From patchwork Tue Apr 13 20:05:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Ma, WenwuX" X-Patchwork-Id: 91208 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 24B34A0524; Tue, 13 Apr 2021 10:11:41 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C9940160C37; Tue, 13 Apr 2021 10:11:40 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 4583B160970; Tue, 13 Apr 2021 10:11:38 +0200 (CEST) IronPort-SDR: 497LTB/caOOPY9NNQxbV/7j8+im8ZxAUaULjw/77Fw44AVFdqPivbfnMitB9JOa0NDHanwtf3c c5lGDL68I95Q== X-IronPort-AV: E=McAfee;i="6200,9189,9952"; a="194479191" X-IronPort-AV: E=Sophos;i="5.82,218,1613462400"; d="scan'208";a="194479191" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Apr 2021 01:11:25 -0700 IronPort-SDR: VPkbM2oCmuiVpvUKjCiQ1ZkCVS82PBM5dFAsOPHWLZhabGEzH+6sZEbNbe/QVJS6DCUycBAdg0 IJ6H+s2xtxEQ== X-IronPort-AV: E=Sophos;i="5.82,218,1613462400"; d="scan'208";a="614852119" Received: from unknown (HELO localhost.localdomain) ([10.240.183.109]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Apr 2021 01:11:23 -0700 From: Wenwu Ma To: olivier.matz@6wind.com, andrew.rybchenko@oktetlabs.ru Cc: dev@dpdk.org, Wenwu Ma , stable@dpdk.org Date: Tue, 13 Apr 2021 20:05:13 +0000 Message-Id: <20210413200513.330399-1-wenwux.ma@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210331210557.4919-1-wenwux.ma@intel.com> References: <20210331210557.4919-1-wenwux.ma@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [v2] test/mempool: fix heap buffer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Amount of allocated memory was not enough for mempool which cause buffer overflow when access fields of mempool private structure in the rte_pktmbuf_priv_size function. Fixes: 923ceaeac140 ("test/mempool: add unit test cases") Cc: stable@dpdk.org Signed-off-by: Wenwu Ma --- v2: - refine commit log. --- app/test/test_mempool.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/test/test_mempool.c b/app/test/test_mempool.c index 084842fda..fc06a9c6f 100644 --- a/app/test/test_mempool.c +++ b/app/test/test_mempool.c @@ -543,7 +543,8 @@ test_mempool(void) mp_stack_mempool_iter = rte_mempool_create("test_iter_obj", MEMPOOL_SIZE, MEMPOOL_ELT_SIZE, - RTE_MEMPOOL_CACHE_MAX_SIZE, 0, + RTE_MEMPOOL_CACHE_MAX_SIZE, + sizeof(struct rte_pktmbuf_pool_private), NULL, NULL, my_obj_init, NULL, SOCKET_ID_ANY, 0); From patchwork Tue Apr 27 13:56:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Olivier Matz X-Patchwork-Id: 92254 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 14261A0A02; Tue, 27 Apr 2021 15:57:31 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CFE004124C; Tue, 27 Apr 2021 15:57:30 +0200 (CEST) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mails.dpdk.org (Postfix) with ESMTP id A2C6A41243 for ; Tue, 27 Apr 2021 15:57:29 +0200 (CEST) Received: by mail-wr1-f42.google.com with SMTP id n2so6416298wrm.0 for ; Tue, 27 Apr 2021 06:57:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vos3FyYYsV04l2bLFI52GjyRQbLDhDV0DMug0ubWDeE=; b=Nip68lZJtHHogTtSM3T68BX2vHYRlbcGt/ssGzdW+3tnz5Q0hv+zD6yoC7GScgjQkM vf0XVSetKfcT3VYYu+SgoxjLvQ+vya4zx5K3EBztP6FMgZmSeSteRRr3v1TF6PLX0wdI QFHzzpgkzB/Rx8RlX9iOmxI4+u6EEyqK7C0WlnRQxDJ04BvAhmzc+R03IGTQszFizoX5 Nvn2dq17eeeoDbeWXg6Qfb+tBgzrjuDprWR4bH9RKB6I5VVx3i9pfb7dwe7HSgHnMAKA ckX9hDM8H5YE2X8Vyw3zUak9GaVKSsywUe/YjfcwM4VuMr56aypEmFPC2+aVlz+vqgWe P+aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vos3FyYYsV04l2bLFI52GjyRQbLDhDV0DMug0ubWDeE=; b=AlLlC703cqhxXxwrwRHiH0TtMEFO9OeJRCU5urreXqbqdf7vUv6lLuiG0GzWqhSf6V TrJKD5dOxQTzz1Z+rqETRB73SpziIVjRm4S/rbv3WDyYkmM6iCd7LHg6d+vSdQGWScJC s+bX0tqJiwKy8O+m6SvQvMJCtYRl7SJGvys9ZR/oGwhcf7mxkAv5Kru8xL46SENL8h2M 5dGwE4IY6ODxqrkV5fg0b+8WbbpeKJpWnU/MMHFBFy8jFcP9TibaWuUmUKi1CtTnW8Jk