From cf99beb87ec30d5ded0abc87800c5000ca07321e Mon Sep 17 00:00:00 2001 From: Ziye Yang Date: Thu, 27 Aug 2020 23:35:27 +0800 Subject: [PATCH] sock/posix: Fix the overflow issue of sendmsg_index The type of sendmsg_idx is uint32_t, so the maximal is 2^32 -1, so it could be overflow and get 0, so we should fix it. PS: I think that our code may have potential defect. In my experiment, I try to init sendmsg_idx with 2^32 -1, so the first req->internal.offset = 2^32 - 1. But for the ee_info and ee_data in "struct sock_extended_err" got from _sock_check_zcopy is all 0 in the target side. So it means that the this req will never be completed. With the increase of sendmsg_idx (the type is uint32_t), sendmsg_idx will finally goto 2^32 - 1, so I think it will still kick the issue I described. Signed-off-by: Ziye Yang Change-Id: Ic9aaf629d73d5b7e2c81800a4f7f92c728adbc34 Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/3948 Community-CI: Mellanox Build Bot Tested-by: SPDK CI Jenkins Reviewed-by: Aleksey Marchuk Reviewed-by: Shuhei Matsumoto --- module/sock/posix/posix.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/module/sock/posix/posix.c b/module/sock/posix/posix.c index e0ce2b084..d7632002e 100644 --- a/module/sock/posix/posix.c +++ b/module/sock/posix/posix.c @@ -808,7 +808,13 @@ _sock_flush(struct spdk_sock *sock) return rc; } - psock->sendmsg_idx++; + /* Handling overflow case, because we use psock->sendmsg_idx - 1 for the + * req->internal.offset, so sendmsg_idx should not be zero */ + if (spdk_unlikely(psock->sendmsg_idx == UINT32_MAX)) { + psock->sendmsg_idx = 1; + } else { + psock->sendmsg_idx++; + } /* Consume the requests that were actually written */ req = TAILQ_FIRST(&sock->queued_reqs);