Message ID | 1460727549-4380-1-git-send-email-tomaszx.kulasek@intel.com (mailing list archive) |
---|---|
State | Superseded, archived |
Delegated to: | Bruce Richardson |
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id 310994AC7; Fri, 15 Apr 2016 15:39:18 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 82F532C00 for <dev@dpdk.org>; Fri, 15 Apr 2016 15:39:17 +0200 (CEST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga102.fm.intel.com with ESMTP; 15 Apr 2016 06:39:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.24,487,1455004800"; d="scan'208";a="933153136" Received: from unknown (HELO Sent) ([10.217.248.133]) by orsmga001.jf.intel.com with SMTP; 15 Apr 2016 06:39:14 -0700 Received: by Sent (sSMTP sendmail emulation); Fri, 15 Apr 2016 15:39:13 +0200 From: Tomasz Kulasek <tomaszx.kulasek@intel.com> To: dev@dpdk.org Cc: helin.zhang@intel.com, konstantin.ananyev@intel.com Date: Fri, 15 Apr 2016 15:39:09 +0200 Message-Id: <1460727549-4380-1-git-send-email-tomaszx.kulasek@intel.com> X-Mailer: git-send-email 2.1.4 Subject: [dpdk-dev] [PATCH] ixgbe: fix bad shift operation in ixgbe_set_pool_rx X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Commit Message
Tomasz Kulasek
April 15, 2016, 1:39 p.m. UTC
CID 13193 (#1 of 1): Bad bit shift operation (BAD_SHIFT)
large_shift: In expression 1 << pool, left shifting by more than 31 bits
has undefined behavior. The shift amount, pool, is at least 32.
This patch limits mask shift to be in range of 32 bit PFVFRE[1] register,
for pool > 31.
Fixes: fe3a45fd4104 ("ixgbe: add VMDq support")
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
---
drivers/net/ixgbe/ixgbe_ethdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Hi Tomasz, > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Tomasz Kulasek > Sent: Friday, April 15, 2016 9:39 PM > To: dev@dpdk.org > Cc: Zhang, Helin; Ananyev, Konstantin > Subject: [dpdk-dev] [PATCH] ixgbe: fix bad shift operation in ixgbe_set_pool_rx > > CID 13193 (#1 of 1): Bad bit shift operation (BAD_SHIFT) > large_shift: In expression 1 << pool, left shifting by more than 31 bits has > undefined behavior. The shift amount, pool, is at least 32. > > This patch limits mask shift to be in range of 32 bit PFVFRE[1] register, for pool > > 31. > > Fixes: fe3a45fd4104 ("ixgbe: add VMDq support") > > Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com> Acked-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
On Fri, Apr 15, 2016 at 03:39:09PM +0200, Tomasz Kulasek wrote: > CID 13193 (#1 of 1): Bad bit shift operation (BAD_SHIFT) > large_shift: In expression 1 << pool, left shifting by more than 31 bits > has undefined behavior. The shift amount, pool, is at least 32. > > This patch limits mask shift to be in range of 32 bit PFVFRE[1] register, > for pool > 31. > > Fixes: fe3a45fd4104 ("ixgbe: add VMDq support") > > Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com> > --- > drivers/net/ixgbe/ixgbe_ethdev.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c > index 3f1ebc1..f676a64 100644 > --- a/drivers/net/ixgbe/ixgbe_ethdev.c > +++ b/drivers/net/ixgbe/ixgbe_ethdev.c > @@ -4401,7 +4401,7 @@ ixgbe_set_pool_rx(struct rte_eth_dev *dev, uint16_t pool, uint8_t on) > > addr = IXGBE_VFRE(pool >= ETH_64_POOLS/2); > reg = IXGBE_READ_REG(hw, addr); > - val = bit1 << pool; > + val = bit1 << (pool & 0x01F); > Are we sure this is the correct way to fix this. Rather than silently truncating the pool value, are we not better to check our input parameters and return EINVAL to the caller if pool overflows? /Bruce