iu1TE7GvwgdsHHFJAWzaVK9LBVWHPCMarTeDuOaHAwdxysnkX7b8IQgNUwXm+nQysPu1 RZyA== X-Gm-Message-State: AOAM530P5zcKpdXT3At5Aslp1oB2F8GPnKWhncpTOfyBJnjkmr9raRI7 CebKEtHPs9XAvu7vCi+iN52UK8YNLOS9iw== X-Google-Smtp-Source: ABdhPJwKb4lxb2LsMTpxjH3g45QZ6ltPL43lsNv5R0mJVo/5xs42WgGYxQwdBdKv8vqw4K+HzEzCfQ== X-Received: by 2002:a05:6000:10:: with SMTP id h16mr8717009wrx.381.1619531849435; Tue, 27 Apr 2021 06:57:29 -0700 (PDT) Received: from gojira.dev.6wind.com (host.78.145.23.62.rev.coltfrance.com. [62.23.145.78]) by smtp.gmail.com with ESMTPSA id m14sm11760341wmi.39.2021.04.27.06.57.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Apr 2021 06:57:29 -0700 (PDT) From: Olivier Matz To: dev@dpdk.org Cc: Andrew Rybchenko , Pallantla Poornima , Wenwu Ma , Peng Zhihong , Aaron Conole , Thomas Monjalon Date: Tue, 27 Apr 2021 15:56:46 +0200 Message-Id: <20210427135646.871-2-olivier.matz@6wind.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210427135646.871-1-olivier.matz@6wind.com> References: <20210413200513.330399-1-wenwux.ma@intel.com> <20210427135646.871-1-olivier.matz@6wind.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v3 2/2] mbuf: better document usage of packet pool initializers X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Clarify that the mempool private initializer and object initializer used for packet pools require that the mempool private size is large enough. Also add an assert (only enabled when -DRTE_ENABLE_ASSERT is passed) to check this constraint. Signed-off-by: Olivier Matz Acked-by: Aaron Conole --- lib/mbuf/rte_mbuf.c | 5 +++++ lib/mbuf/rte_mbuf.h | 8 +++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/mbuf/rte_mbuf.c b/lib/mbuf/rte_mbuf.c index 3ff0a69187..f7e3c1a187 100644 --- a/lib/mbuf/rte_mbuf.c +++ b/lib/mbuf/rte_mbuf.c @@ -43,6 +43,8 @@ rte_pktmbuf_pool_init(struct rte_mempool *mp, void *opaque_arg) struct rte_pktmbuf_pool_private default_mbp_priv; uint16_t roomsz; + RTE_ASSERT(mp->private_data_size >= + sizeof(struct rte_pktmbuf_pool_private)); RTE_ASSERT(mp->elt_size >= sizeof(struct rte_mbuf)); /* if no structure is provided, assume no mbuf private area */ @@ -83,6 +85,9 @@ rte_pktmbuf_init(struct rte_mempool *mp, struct rte_mbuf *m = _m; uint32_t mbuf_size, buf_len, priv_size; + RTE_ASSERT(mp->private_data_size >= + sizeof(struct rte_pktmbuf_pool_private)); + priv_size = rte_pktmbuf_priv_size(mp); mbuf_size = sizeof(struct rte_mbuf) + priv_size; buf_len = rte_pktmbuf_data_room_size(mp); diff --git a/lib/mbuf/rte_mbuf.h b/lib/mbuf/rte_mbuf.h index c4c9ebfaa0..a555f216ae 100644 --- a/lib/mbuf/rte_mbuf.h +++ b/lib/mbuf/rte_mbuf.h @@ -624,6 +624,9 @@ rte_mbuf_raw_free(struct rte_mbuf *m) * address, and so on). This function is given as a callback function to * rte_mempool_obj_iter() or rte_mempool_create() at pool creation time. * + * This function expects that the mempool private area was previously + * initialized with rte_pktmbuf_pool_init(). + * * @param mp * The mempool from which mbufs originate. * @param opaque_arg @@ -639,7 +642,7 @@ void rte_pktmbuf_init(struct rte_mempool *mp, void *opaque_arg, void *m, unsigned i); /** - * A packet mbuf pool constructor. + * A packet mbuf pool constructor. * * This function initializes the mempool private data in the case of a * pktmbuf pool. This private data is needed by the driver. The @@ -648,6 +651,9 @@ void rte_pktmbuf_init(struct rte_mempool *mp, void *opaque_arg, * pool creation. It can be extended by the user, for example, to * provide another packet size. * + * The mempool private area size must be at least equal to + * sizeof(struct rte_pktmbuf_pool_private). + * * @param mp * The mempool from which mbufs originate. * @param opaque_arg