Patchwork [dpdk-dev,v3] ethdev: check for invalid device name

login
register
mail settings
Submitter Stephen Hemminger
Date March 14, 2019, 4:20 p.m.
Message ID <20190314162047.20375-1-stephen@networkplumber.org>
Download mbox | patch
Permalink /patch/748941/
State New
Headers show

Comments

Stephen Hemminger - March 14, 2019, 4:20 p.m.
Do not allow creating a ethernet device with a name over the
allowed maximum (or zero length). This is safer than silently truncating
which is what happens now.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
---
v3 -- fix whitespace issue

 lib/librte_ethdev/rte_ethdev.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)
Zhang Qi - March 15, 2019, 1:13 a.m.
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Stephen Hemminger
> Sent: Friday, March 15, 2019 12:21 AM
> To: dev@dpdk.org
> Cc: Stephen Hemminger <stephen@networkplumber.org>
> Subject: [dpdk-dev] [PATCH v3] ethdev: check for invalid device name
> 
> Do not allow creating a ethernet device with a name over the allowed maximum
> (or zero length). This is safer than silently truncating which is what happens now.
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> ---
> v3 -- fix whitespace issue
> 
>  lib/librte_ethdev/rte_ethdev.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
> index 85c1794968dd..cf69daaf3224 100644
> --- a/lib/librte_ethdev/rte_ethdev.c
> +++ b/lib/librte_ethdev/rte_ethdev.c
> @@ -438,6 +438,18 @@ rte_eth_dev_allocate(const char *name)  {
>  	uint16_t port_id;
>  	struct rte_eth_dev *eth_dev = NULL;
> +	size_t name_len;
> +
> +	name_len = strnlen(name, RTE_ETH_NAME_MAX_LEN);
> +	if (name_len == 0) {
> +		RTE_ETHDEV_LOG(ERR, "Zero length Ethernet device name\n");
> +		return NULL;
> +	}
> +
> +	if (name_len >= RTE_ETH_NAME_MAX_LEN) {
> +		RTE_ETHDEV_LOG(ERR, "Ethernet device name is too long\n");
> +		return NULL;
> +	}
> 
>  	rte_eth_dev_shared_data_prepare();
> 
> --
> 2.17.1

Acked-by: Qi Zhang <qi.z.zhang@intel.com>
Ali Alnubani - March 18, 2019, 12:32 p.m.
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Stephen Hemminger
> Sent: Thursday, March 14, 2019 6:21 PM
> To: dev@dpdk.org
> Cc: Stephen Hemminger <stephen@networkplumber.org>
> Subject: [dpdk-dev] [PATCH v3] ethdev: check for invalid device name
> 
> Do not allow creating a ethernet device with a name over the allowed
> maximum (or zero length). This is safer than silently truncating which is what
> happens now.
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> ---
> v3 -- fix whitespace issue
> 
>  lib/librte_ethdev/rte_ethdev.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
> index 85c1794968dd..cf69daaf3224 100644
> --- a/lib/librte_ethdev/rte_ethdev.c
> +++ b/lib/librte_ethdev/rte_ethdev.c
> @@ -438,6 +438,18 @@ rte_eth_dev_allocate(const char *name)  {
>  	uint16_t port_id;
>  	struct rte_eth_dev *eth_dev = NULL;
> +	size_t name_len;
> +
> +	name_len = strnlen(name, RTE_ETH_NAME_MAX_LEN);
> +	if (name_len == 0) {
> +		RTE_ETHDEV_LOG(ERR, "Zero length Ethernet device
> name\n");
> +		return NULL;
> +	}
> +
> +	if (name_len >= RTE_ETH_NAME_MAX_LEN) {
> +		RTE_ETHDEV_LOG(ERR, "Ethernet device name is too
> long\n");
> +		return NULL;
> +	}
> 
>  	rte_eth_dev_shared_data_prepare();
> 
> --
> 2.17.1

Acked-by: Ali Alnubani <alialnu@mellanox.com>
Ferruh Yigit - March 20, 2019, 2:28 p.m.
On 3/14/2019 4:20 PM, Stephen Hemminger wrote:
> Do not allow creating a ethernet device with a name over the
> allowed maximum (or zero length). This is safer than silently truncating
> which is what happens now.
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> ---
> v3 -- fix whitespace issue
> 
>  lib/librte_ethdev/rte_ethdev.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
> index 85c1794968dd..cf69daaf3224 100644
> --- a/lib/librte_ethdev/rte_ethdev.c
> +++ b/lib/librte_ethdev/rte_ethdev.c
> @@ -438,6 +438,18 @@ rte_eth_dev_allocate(const char *name)
>  {
>  	uint16_t port_id;
>  	struct rte_eth_dev *eth_dev = NULL;
> +	size_t name_len;
> +
> +	name_len = strnlen(name, RTE_ETH_NAME_MAX_LEN);

'strlen' does not check against NULL pointer and it will crash if NULL provided.

