From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephen Hemminger <stephen@networkplumber.org>
Subject: bugs and glitches in rte_cryptodev_devices_get
Date: Wed, 1 Feb 2017 08:53:50 -0800
Message-ID: <20170201085321.7168505a@xeon-e3>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: dev@dpdk.org
To: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>,
	Declan Doherty <declan.doherty@intel.com>, q@dpdk.org
Return-path: <dev-bounces@dpdk.org>
Received: from mail-pg0-f54.google.com (mail-pg0-f54.google.com [74.125.83.54])
 by dpdk.org (Postfix) with ESMTP id 394C02C39
 for <dev@dpdk.org>; Wed,  1 Feb 2017 17:53:53 +0100 (CET)
Received: by mail-pg0-f54.google.com with SMTP id 3so51869111pgj.3
 for <dev@dpdk.org>; Wed, 01 Feb 2017 08:53:53 -0800 (PST)
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

The function rte_cryptodev_devices_get has several issues. I was just going to
fix it, but think it need to be explained.
 
One potentially serious one (reported by coverity) is:

*** CID 141067:    (BAD_COMPARE)
/lib/librte_cryptodev/rte_cryptodev.c: 503 in rte_cryptodev_devices_get()
497     				&& (*devs + i)->attached ==
498     						RTE_CRYPTODEV_ATTACHED) {
499     
500     			dev = (*devs + i)->device;
501     
502     			if (dev)
>>>     CID 141067:    (BAD_COMPARE)
>>>     Truncating the result of "strncmp" to "unsigned char" may cause it to be misinterpreted as 0. Note that "strncmp" may return an integer besides -1, 0, or 1.  
503     				cmp = strncmp(dev->driver->name,
504     						dev_name,
505     						strlen(dev_name));
506     			else
507     				cmp = strncmp((*devs + i)->data->name,
508     						dev_name,
/lib/librte_cryptodev/rte_cryptodev.c: 507 in rte_cryptodev_devices_get()
501     
502     			if (dev)
503     				cmp = strncmp(dev->driver->name,
504     						dev_name,
505     						strlen(dev_name));
506     			else
>>>     CID 141067:    (BAD_COMPARE)
>>>     Truncating the result of "strncmp" to "unsigned char" may cause it to be misinterpreted as 0. Note that "strncmp" may return an integer besides -1, 0, or 1.  
507     				cmp = strncmp((*devs + i)->data->name,
508     						dev_name,
509     						strlen(dev_name));
510     
511     			if (cmp == 0)
512     				devices[count++] = (*devs + i)->data->dev_id;


But also:

1. Incorrect function signature:
    * function returns int but never a negative value. should be unsigned.
    * devices argument is not modified should be const.

2. Original ABI seems short sighted with limit of 256 cryptodevs
    * this seems like 8 bit mindset,  should really use unsigned int instead
      of uint8_t for number of devices.

3. Wacky indention of the if statement.

4. Make variables local to the block they are used (cmp, dev)

5. Use array instead of pointer:
     ie. instead of *devs + i use devs[i]


The overall code in question is:


int
rte_cryptodev_devices_get(const char *dev_name, uint8_t *devices,
	uint8_t nb_devices)
{
	uint8_t i, cmp, count = 0;
	struct rte_cryptodev **devs = &rte_cryptodev_globals->devs;
	struct rte_device *dev;

	for (i = 0; i < rte_cryptodev_globals->max_devs && count < nb_devices;
			i++) {

		if ((*devs + i)
				&& (*devs + i)->attached ==
						RTE_CRYPTODEV_ATTACHED) {

			dev = (*devs + i)->device;

			if (dev)
				cmp = strncmp(dev->driver->name,
						dev_name,
						strlen(dev_name));
			else
				cmp = strncmp((*devs + i)->data->name,
						dev_name,
						strlen(dev_name));

			if (cmp == 0)
				devices[count++] = (*devs + i)->data->dev_id;
		}
	}

	return count;
}

Please fix it.