From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTP id 370385A004F for ; Thu, 04 Jul 2024 17:52:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720108333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=jI5Q/vo5U3g36vYn9hg9OlEsTZClWGQUDR2EJJcA+I4=; b=ZBWLjusy6zS3ZyIDGVoQttMiBnR3s+AeyF4ge1yDB8tmjptMBo2QNmExopS9qI0fcwglT9 /ZAp63VKghZYXe+JO1CSg4dJ8Bk3OVz5/EvTnP9UqP2MeicT9EMFWrJ6gjhf594g2AZNon VeBTgn0WTEA0gInNmiCs9RwcOh7qQ1s= Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-492-SRBHRLCeMIquowF80dTU1A-1; Thu, 04 Jul 2024 11:52:12 -0400 X-MC-Unique: SRBHRLCeMIquowF80dTU1A-1 Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-79d9ee5e460so95319185a.1 for ; Thu, 04 Jul 2024 08:52:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720108332; x=1720713132; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=jI5Q/vo5U3g36vYn9hg9OlEsTZClWGQUDR2EJJcA+I4=; b=Y8puu0W7F7S0afsEO9ZT/fg3wpZNQHu45B01j+lcXk512ChxyhB0SmEJ1mCalsTnW+ FX1V2F3eIgCd+OR3X2LIYbdB6wiLuPGCvT5G94FQ7qHf3LSElxFm5l3QsgT+MVDkG0u9 QmVGCpgvAimZRT/r++j1qvV/Ftee3ckbUVqUAtrUpslvBRIxxWqzkmIu9atb779xZ3EN 34FLAsT26quh1BpZdroxJHPBBXJf2J2zlGKP5GtQ5eHDizuDBNR5DO2z2FLpvfBYjp6C 6N74SnNlIhWpSyXhzivzmZNaO9YWkXXUglgWlNZ3Y/g7ekTF7y71l0eCF3qJf0Ws0YYF vpQQ== X-Gm-Message-State: AOJu0YwJzz0+UHHDulbBkIcaCV3krX6n02zWpjL1uZKkIlOjtAnnTarb 1kV/Bt5i8Dv8pYXU9ZemLJyvfFBz5DDDSe+XUb329KhS4HpyiMTkDstMfw6d6ddlfIV5Vs3fVAt iRlV6iVldFLmqdnFsr8sJ3ewW8FuMhjMNitUNRq+DeqmPP/5nw2EYT7O3uQ== X-Received: by 2002:a05:620a:1a05:b0:79d:76e5:be87 with SMTP id af79cd13be357-79eee1a4c19mr277496685a.9.1720108331767; Thu, 04 Jul 2024 08:52:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH2SvGkg3HEkh5ZhINsSeoo+fQENF1aMvH4TWwGwwmRC2szI3otVA4DJzgoGIawmz7Zr20gAg== X-Received: by 2002:a05:620a:1a05:b0:79d:76e5:be87 with SMTP id af79cd13be357-79eee1a4c19mr277492785a.9.1720108331114; Thu, 04 Jul 2024 08:52:11 -0700 (PDT) Received: from ?IPV6:2a01:e0a:e10:ef90:8e19:3414:44f0:befd? ([2a01:e0a:e10:ef90:8e19:3414:44f0:befd]) by smtp.gmail.com with ESMTPSA id af79cd13be357-79d69309083sm685187485a.121.2024.07.04.08.52.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 04 Jul 2024 08:52:10 -0700 (PDT) Message-ID: Date: Thu, 4 Jul 2024 17:52:09 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 1/5] packet: replace struct desc by struct iovec To: David Gibson References: <20240621145640.1914287-1-lvivier@redhat.com> <20240621145640.1914287-2-lvivier@redhat.com> From: Laurent Vivier Autocrypt: addr=lvivier@redhat.com; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US, en-AU Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: 6BVFTEEKDQFOXXHK3AOOFK6LQ2MBBUDY X-Message-ID-Hash: 6BVFTEEKDQFOXXHK3AOOFK6LQ2MBBUDY X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 24/06/2024 04:48, David Gibson wrote: > On Fri, Jun 21, 2024 at 04:56:36PM +0200, Laurent Vivier wrote: > > Needs a commit message. > >> Signed-off-by: Laurent Vivier >> --- >> packet.c | 75 +++++++++++++++++++++++++++++++------------------------- >> packet.h | 14 ++--------- >> 2 files changed, 43 insertions(+), 46 deletions(-) >> >> diff --git a/packet.c b/packet.c >> index ccfc84607709..af2a539a1794 100644 >> --- a/packet.c >> +++ b/packet.c ... >> + } >> + >> + if (start + len + offset > p->buf + p->buf_size) { > > Also pre-existing, but I wonder if we should check for overflow of > (Start + len + offset). Originally, I didn't want to change the existing behaviour. Only to move code, and to use a common function for packet_add_do() and packet_get_do(). But if you think it should be better I can update the code for that: >> + if (func) { >> + trace("packet offset plus length %lu from size %lu, " >> + "%s:%i", start - p->buf + len + offset, >> + p->buf_size, func, line); >> + } >> + return -1; >> + } >> + >> +#if UINTPTR_MAX == UINT64_MAX >> + if ((uintptr_t)start - (uintptr_t)p->buf > UINT32_MAX) { > > I don't think this check is relevant any more if we're going to iovecs > - this was just because the offset in struct desc was only 32-bit. I agree. > >> + trace("add packet start %p, buffer start %p, %s:%i", >> + (void *)start, (void *)p->buf, func, line); >> + return -1; >> + } >> +#endif >> + >> + return 0; >> +} >> /** >> * packet_add_do() - Add data as packet descriptor to given pool >> * @p: Existing pool >> @@ -41,34 +71,16 @@ void packet_add_do(struct pool *p, size_t len, const char *start, >> return; >> } >> >> - if (start < p->buf) { >> - trace("add packet start %p before buffer start %p, %s:%i", >> - (void *)start, (void *)p->buf, func, line); >> + if (packet_check_range(p, 0, len, start, func, line)) >> return; >> - } >> - >> - if (start + len > p->buf + p->buf_size) { >> - trace("add packet start %p, length: %zu, buffer end %p, %s:%i", >> - (void *)start, len, (void *)(p->buf + p->buf_size), >> - func, line); >> - return; >> - } >> >> if (len > UINT16_MAX) { >> trace("add packet length %zu, %s:%i", len, func, line); >> return; >> } >> >> -#if UINTPTR_MAX == UINT64_MAX >> - if ((uintptr_t)start - (uintptr_t)p->buf > UINT32_MAX) { >> - trace("add packet start %p, buffer start %p, %s:%i", >> - (void *)start, (void *)p->buf, func, line); >> - return; >> - } >> -#endif >> - >> - p->pkt[idx].offset = start - p->buf; >> - p->pkt[idx].len = len; >> + p->pkt[idx].iov_base = (void *)start; >> + p->pkt[idx].iov_len = len; >> >> p->count++; >> } >> @@ -104,28 +116,23 @@ void *packet_get_do(const struct pool *p, size_t idx, size_t offset, >> return NULL; >> } >> >> - if (p->pkt[idx].offset + len + offset > p->buf_size) { >> + if (len + offset > p->pkt[idx].iov_len) { >> if (func) { >> - trace("packet offset plus length %zu from size %zu, " >> - "%s:%i", p->pkt[idx].offset + len + offset, >> - p->buf_size, func, line); >> + trace("data length %zu, offset %zu from length %zu, " >> + "%s:%i", len, offset, p->pkt[idx].iov_len, >> + func, line); > > I'm not sure either the old or new message is particularly descriptive > here :/ I think the func and line parameters will help to understand the problem, and the others why the trace is triggered. > >> } >> return NULL; >> } >> >> - if (len + offset > p->pkt[idx].len) { >> - if (func) { >> - trace("data length %zu, offset %zu from length %u, " >> - "%s:%i", len, offset, p->pkt[idx].len, >> - func, line); >> - } >> + if (packet_check_range(p, offset, len, p->pkt[idx].iov_base, >> + func, line)) > > Ah.. right.. in this case we certainly don't want ASSERT()s in > packet_check_range(). Still wonder if that would make more sense for > the packet add case, however. > > A couple of other points: > * You've effectively switched the order of the two different tests here > (one range checking against the entire buffer, one range checking > against a single packet). Any reason for that? The idea is to check the parameters are valid before checking the buffer is valid. > * Do we actually need the entire-buffer check here on the _get() > side? Isn't it enough to ensure that packets lie within the buffer > when they're inserted? Pre-existing, again, AFAICT. I wanted to keep the idea introduced in bb708111833e ("treewide: Packet abstraction with mandatory boundary checks") and checking we don't read outside of the buffer. Thanks, Laurent