> -----Original Message----- > From: Richardson, Bruce > Sent: Thursday, April 21, 2016 15:52 > To: Kulasek, TomaszX <tomaszx.kulasek@intel.com> > Cc: dev@dpdk.org; Zhang, Helin <helin.zhang@intel.com>; Ananyev, > Konstantin <konstantin.ananyev@intel.com> > Subject: Re: [dpdk-dev] [PATCH] ixgbe: fix bad shift operation in > ixgbe_set_pool_rx > > On Fri, Apr 15, 2016 at 03:39:09PM +0200, Tomasz Kulasek wrote: > > CID 13193 (#1 of 1): Bad bit shift operation (BAD_SHIFT) > > large_shift: In expression 1 << pool, left shifting by more than 31 > > bits has undefined behavior. The shift amount, pool, is at least 32. > > > > This patch limits mask shift to be in range of 32 bit PFVFRE[1] > > register, for pool > 31. > > > > Fixes: fe3a45fd4104 ("ixgbe: add VMDq support") > > > > Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com> > > --- > > drivers/net/ixgbe/ixgbe_ethdev.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c > > b/drivers/net/ixgbe/ixgbe_ethdev.c > > index 3f1ebc1..f676a64 100644 > > --- a/drivers/net/ixgbe/ixgbe_ethdev.c > > +++ b/drivers/net/ixgbe/ixgbe_ethdev.c > > @@ -4401,7 +4401,7 @@ ixgbe_set_pool_rx(struct rte_eth_dev *dev, > > uint16_t pool, uint8_t on) > > > > addr = IXGBE_VFRE(pool >= ETH_64_POOLS/2); For pool in 0..31 PFVFRE[0] is used, for pool in 32..63, PFVFRE[1], but for second case, we set/unset (pool-32) bit in the register. Invalid value if pool > 63, but catching it doesn't solve a problem of possible overflow for pool > 31. > > reg = IXGBE_READ_REG(hw, addr); > > - val = bit1 << pool; Previous implementation expects that for shift operation will be used rol on 32 bit value, and the bits that slide off the end of the register are fed back into the spaces, eg. (bit1 << 33) == (bit1 << 1). Pool value can be bigger than 31, and this is not an error while pool is smaller than 64. Truncating pool value is clearer for me, than relay on obscure shift operation. > > + val = bit1 << (pool & 0x01F); > > > Are we sure this is the correct way to fix this. Rather than silently > truncating the pool value, are we not better to check our input parameters > and return EINVAL to the caller if pool overflows? > > /Bruce Tomasz
On Thu, Apr 21, 2016 at 03:44:03PM +0100, Kulasek, TomaszX wrote: > > > > -----Original Message----- > > From: Richardson, Bruce > > Sent: Thursday, April 21, 2016 15:52 > > To: Kulasek, TomaszX <tomaszx.kulasek@intel.com> > > Cc: dev@dpdk.org; Zhang, Helin <helin.zhang@intel.com>; Ananyev, > > Konstantin <konstantin.ananyev@intel.com> > > Subject: Re: [dpdk-dev] [PATCH] ixgbe: fix bad shift operation in > > ixgbe_set_pool_rx > > > > On Fri, Apr 15, 2016 at 03:39:09PM +0200, Tomasz Kulasek wrote: > > > CID 13193 (#1 of 1): Bad bit shift operation (BAD_SHIFT) > > > large_shift: In expression 1 << pool, left shifting by more than 31 > > > bits has undefined behavior. The shift amount, pool, is at least 32. > > > > > > This patch limits mask shift to be in range of 32 bit PFVFRE[1] > > > register, for pool > 31. > > > > > > Fixes: fe3a45fd4104 ("ixgbe: add VMDq support") > > > > > > Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com> > > > --- > > > drivers/net/ixgbe/ixgbe_ethdev.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c > > > b/drivers/net/ixgbe/ixgbe_ethdev.c > > > index 3f1ebc1..f676a64 100644 > > > --- a/drivers/net/ixgbe/ixgbe_ethdev.c > > > +++ b/drivers/net/ixgbe/ixgbe_ethdev.c > > > @@ -4401,7 +4401,7 @@ ixgbe_set_pool_rx(struct rte_eth_dev *dev, > > > uint16_t pool, uint8_t on) > > > > > > addr = IXGBE_VFRE(pool >= ETH_64_POOLS/2); > > For pool in 0..31 PFVFRE[0] is used, for pool in 32..63, PFVFRE[1], but for second case, we set/unset (pool-32) bit in the register. Invalid value if pool > 63, but catching it doesn't solve a problem of possible overflow for pool > 31. > > > > reg = IXGBE_READ_REG(hw, addr); > > > - val = bit1 << pool; > > Previous implementation expects that for shift operation will be used rol on 32 bit value, and the bits that slide off the end of the register are fed back into the spaces, eg. (bit1 << 33) == (bit1 << 1). > Pool value can be bigger than 31, and this is not an error while pool is smaller than 64. > > Truncating pool value is clearer for me, than relay on obscure shift operation. > Thanks for the explanation, that indeed does make it clearer. However, all that detail is completely unclear to the reader of the function, so perhaps we can clean up the code to make it more explicit what is happening. For example: /* for pool >= 32, set bit in PFVFRE[1], otherwise PFVFRE[0] */ if (pool >= ETH_64_POOLS) return -EINVAL; else if (pool >= ETH_64_POOLS/2) { addr = IXGBE_VFRE(1); val = bit1 << (pool - 32); } else { addr = IXGBE_VFRE(0); val = bit1 << pool; } reg = IXGBE_READ_REG(hw, addr); This should fix the issue and make the resulting code clearer, I think. /Bruce
