Re: [PATCH 10/12] vhost/crypto: fix build with GCC 12

Thu, 02 Jun 2022 03:08:57 -0700 

On Wed, May 18, 2022 at 12:16:55PM +0200, David Marchand wrote:
> GCC 12 raises the following warning:
> 
> In file included from ../lib/mempool/rte_mempool.h:46,
>                  from ../lib/mbuf/rte_mbuf.h:38,
>                  from ../lib/vhost/vhost_crypto.c:7:
> ../lib/vhost/vhost_crypto.c: In function ‘rte_vhost_crypto_fetch_requests’:
> ../lib/eal/x86/include/rte_memcpy.h:371:9: warning: array subscript 1 is
>      outside array bounds of ‘struct virtio_crypto_op_data_req[1]’
>      [-Warray-bounds]
>   371 | rte_mov32((uint8_t *)dst + 3 * 32, (const uint8_t *)src + 3 * 32);
>       | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ../lib/vhost/vhost_crypto.c:1178:42: note: while referencing ‘req’
>  1178 |         struct virtio_crypto_op_data_req req;
>       |                                          ^~~
> 
> Check that copied length is within req boundaries.
> 
> Fixes: 3c79609fda7c ("vhost/crypto: handle virtually non-contiguous buffers")
> Cc: sta...@dpdk.org
> 
> Signed-off-by: David Marchand <david.march...@redhat.com>
> ---
>  lib/vhost/vhost_crypto.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/lib/vhost/vhost_crypto.c b/lib/vhost/vhost_crypto.c
> index b1c0eb6a0f..83325b7042 100644
> --- a/lib/vhost/vhost_crypto.c
> +++ b/lib/vhost/vhost_crypto.c
> @@ -576,16 +576,16 @@ copy_data(void *dst_data, struct vhost_crypto_data_req 
> *vc_req,
>       uint32_t to_copy;
>       uint8_t *data = dst_data;
>       uint8_t *src;
> -     int left = size;
> +     uint32_t left = size;
>  
> -     to_copy = RTE_MIN(desc->len, (uint32_t)left);
> +     to_copy = RTE_MIN(desc->len, left);
>       dlen = to_copy;
>       src = IOVA_TO_VVA(uint8_t *, vc_req, desc->addr, &dlen,
>                       VHOST_ACCESS_RO);

Tracking the functions which end up being called by this macro, the dlen
parameter ends up being of type "uint64_t *", passing a value of int * or
uint32_t * seems wrong to me. If we are changing the type from int to
uint32_t, I think it should be promoted all the way to uint64_t.

> -     if (unlikely(!src || !dlen))
> +     if (unlikely(!src || !dlen || dlen > left))
>               return -1;
>  

If this change is omitted, does the compiler still give warnings. Looking
through the called code, the dlen parameter can only ever be reduced, not
incremented (function rte_vhost_va_from_guest_pa() in rte_vhost.h).

> -     rte_memcpy((uint8_t *)data, src, dlen);
> +     rte_memcpy(data, src, dlen);
>       data += dlen;
>  
>       if (unlikely(dlen < to_copy)) {
> -- 
> 2.36.1
>

Reply via email to