Commit cf99beb8 authored Aug 27, 2020 by Ziye Yang Committed by Tomasz Zawadzki Aug 31, 2020

sock/posix: Fix the overflow issue of sendmsg_index



The type of sendmsg_idx is uint32_t, so the maximal
is 2^32 -1, so it could be overflow and get 0, so
we should fix it.

PS: I think that our code may have potential defect.
In my experiment, I try to init sendmsg_idx with 2^32 -1,
so the first req->internal.offset = 2^32 - 1.
But for the ee_info and ee_data in "struct sock_extended_err"
got from _sock_check_zcopy is all 0 in the target side.
So it means that the this req will never be completed.

With the increase of sendmsg_idx (the type is
uint32_t), sendmsg_idx will finally goto 2^32 - 1, so I
think it will still kick the issue I described.

Signed-off-by: Ziye Yang <ziye.yang@intel.com>
Change-Id: Ic9aaf629d73d5b7e2c81800a4f7f92c728adbc34
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/3948


Community-CI: Mellanox Build Bot
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Aleksey Marchuk <alexeymar@mellanox.com>
Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>

parent a79e33eb

module/sock/posix/posix.c

+7 −1

Original line number	Diff line number	Diff line
		@@ -808,7 +808,13 @@ _sock_flush(struct spdk_sock *sock)
		return rc;
		}

		/* Handling overflow case, because we use psock->sendmsg_idx - 1 for the
		* req->internal.offset, so sendmsg_idx should not be zero */
		if (spdk_unlikely(psock->sendmsg_idx == UINT32_MAX)) {
		psock->sendmsg_idx = 1;
		} else {
		psock->sendmsg_idx++;
		}

		/* Consume the requests that were actually written */
		req = TAILQ_FIRST(&sock->queued_reqs);