From patchwork Wed Mar 31 13:43:19 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Ma, WenwuX" <wenwux.ma@intel.com>
X-Patchwork-Id: 90151
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 35BFFA034F;
	Wed, 31 Mar 2021 03:49:43 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id AD31A4069E;
	Wed, 31 Mar 2021 03:49:42 +0200 (CEST)
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by mails.dpdk.org (Postfix) with ESMTP id 4F86940141
 for <dev@dpdk.org>; Wed, 31 Mar 2021 03:49:40 +0200 (CEST)
IronPort-SDR: 
 WV8Srh0NaieOITPVCCXB4S0IiczQNuG3xGoeCQ62ON8IKzxPvYvfhB3fkQ45Ruuue+oDyQx2CM
 jOfqE6KKSBng==
X-IronPort-AV: E=McAfee;i="6000,8403,9939"; a="189656406"
X-IronPort-AV: E=Sophos;i="5.81,291,1610438400"; d="scan'208";a="189656406"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 30 Mar 2021 18:49:39 -0700
IronPort-SDR: 
 deY54XH9ccT+pCqlCjFt7gAgj+ck+XkuQ3/zoD10AP4XOKefRQqMGEgDclyywdQOyETeLkXm1/
 HiIsr/DP+VCw==
X-IronPort-AV: E=Sophos;i="5.81,291,1610438400"; d="scan'208";a="418427406"
Received: from unknown (HELO localhost.localdomain) ([10.240.183.109])
 by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 30 Mar 2021 18:49:37 -0700
From: Wenwu Ma <wenwux.ma@intel.com>
To: olivier.matz@6wind.com,
	dev@dpdk.org
Cc: Wenwu Ma <wenwux.ma@intel.com>
Date: Wed, 31 Mar 2021 13:43:19 +0000
Message-Id: <20210331134319.3035-1-wenwux.ma@intel.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Subject: [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool
 members
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause null pointer access.

Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
 lib/librte_mbuf/rte_mbuf.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..6c2559550 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_data_room_size;
 }
@@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
 {
 	struct rte_pktmbuf_pool_private *mbp_priv;
 
+	if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+		return 0;
+
 	mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
 	return mbp_priv->mbuf_priv_size;
 }