[dpdk-dev] dpdk: fix a crash during rte_table_hash_key16_ext overload
Commit Message
From: Miroslaw Walukiewicz <miroslaw.walukiewicz@intel.com>
The hash_key16_ext table allocates a cache entries to support
table overload cases.
The crash can occur when cache entry is free after use. The problem
is with computing the index of the free cache entry.
The patch fixes a problem.
Signed-off-by: Mirek Walukiewicz <miroslaw.walukiewicz@intel.com>
---
lib/librte_table/rte_table_hash_key16.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
Comments
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of
> miroslaw.walukiewicz@intel.com
> Sent: Tuesday, March 3, 2015 2:16 PM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH] dpdk: fix a crash during
> rte_table_hash_key16_ext overload
>
> From: Miroslaw Walukiewicz <miroslaw.walukiewicz@intel.com>
>
> The hash_key16_ext table allocates a cache entries to support
> table overload cases.
>
> The crash can occur when cache entry is free after use. The problem
> is with computing the index of the free cache entry.
>
> The patch fixes a problem.
>
> Signed-off-by: Mirek Walukiewicz <miroslaw.walukiewicz@intel.com>
> ---
> lib/librte_table/rte_table_hash_key16.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/lib/librte_table/rte_table_hash_key16.c
> b/lib/librte_table/rte_table_hash_key16.c
> index ee5f639..e0c99bd 100644
> --- a/lib/librte_table/rte_table_hash_key16.c
> +++ b/lib/librte_table/rte_table_hash_key16.c
> @@ -535,9 +535,8 @@ rte_table_hash_entry_delete_key16_ext(
>
> memset(bucket, 0,
> sizeof(struct
> rte_bucket_4_16));
> - bucket_index = (bucket -
> - ((struct rte_bucket_4_16 *)
> - f->memory)) - f->n_buckets;
> + bucket_index = (((uint8_t *)bucket -
> + (uint8_t *)f->memory)/f-
> >bucket_size) - f->n_buckets;
> f->stack[f->stack_pos++] =
> bucket_index;
> }
>
Acked by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Mirek, identical issue is found at identical place in rte_table_hash_key8.c and rte_table_hash_key32.c, would you please submit the same fix for those as well?
Thanks,
Cristian
> > The hash_key16_ext table allocates a cache entries to support
> > table overload cases.
> >
> > The crash can occur when cache entry is free after use. The problem
> > is with computing the index of the free cache entry.
> >
> > The patch fixes a problem.
> >
> > Signed-off-by: Mirek Walukiewicz <miroslaw.walukiewicz@intel.com>
>
> Acked by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Applied, thanks
> Mirek, identical issue is found at identical place in rte_table_hash_key8.c
> and rte_table_hash_key32.c, would you please submit the same fix for those as well?
Merged (Maciej's patch)
@@ -535,9 +535,8 @@ rte_table_hash_entry_delete_key16_ext(
memset(bucket, 0,
sizeof(struct rte_bucket_4_16));
- bucket_index = (bucket -
- ((struct rte_bucket_4_16 *)
- f->memory)) - f->n_buckets;
+ bucket_index = (((uint8_t *)bucket -
+ (uint8_t *)f->memory)/f->bucket_size) - f->n_buckets;
f->stack[f->stack_pos++] = bucket_index;
}