:07 ` [PATCH v5 1/2] drivers/net: fix buffer overflow for ptypes list Sivaramakrishnan Venkat
2024-01-18 12:07 ` [PATCH v5 2/2] drivers/net: return number of types in get supported types Sivaramakrishnan Venkat
2024-01-19 14:51 ` Ferruh Yigit
2024-01-23 12:07 ` Power, Ciara
2024-01-23 14:59 ` Ferruh Yigit
2024-01-23 15:12 ` Ferruh Yigit
2024-01-23 15:37 ` Power, Ciara
2024-01-19 14:58 ` [PATCH v5 1/2] drivers/net: fix buffer overflow for ptypes list Ferruh Yigit
2024-01-19 17:10 ` Power, Ciara
2024-01-22 9:42 ` Ferruh Yigit
2024-01-22 9:46 ` Power, Ciara
2024-01-22 10:03 ` Ferruh Yigit
2024-01-25 16:07 ` [PATCH v6 " Sivaramakrishnan Venkat
2024-01-25 16:07 ` [PATCH v6 2/2] drivers/net: return number of types in get supported types Sivaramakrishnan Venkat
2024-01-31 3:22 ` Ferruh Yigit
2024-02-01 15:43 ` [PATCH v7 1/2] drivers/net: fix buffer overflow for ptypes list Sivaramakrishnan Venkat
2024-02-01 15:50 ` Sivaramakrishnan Venkat
2024-02-01 15:50 ` [PATCH v7 2/2] drivers/net: return number of types in get supported types Sivaramakrishnan Venkat
2024-02-01 23:02 ` Ferruh Yigit
2024-02-01 22:58 ` [PATCH v7 1/2] drivers/net: fix buffer overflow for ptypes list Ferruh Yigit
2024-02-01 23:29 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=790591da-ccae-4716-9149-722d22973f69@amd.com \
--to=ferruh.yigit@amd.com \
--cc=ajit.khaparde@broadcom.com \
--cc=andrew.boyer@amd.com \
--cc=andrew.rybchenko@oktetlabs.ru \
--cc=beilei.xing@intel.com \
--cc=chaoyong.he@corigine.com \
--cc=dev@dpdk.org \
--cc=dsinghrawat@marvell.com \
--cc=dsosnowski@nvidia.com \
--cc=ferruh.yigit@intel.com \
--cc=g.singh@nxp.com \
--cc=grive@u256.net \
--cc=haijie1@huawei.com \
--cc=hemant.agrawal@nxp.com \
--cc=hkalra@marvell.com \
--cc=hyonkim@cisco.com \
--cc=irusskikh@marvell.com \
--cc=jbehrens@vmware.com \
--cc=jerinj@marvell.com \
--cc=jianwang@trustnetic.com \
--cc=jiawenwu@trustnetic.com \
--cc=jingjing.wu@intel.com \
--cc=johndale@cisco.com \
--cc=junfeng.guo@intel.com \
--cc=kirankumark@marvell.com \
--cc=lironh@marvell.com \
--cc=longli@microsoft.com \
--cc=matan@nvidia.com \
--cc=mczekaj@marvell.com \
--cc=ndabilpuram@marvell.com \
--cc=orika@nvidia.com \
--cc=palok@marvell.com \
--cc=qi.z.zhang@intel.com \
--cc=qiming.yang@intel.com \
--cc=rahul.lakkireddy@chelsio.com \
--cc=sachin.saxena@nxp.com \
--cc=selwin.sebastian@amd.com \
--cc=simei.su@intel.com \
--cc=skori@marvell.com \
--cc=skoteshwar@marvell.com \
--cc=somnath.kotur@broadcom.com \
--cc=stable@dpdk.org \
--cc=suanmingm@nvidia.com \
--cc=thomas@monjalon.net \
--cc=venkatx.sivaramakrishnan@intel.com \
--cc=viacheslavo@nvidia.com \
--cc=wenjun1.wu@intel.com \
--cc=xiao.w.wang@intel.com \
--cc=yisen.zhuang@huawei.com \
--cc=yuying.zhang@intel.com \
--cc=zr@semihalf.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).