I guess this is slightly more correct. There is still a race here though.
After you make your copy of active_slave_count, the number of active
slaves could go to 0 and the memcpy() would copy an invalid element,
acitve_slaves[0]. There is no simple fix to this problem. Your patch
reduces the opportunity for a race but doesn't eliminate it.
What you are using this API for?
On 11/29/18 12:32 AM, Haifeng Lin wrote:
1. when memcpy slaves the internals->active_slave_count 1
2. return internals->active_slave_count is 2
3. the slaves[1] would be a random invalid value
Signed-off-by: Haifeng Lin <haifeng....@huawei.com>
---
drivers/net/bonding/rte_eth_bond_api.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/net/bonding/rte_eth_bond_api.c
b/drivers/net/bonding/rte_eth_bond_api.c
index 21bcd50..ed7b02e 100644
--- a/drivers/net/bonding/rte_eth_bond_api.c
+++ b/drivers/net/bonding/rte_eth_bond_api.c
@@ -815,6 +815,7 @@
uint16_t len)
{
struct bond_dev_private *internals;
+ uint16_t active_slave_count;
if (valid_bonded_port_id(bonded_port_id) != 0)
return -1;
@@ -824,13 +825,14 @@
internals = rte_eth_devices[bonded_port_id].data->dev_private;
- if (internals->active_slave_count > len)
+ active_slave_count = internals->active_slave_count;
+ if (active_slave_count > len)
return -1;
memcpy(slaves, internals->active_slaves,
- internals->active_slave_count * sizeof(internals->active_slaves[0]));
+ active_slave_count *
sizeof(internals->active_slaves[0]));
- return internals->active_slave_count;
+ return active_slave_count;
}
int
