diff mbox series

mbuf: Fix illegal pointer access to mempool members

Message ID 20210331134319.3035-1-wenwux.ma@intel.com (mailing list archive)
State Superseded, archived
Headers show
Series mbuf: Fix illegal pointer access to mempool members | expand

Checks

Context Check Description
ci/iol-testing warning Testing issues
ci/iol-mellanox-Performance success Performance Testing PASS
ci/github-robot success github build: passed
ci/travis-robot success travis build: passed
ci/iol-abi-testing success Testing PASS
ci/intel-Testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/checkpatch success coding style OK

Commit Message

Wenwu Ma March 31, 2021, 1:43 p.m. UTC
Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause null pointer access.

Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
 lib/librte_mbuf/rte_mbuf.h | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Jerin Jacob March 31, 2021, 7:12 a.m. UTC | #1
On Wed, Mar 31, 2021 at 7:19 AM Wenwu Ma <wenwux.ma@intel.com> wrote:
>
> Before accessing the private data of mempool in
> function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
> it is necessary to determine whether the private data exists,
> otherwise it will cause null pointer access.
>
> Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> ---
>  lib/librte_mbuf/rte_mbuf.h | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
> index c4c9ebfaa..6c2559550 100644
> --- a/lib/librte_mbuf/rte_mbuf.h
> +++ b/lib/librte_mbuf/rte_mbuf.h
> @@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
>  {
>         struct rte_pktmbuf_pool_private *mbp_priv;
>
> +       if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
> +               return 0;

If mp->private_data_size updated in the slow path at mempool create
time, why not have this sanity check in the slow path?


> +
>         mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
>         return mbp_priv->mbuf_data_room_size;
>  }
> @@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
>  {
>         struct rte_pktmbuf_pool_private *mbp_priv;
>
> +       if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
> +               return 0;
> +
>         mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
>         return mbp_priv->mbuf_priv_size;
>  }
> --
> 2.25.1
>
diff mbox series

Patch

diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..6c2559550 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@  rte_pktmbuf_data_room_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_data_room_size;
 }
@@ -832,6 +835,9 @@  rte_pktmbuf_priv_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_priv_size;
 }