> -----Original Message----- > From: Richardson, Bruce > Sent: Thursday, April 21, 2016 17:28 > To: Kulasek, TomaszX <tomaszx.kulasek@intel.com> > Cc: dev@dpdk.org; Zhang, Helin <helin.zhang@intel.com>; Ananyev, > Konstantin <konstantin.ananyev@intel.com> > Subject: Re: [dpdk-dev] [PATCH] ixgbe: fix bad shift operation in > ixgbe_set_pool_rx > > On Thu, Apr 21, 2016 at 03:44:03PM +0100, Kulasek, TomaszX wrote: > > > > > > > -----Original Message----- > > > From: Richardson, Bruce > > > Sent: Thursday, April 21, 2016 15:52 > > > To: Kulasek, TomaszX <tomaszx.kulasek@intel.com> > > > Cc: dev@dpdk.org; Zhang, Helin <helin.zhang@intel.com>; Ananyev, > > > Konstantin <konstantin.ananyev@intel.com> > > > Subject: Re: [dpdk-dev] [PATCH] ixgbe: fix bad shift operation in > > > ixgbe_set_pool_rx > > > > > > On Fri, Apr 15, 2016 at 03:39:09PM +0200, Tomasz Kulasek wrote: > > > > CID 13193 (#1 of 1): Bad bit shift operation (BAD_SHIFT) > > > > large_shift: In expression 1 << pool, left shifting by more than > > > > 31 bits has undefined behavior. The shift amount, pool, is at least > 32. > > > > > > > > This patch limits mask shift to be in range of 32 bit PFVFRE[1] > > > > register, for pool > 31. > > > > > > > > Fixes: fe3a45fd4104 ("ixgbe: add VMDq support") > > > > > > > > Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com> > > > > --- > > > > drivers/net/ixgbe/ixgbe_ethdev.c | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c > > > > b/drivers/net/ixgbe/ixgbe_ethdev.c > > > > index 3f1ebc1..f676a64 100644 > > > > --- a/drivers/net/ixgbe/ixgbe_ethdev.c > > > > +++ b/drivers/net/ixgbe/ixgbe_ethdev.c > > > > @@ -4401,7 +4401,7 @@ ixgbe_set_pool_rx(struct rte_eth_dev *dev, > > > > uint16_t pool, uint8_t on) > > > > > > > > addr = IXGBE_VFRE(pool >= ETH_64_POOLS/2); > > > > For pool in 0..31 PFVFRE[0] is used, for pool in 32..63, PFVFRE[1], but > for second case, we set/unset (pool-32) bit in the register. Invalid value > if pool > 63, but catching it doesn't solve a problem of possible overflow > for pool > 31. > > > > > > reg = IXGBE_READ_REG(hw, addr); > > > > - val = bit1 << pool; > > > > Previous implementation expects that for shift operation will be used > rol on 32 bit value, and the bits that slide off the end of the register > are fed back into the spaces, eg. (bit1 << 33) == (bit1 << 1). > > Pool value can be bigger than 31, and this is not an error while pool is > smaller than 64. > > > > Truncating pool value is clearer for me, than relay on obscure shift > operation. > > > Thanks for the explanation, that indeed does make it clearer. > > However, all that detail is completely unclear to the reader of the > function, so perhaps we can clean up the code to make it more explicit > what is happening. > For example: > > /* for pool >= 32, set bit in PFVFRE[1], otherwise PFVFRE[0] */ > if (pool >= ETH_64_POOLS) > return -EINVAL; > else if (pool >= ETH_64_POOLS/2) { > addr = IXGBE_VFRE(1); > val = bit1 << (pool - 32); > } else { > addr = IXGBE_VFRE(0); > val = bit1 << pool; > } > > reg = IXGBE_READ_REG(hw, addr); > > This should fix the issue and make the resulting code clearer, I think. > > /Bruce Yes, I got it. I will send v2. Tomasz
diff --git a/drivers/net/ixgbe/ixgbe_ethdev.c b/drivers/net/ixgbe/ixgbe_ethdev.c index 3f1ebc1..f676a64 100644 --- a/drivers/net/ixgbe/ixgbe_ethdev.c +++ b/drivers/net/ixgbe/ixgbe_ethdev.c @@ -4401,7 +4401,7 @@ ixgbe_set_pool_rx(struct rte_eth_dev *dev, uint16_t pool, uint8_t on) addr = IXGBE_VFRE(pool >= ETH_64_POOLS/2); reg = IXGBE_READ_REG(hw, addr); - val = bit1 << pool; + val = bit1 << (pool & 0x01F); if (on) reg |= val;