From patchwork Tue Mar 30 19:56:34 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Ma, WenwuX" <wenwux.ma@intel.com>
X-Patchwork-Id: 90079
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id B690AA034F;
	Tue, 30 Mar 2021 10:02:59 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 98552406FF;
	Tue, 30 Mar 2021 10:02:59 +0200 (CEST)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mails.dpdk.org (Postfix) with ESMTP id D0AE8406B4
 for <dev@dpdk.org>; Tue, 30 Mar 2021 10:02:57 +0200 (CEST)
IronPort-SDR: 
 17Ya3vznlAjxqSEV8eNO1hmGjFP2NDBMJDGLssd3bcSCZKyDINhxC3bJzxodB9/wTkxlLfgWfk
 f9lMdXLeWmCQ==
X-IronPort-AV: E=McAfee;i="6000,8403,9938"; a="171733143"
X-IronPort-AV: E=Sophos;i="5.81,290,1610438400"; d="scan'208";a="171733143"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 30 Mar 2021 01:02:56 -0700
IronPort-SDR: 
 rj/sTlyQmgD/NIY9+3ovugxeQIEibrwCPIeXPw3YttUSu5GtKz8LoUMZnfGFfBt6mke049WHsJ
 fA624GGxs+aQ==
X-IronPort-AV: E=Sophos;i="5.81,290,1610438400"; d="scan'208";a="418059742"
Received: from unknown (HELO localhost.localdomain) ([10.240.183.109])
 by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 30 Mar 2021 01:02:54 -0700
From: wenwux.ma@intel.com
To: olivier.matz@6wind.com,
	dev@dpdk.org
Cc: wenwu ma <wenwux.ma@intel.com>
Date: Tue, 30 Mar 2021 19:56:34 +0000
Message-Id: <20210330195634.83275-1-wenwux.ma@intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210330140702.49202-1-wenwux.ma@intel.com>
References: <20210330140702.49202-1-wenwux.ma@intel.com>
MIME-Version: 1.0
Subject: [dpdk-dev] [PATCH v2] mbuf: Fix illegal pointer access to mempool
 members
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

From: wenwu ma <wenwux.ma@intel.com>

Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause null pointer access.

Signed-off-by: wenwu ma <wenwux.ma@intel.com>
---
V2:
 - Change the unequal sign in the judgment statement to less than sign

 lib/librte_mbuf/rte_mbuf.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..6c2559550 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_data_room_size;
 }
@@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_priv_size;
 }