[dpdk-dev] librte_eal: FreeBSD contigmem prevent possible buffer overrun during module unload.
Commit Message
The maximum mount contiguous memory regions for FreeBSD is limited by
RTE_CONTIGMEM_MAX_NUM_BUFS, a pointer to each region is stored in
static void * contigmem_buffers[RTE_CONTIGMEM_MAX_NUM_BUFS]
A user can specify a greater amount via hw.contigmem.num_buffers,
while the allocation logic will prevent this allocation from occuring the logic
in contigmem_unload() will attempt to free hw.contigmem.num_buffers and an
overrun occurs.
This patch limits the freeing to a maximum of RTE_CONTIGMEM_MAX_NUM_BUFS.
Signed-off-by: Alan Carew <alan.carew@intel.com>
---
lib/librte_eal/bsdapp/contigmem/contigmem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Alan Carew
> Sent: Tuesday, October 14, 2014 1:19 PM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH] librte_eal: FreeBSD contigmem prevent
> possible buffer overrun during module unload.
>
> The maximum mount contiguous memory regions for FreeBSD is limited by
> RTE_CONTIGMEM_MAX_NUM_BUFS, a pointer to each region is stored in
> static void * contigmem_buffers[RTE_CONTIGMEM_MAX_NUM_BUFS]
>
> A user can specify a greater amount via hw.contigmem.num_buffers,
> while the allocation logic will prevent this allocation from occuring the logic
> in contigmem_unload() will attempt to free hw.contigmem.num_buffers and
> an
> overrun occurs.
>
> This patch limits the freeing to a maximum of
> RTE_CONTIGMEM_MAX_NUM_BUFS.
>
> Signed-off-by: Alan Carew <alan.carew@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > The maximum mount contiguous memory regions for FreeBSD is limited by
> > RTE_CONTIGMEM_MAX_NUM_BUFS, a pointer to each region is stored in
> > static void * contigmem_buffers[RTE_CONTIGMEM_MAX_NUM_BUFS]
> >
> > A user can specify a greater amount via hw.contigmem.num_buffers,
> > while the allocation logic will prevent this allocation from occuring the logic
> > in contigmem_unload() will attempt to free hw.contigmem.num_buffers and
> > an overrun occurs.
> >
> > This patch limits the freeing to a maximum of
> > RTE_CONTIGMEM_MAX_NUM_BUFS.
> >
> > Signed-off-by: Alan Carew <alan.carew@intel.com>
>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Applied
Thanks
@@ -178,7 +178,7 @@ contigmem_unload()
if (contigmem_eh_tag != NULL)
EVENTHANDLER_DEREGISTER(process_exit, contigmem_eh_tag);
- for (i = 0; i < contigmem_num_buffers; i++)
+ for (i = 0; i < RTE_CONTIGMEM_MAX_NUM_BUFS; i++)
if (contigmem_buffers[i] != NULL)
contigfree(contigmem_buffers[i], contigmem_buffer_size,
M_CONTIGMEM);