[v3] ethdev: check for invalid device name

Message ID 20190314162047.20375-1-stephen@networkplumber.org
State Accepted, archived
Delegated to: Ferruh Yigit
Headers show
Series
  • [v3] ethdev: check for invalid device name
Related show

Checks

Context Check Description
ci/Intel-compilation success Compilation OK
ci/mellanox-Performance-Testing success Performance Testing PASS
ci/intel-Performance-Testing success Performance Testing PASS
ci/checkpatch success coding style OK

Commit Message

Stephen Hemminger March 14, 2019, 4:20 p.m.
Do not allow creating a ethernet device with a name over the
allowed maximum (or zero length). This is safer than silently truncating
which is what happens now.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
---
v3 -- fix whitespace issue

 lib/librte_ethdev/rte_ethdev.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Comments

Zhang, Qi Z March 15, 2019, 1:13 a.m. | #1
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Stephen Hemminger
> Sent: Friday, March 15, 2019 12:21 AM
> To: dev@dpdk.org
> Cc: Stephen Hemminger <stephen@networkplumber.org>
> Subject: [dpdk-dev] [PATCH v3] ethdev: check for invalid device name
> 
> Do not allow creating a ethernet device with a name over the allowed maximum
> (or zero length). This is safer than silently truncating which is what happens now.
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> ---
> v3 -- fix whitespace issue
> 
>  lib/librte_ethdev/rte_ethdev.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
> index 85c1794968dd..cf69daaf3224 100644
> --- a/lib/librte_ethdev/rte_ethdev.c
> +++ b/lib/librte_ethdev/rte_ethdev.c
> @@ -438,6 +438,18 @@ rte_eth_dev_allocate(const char *name)  {
>  	uint16_t port_id;
>  	struct rte_eth_dev *eth_dev = NULL;
> +	size_t name_len;
> +
> +	name_len = strnlen(name, RTE_ETH_NAME_MAX_LEN);
> +	if (name_len == 0) {
> +		RTE_ETHDEV_LOG(ERR, "Zero length Ethernet device name\n");
> +		return NULL;
> +	}
> +
> +	if (name_len >= RTE_ETH_NAME_MAX_LEN) {
> +		RTE_ETHDEV_LOG(ERR, "Ethernet device name is too long\n");
> +		return NULL;
> +	}
> 
>  	rte_eth_dev_shared_data_prepare();
> 
> --
> 2.17.1

Acked-by: Qi Zhang <qi.z.zhang@intel.com>
Ali Alnubani March 18, 2019, 12:32 p.m. | #2
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Stephen Hemminger
> Sent: Thursday, March 14, 2019 6:21 PM
> To: dev@dpdk.org
> Cc: Stephen Hemminger <stephen@networkplumber.org>
> Subject: [dpdk-dev] [PATCH v3] ethdev: check for invalid device name
> 
> Do not allow creating a ethernet device with a name over the allowed
> maximum (or zero length). This is safer than silently truncating which is what
> happens now.
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> ---
> v3 -- fix whitespace issue
> 
>  lib/librte_ethdev/rte_ethdev.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
> index 85c1794968dd..cf69daaf3224 100644
> --- a/lib/librte_ethdev/rte_ethdev.c
> +++ b/lib/librte_ethdev/rte_ethdev.c
> @@ -438,6 +438,18 @@ rte_eth_dev_allocate(const char *name)  {
>  	uint16_t port_id;
>  	struct rte_eth_dev *eth_dev = NULL;
> +	size_t name_len;
> +
> +	name_len = strnlen(name, RTE_ETH_NAME_MAX_LEN);
> +	if (name_len == 0) {
> +		RTE_ETHDEV_LOG(ERR, "Zero length Ethernet device
> name\n");
> +		return NULL;
> +	}
> +
> +	if (name_len >= RTE_ETH_NAME_MAX_LEN) {
> +		RTE_ETHDEV_LOG(ERR, "Ethernet device name is too
> long\n");
> +		return NULL;
> +	}
> 
>  	rte_eth_dev_shared_data_prepare();
> 
> --
> 2.17.1

Acked-by: Ali Alnubani <alialnu@mellanox.com>
Ferruh Yigit March 20, 2019, 2:28 p.m. | #3
On 3/14/2019 4:20 PM, Stephen Hemminger wrote:
> Do not allow creating a ethernet device with a name over the
> allowed maximum (or zero length). This is safer than silently truncating
> which is what happens now.
> 
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> ---
> v3 -- fix whitespace issue
> 
>  lib/librte_ethdev/rte_ethdev.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
> index 85c1794968dd..cf69daaf3224 100644
> --- a/lib/librte_ethdev/rte_ethdev.c
> +++ b/lib/librte_ethdev/rte_ethdev.c
> @@ -438,6 +438,18 @@ rte_eth_dev_allocate(const char *name)
>  {
>  	uint16_t port_id;
>  	struct rte_eth_dev *eth_dev = NULL;
> +	size_t name_len;
> +
> +	name_len = strnlen(name, RTE_ETH_NAME_MAX_LEN);

'strlen' does not check against NULL pointer and it will crash if NULL provided.