This is internal API, so the input is not completely out of our control but
still as an API if we need to check zero length, shouldn't we check for NULL
pointer as well?

> +	if (name_len == 0) {
> +		RTE_ETHDEV_LOG(ERR, "Zero length Ethernet device name\n");
> +		return NULL;
> +	}
> +
> +	if (name_len >= RTE_ETH_NAME_MAX_LEN) {
> +		RTE_ETHDEV_LOG(ERR, "Ethernet device name is too long\n");
> +		return NULL;
> +	}
>  
>  	rte_eth_dev_shared_data_prepare();
>  
>
Stephen Hemminger - March 20, 2019, 5:52 p.m.
On Wed, 20 Mar 2019 14:28:22 +0000
Ferruh Yigit <ferruh.yigit@intel.com> wrote:

> On 3/14/2019 4:20 PM, Stephen Hemminger wrote:
> > Do not allow creating a ethernet device with a name over the
> > allowed maximum (or zero length). This is safer than silently truncating
> > which is what happens now.
> > 
> > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> > Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> > ---
> > v3 -- fix whitespace issue
> > 
> >  lib/librte_ethdev/rte_ethdev.c | 12 ++++++++++++
> >  1 file changed, 12 insertions(+)
> > 
> > diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
> > index 85c1794968dd..cf69daaf3224 100644
> > --- a/lib/librte_ethdev/rte_ethdev.c
> > +++ b/lib/librte_ethdev/rte_ethdev.c
> > @@ -438,6 +438,18 @@ rte_eth_dev_allocate(const char *name)
> >  {
> >  	uint16_t port_id;
> >  	struct rte_eth_dev *eth_dev = NULL;
> > +	size_t name_len;
> > +
> > +	name_len = strnlen(name, RTE_ETH_NAME_MAX_LEN);  
> 
> 'strlen' does not check against NULL pointer and it will crash if NULL provided.
> 
> This is internal API, so the input is not completely out of our control but
> still as an API if we need to check zero length, shouldn't we check for NULL
> pointer as well?

Maybe, but none of the other DPDK API's check for NULL in name fields.
Probably best to just crash.
Ferruh Yigit - March 21, 2019, 6:51 p.m.
On 3/15/2019 1:13 AM, Zhang, Qi Z wrote:
> 
> 
>> -----Original Message-----
>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Stephen Hemminger
>> Sent: Friday, March 15, 2019 12:21 AM
>> To: dev@dpdk.org
>> Cc: Stephen Hemminger <stephen@networkplumber.org>
>> Subject: [dpdk-dev] [PATCH v3] ethdev: check for invalid device name
>>
>> Do not allow creating a ethernet device with a name over the allowed maximum
>> (or zero length). This is safer than silently truncating which is what happens now.
>>
>> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
>> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> 
> Acked-by: Qi Zhang <qi.z.zhang@intel.com>
> 

Applied to dpdk-next-net/master, thanks.

Patch

diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
index 85c1794968dd..cf69daaf3224 100644
--- a/lib/librte_ethdev/rte_ethdev.c
+++ b/lib/librte_ethdev/rte_ethdev.c
@@ -438,6 +438,18 @@  rte_eth_dev_allocate(const char *name)
 {
 	uint16_t port_id;
 	struct rte_eth_dev *eth_dev = NULL;
+	size_t name_len;
+
+	name_len = strnlen(name, RTE_ETH_NAME_MAX_LEN);
+	if (name_len == 0) {
+		RTE_ETHDEV_LOG(ERR, "Zero length Ethernet device name\n");
+		return NULL;
+	}
+
+	if (name_len >= RTE_ETH_NAME_MAX_LEN) {
+		RTE_ETHDEV_LOG(ERR, "Ethernet device name is too long\n");
+		return NULL;
+	}
 
 	rte_eth_dev_shared_data_prepare();