From: Jarod Wilson <jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Yishai Hadas <yishaih-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
Cc: linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Yishai Hadas <yishaih-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH libmlx5 2/6] fix coverity buffer overrun warning
Date: Thu, 28 Jul 2016 12:37:14 -0400 [thread overview]
Message-ID: <20160728163714.GP36313@redhat.com> (raw)
In-Reply-To: <9ee81879-93c4-97ee-eebf-3300533e4efe-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
On Thu, Jul 28, 2016 at 05:46:16PM +0300, Yishai Hadas wrote:
> On 7/27/2016 10:17 PM, Jarod Wilson wrote:
> >In set_umr_data_seg, there's a union between a 16-byte struct and a
> >64-byte array, named data. The code then makes a memset() call on the
> >struct that is sizeof(array) - sizeof(struct) long, which results in
> >writing 48 bytes to a 16 byte container. Technically, we know this is
> >actually fine, because of the union, but to silence the warning, we can
> >just do the memset on the array instead. Same address, same result, but no
> >warning spew from coverity.
> >
> >CC: Yishai Hadas <yishaih-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
> >Signed-off-by: Jarod Wilson <jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> >---
> > src/qp.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> >diff --git a/src/qp.c b/src/qp.c
> >index 51e1176..8bb66be 100644
> >--- a/src/qp.c
> >+++ b/src/qp.c
> >@@ -426,7 +426,7 @@ static void set_umr_data_seg(struct mlx5_qp *qp, enum ibv_mw_type type,
> > data->klm.mkey = htonl(bind_info->mr->lkey);
> > data->klm.address = htonll(bind_info->addr);
> >
> >- memset(&data->klm + 1, 0, sizeof(data->reserved) -
> >+ memset(&data->reserved + 1, 0, sizeof(data->reserved) -
> > sizeof(data->klm));
>
> As you pointed out this is false alarm, code is correct.
>
> Your suggestion seems wrong as it skipped size of 'reserved' instead
> of size of 'klm' (i.e. 16 bytes), isn't it ?
&data->klm + 1 and &data->reserved + 1 should point to the same location,
no? Must admit, I'm a little hazy on how a union pointer works.
Regardless, I think this might be much more straight-forward if we did
something like this:
>From 43e845cc1055e4f86a2e9c78e5a3eae2c1e915c4 Mon Sep 17 00:00:00 2001
From: Jarod Wilson <jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Date: Wed, 27 Jul 2016 11:35:02 -0400
Subject: [PATCH v2 libmlx5 2/6] fix coverity buffer overrun warning
In set_umr_data_seg, there's a union between a 16-byte struct and a
64-byte array, named data. The code then makes a memset() call on the
struct that is sizeof(array) - sizeof(struct) long, which results in
writing 48 bytes to a 16 byte container. Technically, we know this is
actually fine, because of the union, but to silence the warning and
simplify the pointer math and union gymnastics, simply zero out the entire
storage space before assigning klm bits.
Signed-off-by: Jarod Wilson <jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
---
src/qp.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/qp.c b/src/qp.c
index 51e1176..17f2c81 100644
--- a/src/qp.c
+++ b/src/qp.c
@@ -422,13 +422,12 @@ static void set_umr_data_seg(struct mlx5_qp *qp, enum ibv_mw_type type,
uint8_t reserved[64];
} *data = *seg;
+ memset(&data, 0, sizeof(*data));
+
data->klm.byte_count = htonl(bind_info->length);
data->klm.mkey = htonl(bind_info->mr->lkey);
data->klm.address = htonll(bind_info->addr);
- memset(&data->klm + 1, 0, sizeof(data->reserved) -
- sizeof(data->klm));
-
*seg += sizeof(*data);
*size += (sizeof(*data) / 16);
}
--
1.8.3.1
--
Jarod Wilson
jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-07-28 16:37 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-27 19:17 [PATCH libmlx5 0/6] libmlx5: fix various coverity/clang issues Jarod Wilson
[not found] ` <1469647047-7544-1-git-send-email-jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-27 19:17 ` [PATCH libmlx5 1/6] fix size in malloc of qp->sq.wr_data Jarod Wilson
[not found] ` <1469647047-7544-2-git-send-email-jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-28 14:42 ` Yishai Hadas
2016-07-27 19:17 ` [PATCH libmlx5 2/6] fix coverity buffer overrun warning Jarod Wilson
[not found] ` <1469647047-7544-3-git-send-email-jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-28 14:46 ` Yishai Hadas
[not found] ` <9ee81879-93c4-97ee-eebf-3300533e4efe-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2016-07-28 16:37 ` Jarod Wilson [this message]
[not found] ` <20160728163714.GP36313-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-28 20:12 ` Jarod Wilson
2016-07-27 19:17 ` [PATCH libmlx5 3/6] fix buffer overrun copying inline header Jarod Wilson
[not found] ` <1469647047-7544-4-git-send-email-jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-27 21:26 ` Jarod Wilson
[not found] ` <20160727212610.GJ36313-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-28 1:29 ` Jarod Wilson
2016-07-27 19:17 ` [PATCH libmlx5 4/6] fix check of mlx5_store_uidx return Jarod Wilson
[not found] ` <1469647047-7544-5-git-send-email-jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-28 15:04 ` Yishai Hadas
2016-07-27 19:17 ` [PATCH libmlx5 5/6] fix alloc of mlx5_resource table Jarod Wilson
[not found] ` <1469647047-7544-6-git-send-email-jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-28 15:25 ` Yishai Hadas
2016-07-27 19:17 ` [PATCH libmlx5 6/6] fix undefined uuar_index value assignment Jarod Wilson
[not found] ` <1469647047-7544-7-git-send-email-jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-27 21:27 ` Jarod Wilson
2016-07-28 1:31 ` [PATCH v2 " Jarod Wilson
[not found] ` <1469669515-23720-1-git-send-email-jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-28 15:53 ` Yishai Hadas
[not found] ` <828fc991-56e5-91e4-72e1-f10ca7c05aef-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2016-07-28 16:40 ` Jarod Wilson
2016-07-28 1:32 ` [PATCH libmlx5 7/6] combine inline_hdr and inline_hdr_start Jarod Wilson
[not found] ` <1469669554-23782-1-git-send-email-jarod-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-28 14:27 ` Jarod Wilson
[not found] ` <20160728142717.GO36313-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-07-28 16:39 ` Yishai Hadas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160728163714.GP36313@redhat.com \
--to=jarod-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=yishaih-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org \
--cc=yishaih-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).