This is internal API, so the input is not completely out of our control but
still as an API if we need to check zero length, shouldn't we check for NULL
pointer as well?

> +	if (name_len == 0) {
> +		RTE_ETHDEV_LOG(ERR, "Zero length Ethernet device name\n");
> +		return NULL;
> +	}
> +
> +	if (name_len >= RTE_ETH_NAME_MAX_LEN) {
> +		RTE_ETHDEV_LOG(ERR, "Ethernet device name is too long\n");
> +		return NULL;
> +	}
>  
>  	rte_eth_dev_shared_data_prepare();
>  
>
Stephen Hemminger March 20, 2019, 5:52 p.m. | #4
On Wed, 20 Mar 2019 14:28:22 +0000
Ferruh Yigit <ferruh.yigit@intel.com> wrote:

> On 3/14/2019 4:20 PM, Stephen Hemminger wrote:
> > Do not allow creating a ethernet device with a name over the
> > allowed maximum (or zero length). This is safer than silently truncating
> > which is what happens now.
> > 
> > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> > Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> > ---
> > v3 -- fix whitespace issue
> > 
> >  lib/librte_ethdev/rte_ethdev.c | 12 ++++++++++++
> >  1 file changed, 12 insertions(+)
> > 
> > diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
> > index 85c1794968dd..cf69daaf3224 100644
> > --- a/lib/librte_ethdev/rte_ethdev.c
> > +++ b/lib/librte_ethdev/rte_ethdev.c
> > @@ -438,6 +438,18 @@ rte_eth_dev_allocate(const char *name)
> >  {
> >  	uint16_t port_id;
> >  	struct rte_eth_dev *eth_dev = NULL;
> > +	size_t name_len;
> > +
> > +	name_len = strnlen(name, RTE_ETH_NAME_MAX_LEN);  
> 
> 'strlen' does not check against NULL pointer and it will crash if NULL provided.
> 
> This is internal API, so the input is not completely out of our control but
> still as an API if we need to check zero length, shouldn't we check for NULL
> pointer as well?

Maybe, but none of the other DPDK API's check for NULL in name fields.
Probably best to just crash.
Ferruh Yigit March 21, 2019, 6:51 p.m. | #5
On 3/15/2019 1:13 AM, Zhang, Qi Z wrote:
> 
> 
>> -----Original Message-----
>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Stephen Hemminger
>> Sent: Friday, March 15, 2019 12:21 AM
>> To: dev@dpdk.org
>> Cc: Stephen Hemminger <stephen@networkplumber.org>
>> Subject: [dpdk-dev] [PATCH v3] ethdev: check for invalid device name
>>
>> Do not allow creating a ethernet device with a name over the allowed maximum
>> (or zero length). This is safer than silently truncating which is what happens now.
>>
>> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
>> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
> 
> Acked-by: Qi Zhang <qi.z.zhang@intel.com>
> 

Applied to dpdk-next-net/master, thanks.

Patch

diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
index 85c1794968dd..cf69daaf3224 100644
--- a/lib/librte_ethdev/rte_ethdev.c
+++ b/lib/librte_ethdev/rte_ethdev.c
@@ -438,6 +438,18 @@  rte_eth_dev_allocate(const char *name)
 {
 	uint16_t port_id;
 	struct rte_eth_dev *eth_dev = NULL;
+	size_t name_len;
+
+	name_len = strnlen(name, RTE_ETH_NAME_MAX_LEN);
+	if (name_len == 0) {
+		RTE_ETHDEV_LOG(ERR, "Zero length Ethernet device name\n");
+		return NULL;
+	}
+
+	if (name_len >= RTE_ETH_NAME_MAX_LEN) {
+		RTE_ETHDEV_LOG(ERR, "Ethernet device name is too long\n");
+		return NULL;
+	}
 
 	rte_eth_dev_shared_data_prepare();