From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 6963BA00C2
	for <public@inbox.dpdk.org>; Tue, 14 Jun 2022 11:22:42 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 8F1FD4067C;
	Tue, 14 Jun 2022 11:22:41 +0200 (CEST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by mails.dpdk.org (Postfix) with ESMTP id 934E44067C
 for <stable@dpdk.org>; Tue, 14 Jun 2022 11:22:39 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1655198558;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=O+ozC8sTa7ZQTft5O0MYcZzWgzIL02VvGp0J3mtJ384=;
 b=NfgLqnjUvR4C99pjQKProUXRA1w21WnbWoxqSvXrWgcL91Fzrl9ln+8+To6WQNm7QFHmuE
 BpPyQVSL6sYHYMXuAwpovvgTyssxHbNOmNUsN3nmWg7XOcUZ7pjtLcv+TDs+SkoAjpJ/7z
 oy+8fZz/IAar+4uRu6rNCcXCqKNae6I=
Received: from mail-lj1-f200.google.com (mail-lj1-f200.google.com
 [209.85.208.200]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-669-2cDKpbGlMU6rZZXrASTNSw-1; Tue, 14 Jun 2022 05:22:37 -0400
X-MC-Unique: 2cDKpbGlMU6rZZXrASTNSw-1
Received: by mail-lj1-f200.google.com with SMTP id
 n11-20020a2ebd0b000000b0025567eefd27so1126545ljq.22
 for <stable@dpdk.org>; Tue, 14 Jun 2022 02:22:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc:content-transfer-encoding;
 bh=O+ozC8sTa7ZQTft5O0MYcZzWgzIL02VvGp0J3mtJ384=;
 b=ACOEj562o1IXIk2w1encThLzYSlo0UVVxaPBTHovtXzuWu9/MYV3zznJKH6mBaZZxp
 6R7D7APsZiNU5U1YJiLMOXdtbhitVacO/fJ5rm2rjCRRuo0dGBQ0EyJjTc6puWWfLY23
 LBRZakiu1eW2oTOAfLBe62f4sepQwhUyusCGCf5UCAORIwdsF51izXCxjjnoVWutq7Al
 ML3dx9tKdbpQt4lPGz69Tb6U4gFIu5lzh+dy7xX1n8VM4njz899M86/OyyIybOBgaWAB
 Pxr7kft06kjg+I2pq5WvYjFPkBk7pWnyHi+IRtkuQh8ZiDvewd34WHjLdg/CWT1TTK9k
 kCjg==
X-Gm-Message-State: AJIora95kyknU59/QJ4opGR8G2O1UGgDNp9VyJugUsoPgSIZJa0EgBzu
 PQZAnRTDSpiYy6mfBV2sL3SnS6uoGu6W/mjaYlYf21cBrxX0qTc3QVJChGW9cZp40paYdzAoP8X
 B+MqaOlAvUK4alhqfnixCwXE=
X-Received: by 2002:ac2:5201:0:b0:479:3923:9559 with SMTP id
 a1-20020ac25201000000b0047939239559mr2413999lfl.553.1655198556224; 
 Tue, 14 Jun 2022 02:22:36 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyAvX8BnJm023g+cpau6dAZHnm7z+mRdb8r+i9dMiNtlVVMRtQ6287RdjjxyHgY6kXQTjszbbVCJK5a3feakVw=
X-Received: by 2002:ac2:5201:0:b0:479:3923:9559 with SMTP id
 a1-20020ac25201000000b0047939239559mr2413985lfl.553.1655198555984; Tue, 14
 Jun 2022 02:22:35 -0700 (PDT)
MIME-Version: 1.0
References: <20220518101657.1230416-1-david.marchand@redhat.com>
 <20220518101657.1230416-11-david.marchand@redhat.com>
 <YpiMLYFry0vzlEtq@bricha3-MOBL.ger.corp.intel.com>
In-Reply-To: <YpiMLYFry0vzlEtq@bricha3-MOBL.ger.corp.intel.com>
From: David Marchand <david.marchand@redhat.com>
Date: Tue, 14 Jun 2022 11:22:24 +0200
Message-ID: <CAJFAV8wi6JucKwzxsCQWQ2bQ0_V5+JRY7BW2fsvbQGGAW=8nmw@mail.gmail.com>
Subject: Re: [PATCH 10/12] vhost/crypto: fix build with GCC 12
To: Bruce Richardson <bruce.richardson@intel.com>,
 Fan Zhang <roy.fan.zhang@intel.com>, 
 Maxime Coquelin <maxime.coquelin@redhat.com>, Chenbo Xia <chenbo.xia@intel.com>
Cc: dev <dev@dpdk.org>, Thomas Monjalon <thomas@monjalon.net>, 
 Ferruh Yigit <ferruh.yigit@xilinx.com>, dpdk stable <stable@dpdk.org>
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dmarchan@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

