From d5c677db89cc1e6113d55d8bf2300ec8b5f2d383 Mon Sep 17 00:00:00 2001 From: Honnappa Nagarahalli Date: Wed, 21 Nov 2018 20:51:56 -0600 Subject: [PATCH] hash: fix out-of-bound write while freeing key slot Add a debug check for out-of-bound write while freeing the key slot. Coverity issue: 325733 Fixes: e605a1d36ca7 ("hash: add lock-free r/w concurrency") Cc: stable@dpdk.org Signed-off-by: Honnappa Nagarahalli Reviewed-by: Steve Capper Reviewed-by: Gavin Hu Acked-by: Bruce Richardson --- lib/librte_hash/rte_cuckoo_hash.c | 4 ++++ lib/librte_hash/rte_cuckoo_hash.h | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/lib/librte_hash/rte_cuckoo_hash.c b/lib/librte_hash/rte_cuckoo_hash.c index 7e6c139d3d..c01489ba51 100644 --- a/lib/librte_hash/rte_cuckoo_hash.c +++ b/lib/librte_hash/rte_cuckoo_hash.c @@ -1347,6 +1347,9 @@ remove_entry(const struct rte_hash *h, struct rte_hash_bucket *bkt, unsigned i) n_slots = rte_ring_mp_enqueue_burst(h->free_slots, cached_free_slots->objs, LCORE_CACHE_SIZE, NULL); + ERR_IF_TRUE((n_slots == 0), + "%s: could not enqueue free slots in global ring\n", + __func__); cached_free_slots->len -= n_slots; } /* Put index of new free slot in cache. */ @@ -1552,6 +1555,7 @@ rte_hash_free_key_with_position(const struct rte_hash *h, n_slots = rte_ring_mp_enqueue_burst(h->free_slots, cached_free_slots->objs, LCORE_CACHE_SIZE, NULL); + RETURN_IF_TRUE((n_slots == 0), -EFAULT); cached_free_slots->len -= n_slots; } /* Put index of new free slot in cache. */ diff --git a/lib/librte_hash/rte_cuckoo_hash.h b/lib/librte_hash/rte_cuckoo_hash.h index 5dfbbc48bb..eacdaa8d46 100644 --- a/lib/librte_hash/rte_cuckoo_hash.h +++ b/lib/librte_hash/rte_cuckoo_hash.h @@ -29,6 +29,17 @@ #define RETURN_IF_TRUE(cond, retval) #endif +#if defined(RTE_LIBRTE_HASH_DEBUG) +#define ERR_IF_TRUE(cond, fmt, args...) do { \ + if (cond) { \ + RTE_LOG(ERR, HASH, fmt, ##args); \ + return; \ + } \ +} while (0) +#else +#define ERR_IF_TRUE(cond, fmt, args...) +#endif + #include #include -- 2.20.1