From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id C5ACD5A004E for ; Mon, 15 Jul 2024 07:46:00 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1721022356; bh=H6XNOplHLSxi68fB/ATLliaoSaK9ml9KFfvly61LX8A=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=bL2sfWrCHvyA5IM8l68EIbcFI2lKmqH90WtmLelfgJ4wPIje/Gj5M3pT8C+TmqgqM bAOEZPdQHBnfYUQsODTjlQIWIHd2Poow2z/PvbL1I45ULZkhPng3ijl3KPyPxwVRsl 5kazmwZaHVeRkh1HMRKX0URYIWfu5iBp+x/RFC/Gqe2h7FRM7+kcB9etPuLcnIVtxJ 5jgEt8D07pBhFBdxbSopWb+TjuCCLYEuLwRC1dGmRcTeYSWm6l0gpASIG8snBrpAUB NQnzrtulfFdQvQT5rdNUa+hp3vym54uJpX8kjLKrR17zYwMvrLuRKMaWhSS13lX4ZU x78LTu5aCDtGg== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4WMrlm3HbCz4x04; Mon, 15 Jul 2024 15:45:56 +1000 (AEST) Date: Mon, 15 Jul 2024 14:59:42 +1000 From: David Gibson To: Laurent Vivier Subject: Re: [PATCH v2 1/4] packet: replace struct desc by struct iovec Message-ID: References: <20240712153244.831436-1-lvivier@redhat.com> <20240712153244.831436-2-lvivier@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="LSH+HaOD8KhfC6Je" Content-Disposition: inline In-Reply-To: <20240712153244.831436-2-lvivier@redhat.com> Message-ID-Hash: FXRGWZJZXWV5KOBOX2VRVAKOZWFQXDQ7 X-Message-ID-Hash: FXRGWZJZXWV5KOBOX2VRVAKOZWFQXDQ7 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --LSH+HaOD8KhfC6Je Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 12, 2024 at 05:32:41PM +0200, Laurent Vivier wrote: > To be able to manage buffers inside a shared memory provided > by a VM via a vhost-user interface, we cannot rely on the fact > that buffers are located in a pre-defined memory area and use > a base address and a 32bit offset to address them. >=20 > We need a 64bit address, so replace struct desc by struct iovec > and update range checking. >=20 > Signed-off-by: Laurent Vivier > --- > packet.c | 84 +++++++++++++++++++++++++++++++------------------------- > packet.h | 14 ++-------- > 2 files changed, 49 insertions(+), 49 deletions(-) >=20 > diff --git a/packet.c b/packet.c > index ccfc84607709..f7bb523c4ffa 100644 > --- a/packet.c > +++ b/packet.c > @@ -22,6 +22,39 @@ > #include "util.h" > #include "log.h" > =20 > +/** > + * packet_check_range() - Check if a packet memory range is valid > + * @p: Packet pool > + * @offset: Offset of data range in packet descriptor > + * @len: Length of desired data range > + * @start: Start of the packet descriptor > + * @func: For tracing: name of calling function, NULL means no trace() > + * @line: For tracing: caller line of function call > + * > + * Return: 0 if the range is valid, -1 otherwise > + */ > +static int packet_check_range(const struct pool *p, size_t offset, size_= t len, > + const char *start, const char *func, int line) > +{ > + if (start < p->buf) { > + if (func) { Omitting the message entirely if func is not set doesn't seem correct. I believe printf() should format NULL pointers sanely (typically as ""), so I think you can just leave out this check. > + trace("add packet start %p before buffer start %p, " > + "%s:%i", (void *)start, (void *)p->buf, func, line); > + } > + return -1; > + } > + > + if (start + len + offset > p->buf + p->buf_size) { It's not really clear to me why offset is needed in here. AIUI, offset is used when we want to talk about some piece of a larger packet/frame that's in the buffer. That's useful when we're dissecting packets, but surely we always want the whole frame/whatever to be within the buffer, so I don't know we need the extra complexity in this helper. I also think we should check for overflow on the LHS here, but that's pre-existing, so it doesn't need to go in this patch. > + if (func) { > + trace("packet offset plus length %lu from size %lu, " > + "%s:%i", start - p->buf + len + offset, > + p->buf_size, func, line); > + } > + return -1; > + } > + > + return 0; > +} > /** > * packet_add_do() - Add data as packet descriptor to given pool > * @p: Existing pool > @@ -41,34 +74,16 @@ void packet_add_do(struct pool *p, size_t len, const = char *start, > return; > } > =20 > - if (start < p->buf) { > - trace("add packet start %p before buffer start %p, %s:%i", > - (void *)start, (void *)p->buf, func, line); > + if (packet_check_range(p, 0, len, start, func, line)) > return; > - } > - > - if (start + len > p->buf + p->buf_size) { > - trace("add packet start %p, length: %zu, buffer end %p, %s:%i", > - (void *)start, len, (void *)(p->buf + p->buf_size), > - func, line); > - return; > - } > =20 > if (len > UINT16_MAX) { > trace("add packet length %zu, %s:%i", len, func, line); > return; > } > =20 > -#if UINTPTR_MAX =3D=3D UINT64_MAX > - if ((uintptr_t)start - (uintptr_t)p->buf > UINT32_MAX) { > - trace("add packet start %p, buffer start %p, %s:%i", > - (void *)start, (void *)p->buf, func, line); > - return; > - } > -#endif > - > - p->pkt[idx].offset =3D start - p->buf; > - p->pkt[idx].len =3D len; > + p->pkt[idx].iov_base =3D (void *)start; > + p->pkt[idx].iov_len =3D len; > =20 > p->count++; > } > @@ -96,36 +111,31 @@ void *packet_get_do(const struct pool *p, size_t idx= , size_t offset, > return NULL; > } > =20 > - if (len > UINT16_MAX || len + offset > UINT32_MAX) { > + if (len > UINT16_MAX) { > if (func) { > - trace("packet data length %zu, offset %zu, %s:%i", > - len, offset, func, line); > + trace("packet data length %zu, %s:%i", > + len, func, line); Should this be an assert? Seems like something is wrong in the caller, if they're trying to pass in a ludicrously long packet. > } > return NULL; > } > =20 > - if (p->pkt[idx].offset + len + offset > p->buf_size) { > + if (len + offset > p->pkt[idx].iov_len) { > if (func) { > - trace("packet offset plus length %zu from size %zu, " > - "%s:%i", p->pkt[idx].offset + len + offset, > - p->buf_size, func, line); > + trace("data length %zu, offset %zu from length %zu, " > + "%s:%i", len, offset, p->pkt[idx].iov_len, > + func, line); > } > return NULL; > } > =20 > - if (len + offset > p->pkt[idx].len) { > - if (func) { > - trace("data length %zu, offset %zu from length %u, " > - "%s:%i", len, offset, p->pkt[idx].len, > - func, line); > - } > + if (packet_check_range(p, offset, len, p->pkt[idx].iov_base, > + func, line)) > return NULL; > - } > =20 > if (left) > - *left =3D p->pkt[idx].len - offset - len; > + *left =3D p->pkt[idx].iov_len - offset - len; > =20 > - return p->buf + p->pkt[idx].offset + offset; > + return (char *)p->pkt[idx].iov_base + offset; > } > =20 > /** > diff --git a/packet.h b/packet.h > index a784b07bbed5..8377dcf678bb 100644 > --- a/packet.h > +++ b/packet.h > @@ -6,16 +6,6 @@ > #ifndef PACKET_H > #define PACKET_H > =20 > -/** > - * struct desc - Generic offset-based descriptor within buffer > - * @offset: Offset of descriptor relative to buffer start, 32-bit limit > - * @len: Length of descriptor, host order, 16-bit limit > - */ > -struct desc { > - uint32_t offset; > - uint16_t len; > -}; > - > /** > * struct pool - Generic pool of packets stored in a buffer > * @buf: Buffer storing packet descriptors > @@ -29,7 +19,7 @@ struct pool { > size_t buf_size; > size_t size; > size_t count; > - struct desc pkt[1]; > + struct iovec pkt[1]; > }; > =20 > void packet_add_do(struct pool *p, size_t len, const char *start, > @@ -54,7 +44,7 @@ struct _name ## _t { \ > size_t buf_size; \ > size_t size; \ > size_t count; \ > - struct desc pkt[_size]; \ > + struct iovec pkt[_size]; \ > } > =20 > #define PACKET_POOL_INIT_NOCAST(_size, _buf, _buf_size) \ --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --LSH+HaOD8KhfC6Je Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmaUrL0ACgkQzQJF27ox 2Gdo+RAApLvyFCMKYGJvpDqfGQaWFccOA9pvPfP+lvnjevBrsJEXFPkfFzxzL+d5 ImuaHvUCvlswvfkjtE7SPur0bQiZ7AjSzNf8o1Ht9cBDgonryJZ9f60s/DgTdyT8 jJQIGym1ttJMLu/Rk3QuPFvZTYQxqJdgRllWP1CiMe1htJPsbzDqoH6YqJLHBM17 cvQ3IJlvG81aZWGKy45SHiXj6KVzhaYfF1YmLc6m2TgD13Yq4rcR9q7gpDKIivT+ u2+L4y2d+Oi71uvUg9knmwg9rrv/Dwa9YZKSnkst7JMsTH4P/4QppuSfpx/UZkZ7 rz14YFpKVNRaxzPyetzzqmGVqXSXuG3Y+cf5MEgoyPWXrgHN4OfUC57xE79uP0Lc q5yCl4813tvKtuvF14w0GxG/w3eUghcp8A2MauNrCh/sfQxcpS47c+RcrxzqH4sG xJODMr3PXeJsJ6VwNXds5Z1WUSa0o6yooFPRr4+vGkJxWH5LWxFOMQpekWYyI34h Eo5sIIAauyymj8aIwBsFcZz3lhg/fHXfJTyTAFi5pSDjP30PMVuy6xFu9CO+87xy s5n/zMVfzrEWrEFHl+lbkCGjlESLLWsE6KcIN3k2TenAXP3tc49TINdMuxREGqns ajNVDx3zITkaoSqmJDf6iFGC/1Jbya33wNhglCmaG3QOGmh26JU= =OGEv -----END PGP SIGNATURE----- --LSH+HaOD8KhfC6Je--