On Thu, Jun 2, 2022 at 12:09 PM Bruce Richardson
<bruce.richardson@intel.com> wrote:
>
> On Wed, May 18, 2022 at 12:16:55PM +0200, David Marchand wrote:
> > GCC 12 raises the following warning:
> >
> > In file included from ../lib/mempool/rte_mempool.h:46,
> >                  from ../lib/mbuf/rte_mbuf.h:38,
> >                  from ../lib/vhost/vhost_crypto.c:7:
> > ../lib/vhost/vhost_crypto.c: In function =E2=80=98rte_vhost_crypto_fetc=
h_requests=E2=80=99:
> > ../lib/eal/x86/include/rte_memcpy.h:371:9: warning: array subscript 1 i=
s
> >      outside array bounds of =E2=80=98struct virtio_crypto_op_data_req[=
1]=E2=80=99
> >      [-Warray-bounds]
> >   371 | rte_mov32((uint8_t *)dst + 3 * 32, (const uint8_t *)src + 3 * 3=
2);
> >       | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=
~~
> > ../lib/vhost/vhost_crypto.c:1178:42: note: while referencing =E2=80=98r=
eq=E2=80=99
> >  1178 |         struct virtio_crypto_op_data_req req;
> >       |                                          ^~~
> >
> > Check that copied length is within req boundaries.
> >
> > Fixes: 3c79609fda7c ("vhost/crypto: handle virtually non-contiguous buf=
fers")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: David Marchand <david.marchand@redhat.com>
> > ---
> >  lib/vhost/vhost_crypto.c | 8 ++++----
> >  1 file changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
> > index b1c0eb6a0f..83325b7042 100644
> > --- a/lib/vhost/vhost_crypto.c
> > +++ b/lib/vhost/vhost_crypto.c
> > @@ -576,16 +576,16 @@ copy_data(void *dst_data, struct vhost_crypto_dat=
a_req *vc_req,
> >       uint32_t to_copy;
> >       uint8_t *data =3D dst_data;
> >       uint8_t *src;
> > -     int left =3D size;
> > +     uint32_t left =3D size;
> >
> > -     to_copy =3D RTE_MIN(desc->len, (uint32_t)left);
> > +     to_copy =3D RTE_MIN(desc->len, left);
> >       dlen =3D to_copy;
> >       src =3D IOVA_TO_VVA(uint8_t *, vc_req, desc->addr, &dlen,
> >                       VHOST_ACCESS_RO);
>
> Tracking the functions which end up being called by this macro, the dlen
> parameter ends up being of type "uint64_t *", passing a value of int * or
> uint32_t * seems wrong to me. If we are changing the type from int to
> uint32_t, I think it should be promoted all the way to uint64_t.

Indeed.
I'll update in v2.

We already had some CVE on this part of the code, a careful review is neede=
d.


>
> > -     if (unlikely(!src || !dlen))
> > +     if (unlikely(!src || !dlen || dlen > left))
> >               return -1;
> >
>
> If this change is omitted, does the compiler still give warnings. Looking
> through the called code, the dlen parameter can only ever be reduced, not
> incremented (function rte_vhost_va_from_guest_pa() in rte_vhost.h).

If I promote to_copy and left variables as uint64_t, gcc is still
unhappy, for the same reason.
The check on dlen > left seems necessary.


>
> > -     rte_memcpy((uint8_t *)data, src, dlen);
> > +     rte_memcpy(data, src, dlen);
> >       data +=3D dlen;
> >
> >       if (unlikely(dlen < to_copy)) {
> > --
> > 2.36.1
> >
>

--=20
David Marchand