From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id C0758A0548;
	Wed, 21 Apr 2021 08:08:58 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 865F741932;
	Wed, 21 Apr 2021 08:08:58 +0200 (CEST)
Received: from szxga06-in.huawei.com (szxga06-in.huawei.com [45.249.212.32])
 by mails.dpdk.org (Postfix) with ESMTP id 3CF9D418AA
 for <dev@dpdk.org>; Wed, 21 Apr 2021 08:08:57 +0200 (CEST)
Received: from DGGEMS412-HUB.china.huawei.com (unknown [172.30.72.59])
 by szxga06-in.huawei.com (SkyGuard) with ESMTP id 4FQ976311tzkkhb
 for <dev@dpdk.org>; Wed, 21 Apr 2021 14:06:58 +0800 (CST)
Received: from [10.67.103.128] (10.67.103.128) by
 DGGEMS412-HUB.china.huawei.com (10.3.19.212) with Microsoft SMTP Server id
 14.3.498.0; Wed, 21 Apr 2021 14:08:49 +0800
To: "Li, Xiaoyun" <xiaoyun.li@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
CC: "Yigit, Ferruh" <ferruh.yigit@intel.com>, "Wu, Jingjing"
 <jingjing.wu@intel.com>
References: <1618970896-37852-1-git-send-email-humin29@huawei.com>
 <1618970896-37852-2-git-send-email-humin29@huawei.com>
 <CH0PR11MB5523310F2068D852009E3A7299479@CH0PR11MB5523.namprd11.prod.outlook.com>
 <e36f403c-3697-e4e0-8fc9-8a77563d466a@huawei.com>
 <DM4PR11MB55348D9BBC3EC117646B581499479@DM4PR11MB5534.namprd11.prod.outlook.com>
From: "Min Hu (Connor)" <humin29@huawei.com>
Message-ID: <8aa81106-2d1e-8c72-4568-a6b5783277a2@huawei.com>
Date: Wed, 21 Apr 2021 14:08:49 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.3.1
MIME-Version: 1.0
In-Reply-To: <DM4PR11MB55348D9BBC3EC117646B581499479@DM4PR11MB5534.namprd11.prod.outlook.com>
Content-Type: text/plain; charset="iso-2022-jp"; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.67.103.128]
X-CFilter-Loop: Reflected
Subject: Re: [dpdk-dev] [PATCH 1/2] raw/ntb: check spad user index
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>



在 2021/4/21 12:54, Li, Xiaoyun 写道:
> 
> 
>> -----Original Message-----
>> From: Min Hu (Connor) <humin29@huawei.com>
>> Sent: Wednesday, April 21, 2021 12:37
>> To: Li, Xiaoyun <xiaoyun.li@intel.com>; dev@dpdk.org
>> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Wu, Jingjing <jingjing.wu@intel.com>
>> Subject: Re: [PATCH 1/2] raw/ntb: check spad user index
>>
>> Hi, xiaoyun,
>>
>> 在 2021/4/21 11:31, Li, Xiaoyun 写道:
>>> Hi
>>>
>>>> -----Original Message-----
>>>> From: Min Hu (Connor) <humin29@huawei.com>
>>>> Sent: Wednesday, April 21, 2021 10:08
>>>> To: dev@dpdk.org
>>>> Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Li, Xiaoyun
>>>> <xiaoyun.li@intel.com>; Wu, Jingjing <jingjing.wu@intel.com>
>>>> Subject: [PATCH 1/2] raw/ntb: check spad user index
>>>>
>>>> From: Chengwen Feng <fengchengwen@huawei.com>
>>>>
>>>> This patch adds checking spad user index validity when set or get attr.
>>>>
>>>> Fixes: 277310027965 ("raw/ntb: introduce NTB raw device driver")
>>>> Cc: stable@dpdk.org
>>>>
>>>> Signed-off-by: Chengwen Feng <fengchengwen@huawei.com>
>>>> Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
>>>> ---
>>>>    drivers/raw/ntb/ntb.c | 8 ++++++++
>>>>    1 file changed, 8 insertions(+)
>>>>
>>>> diff --git a/drivers/raw/ntb/ntb.c b/drivers/raw/ntb/ntb.c index
>>>> 6dd213e..0f0e3f2 100644
>>>> --- a/drivers/raw/ntb/ntb.c
>>>> +++ b/drivers/raw/ntb/ntb.c
>>>> @@ -1080,6 +1080,10 @@ ntb_attr_set(struct rte_rawdev *dev, const
>>>> char *attr_name,
>>>>    		if (hw->ntb_ops->spad_write == NULL)
>>>>    			return -ENOTSUP;
>>>>    		index = atoi(&attr_name[NTB_SPAD_USER_LEN]);
>>>> +		if (index < 0 || index >= NTB_SPAD_USER_MAX_NUM) {
>>>> +			NTB_LOG(ERR, "Invalid attribute (%s)", attr_name);
>>>> +			return -EINVAL;
>>>> +		}
>>>
>>> It's unnecessary. The value will be checked in intel_ntb_spad_write(). There
>> will be error remind in that.
>>>
>> Nothing to do with intel_ntb_spad_write. If index is no checked,
>> hw->spad_user_list[index] may be be out of memory and result in
>> segmentation default.
> 
> Are you using this driver externally? Or you just check everything in DPDK.
> This is actually only used for ntb example in file trans mode. And only 0 and 1 are used for index.
> 
Well， I just reviewed codes and found this bug.
>>
>>
>>>>    		(*hw->ntb_ops->spad_write)(dev, hw->spad_user_list[index],
>>>>    					   1, attr_value);
>>>>    		NTB_LOG(DEBUG, "Set attribute (%s) Value (%" PRIu64 ")", @@
>>>> -1174,6 +1178,10 @@ ntb_attr_get(struct rte_rawdev *dev, const char
>>>> *attr_name,
>>>>    		if (hw->ntb_ops->spad_read == NULL)
>>>>    			return -ENOTSUP;
>>>>    		index = atoi(&attr_name[NTB_SPAD_USER_LEN]);
>>>> +		if (index < 0 || index >= NTB_SPAD_USER_MAX_NUM) {
>>>> +			NTB_LOG(ERR, "Attribute (%s) out of range",
>>>> attr_name);
>>>> +			return -EINVAL;
>>>> +		}
>>>
>>> Same as above.
>>>
>>>>    		*attr_value = (*hw->ntb_ops->spad_read)(dev,
>>>>    				hw->spad_user_list[index], 0);
>>>>    		NTB_LOG(DEBUG, "Attribute (%s) Value (%" PRIu64 ")",
>>>> --
>>>> 2.7.4
>>>
>>> .
>>>
> .
>