[dpdk-dev] bugs and glitches in rte_cryptodev_devices_get

Mrozowicz, SlawomirX slawomirx.mrozowicz at intel.com
Fri Feb 3 13:26:23 CET 2017



>-----Original Message-----
>From: Stephen Hemminger [mailto:stephen at networkplumber.org]
>Sent: Wednesday, February 1, 2017 5:54 PM
>To: Mrozowicz, SlawomirX <slawomirx.mrozowicz at intel.com>; Doherty,
>Declan <declan.doherty at intel.com>
>Cc: dev at dpdk.org
>Subject: bugs and glitches in rte_cryptodev_devices_get
>
>The function rte_cryptodev_devices_get has several issues. I was just going
>to fix it, but think it need to be explained.
>
>One potentially serious one (reported by coverity) is:
>
>*** CID 141067:    (BAD_COMPARE)
>/lib/librte_cryptodev/rte_cryptodev.c: 503 in rte_cryptodev_devices_get()
>497     				&& (*devs + i)->attached ==
>498     						RTE_CRYPTODEV_ATTACHED)
>{
>499
>500     			dev = (*devs + i)->device;
>501
>502     			if (dev)
>>>>     CID 141067:    (BAD_COMPARE)
>>>>     Truncating the result of "strncmp" to "unsigned char" may cause it to be
>misinterpreted as 0. Note that "strncmp" may return an integer besides -1, 0,
>or 1.
>503     				cmp = strncmp(dev->driver->name,
>504     						dev_name,
>505     						strlen(dev_name));
>506     			else
>507     				cmp = strncmp((*devs + i)->data->name,
>508     						dev_name,
>/lib/librte_cryptodev/rte_cryptodev.c: 507 in rte_cryptodev_devices_get()
>501
>502     			if (dev)
>503     				cmp = strncmp(dev->driver->name,
>504     						dev_name,
>505     						strlen(dev_name));
>506     			else
>>>>     CID 141067:    (BAD_COMPARE)
>>>>     Truncating the result of "strncmp" to "unsigned char" may cause it to be
>misinterpreted as 0. Note that "strncmp" may return an integer besides -1, 0,
>or 1.
>507     				cmp = strncmp((*devs + i)->data->name,
>508     						dev_name,
>509     						strlen(dev_name));
>510
>511     			if (cmp == 0)
>512     				devices[count++] = (*devs + i)->data->dev_id;
>
>
>But also:
>
>1. Incorrect function signature:
>    * function returns int but never a negative value. should be unsigned.
>    * devices argument is not modified should be const.
>
>2. Original ABI seems short sighted with limit of 256 cryptodevs
>    * this seems like 8 bit mindset,  should really use unsigned int instead
>      of uint8_t for number of devices.
>
>3. Wacky indention of the if statement.
>
>4. Make variables local to the block they are used (cmp, dev)
>
>5. Use array instead of pointer:
>     ie. instead of *devs + i use devs[i]
>
We reconsider your suggestions and we addressed all your changes except add the const of the devices argument, since in our opinion it is not necessary.

>
>The overall code in question is:
>
>
>int
>rte_cryptodev_devices_get(const char *dev_name, uint8_t *devices,
>	uint8_t nb_devices)
>{
>	uint8_t i, cmp, count = 0;
>	struct rte_cryptodev **devs = &rte_cryptodev_globals->devs;
>	struct rte_device *dev;
>
>	for (i = 0; i < rte_cryptodev_globals->max_devs && count <
>nb_devices;
>			i++) {
>
>		if ((*devs + i)
>				&& (*devs + i)->attached ==
>						RTE_CRYPTODEV_ATTACHED)
>{
>
>			dev = (*devs + i)->device;
>
>			if (dev)
>				cmp = strncmp(dev->driver->name,
>						dev_name,
>						strlen(dev_name));
>			else
>				cmp = strncmp((*devs + i)->data->name,
>						dev_name,
>						strlen(dev_name));
>
>			if (cmp == 0)
>				devices[count++] = (*devs + i)->data->dev_id;
>		}
>	}
>
>	return count;
>}
>
>Please fix it.
>



More information about the dev mailing list