From: Alexander Kozyrev Date: Mon, 1 Jun 2020 15:24:16 +0000 (+0000) Subject: mbuf: fix external buffer pool boundaries X-Git-Url: http://git.droids-corp.org/?p=dpdk.git;a=commitdiff_plain;h=d6eb247371216315bfc8e7b088bc38f67462bd48 mbuf: fix external buffer pool boundaries Memzones are created in testpmd in order to test external data buffers functionality. Each memzone is 2Mb in size and divided among the pool of external memory buffers. Memzone may not always be fully utilized because mbufs size can vary and some space can be left unused at the tail of a memzone. This is not handled properly and mbuf can get the address of this leftover space since this address is still valid (part of memzone), but there is not enough space to fit the whole packet data. As a result packet data may overflow and cause the memory corruption. Take mbuf size into account when distributing memory addresses from a memzone to external mbufs. Skip the remaining tail in case there is not enough room for a packet and move to a next memzone instead. Fixes: 6c8e50c2e5 ("mbuf: create pool with external memory buffers") Cc: stable@dpdk.org Signed-off-by: Alexander Kozyrev Acked-by: Viacheslav Ovsiienko Acked-by: Olivier Matz --- diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c index 220eb2fb0c..ae91ae21ce 100644 --- a/lib/librte_mbuf/rte_mbuf.c +++ b/lib/librte_mbuf/rte_mbuf.c @@ -191,14 +191,14 @@ __rte_pktmbuf_init_extmem(struct rte_mempool *mp, ext_mem = ctx->ext_mem + ctx->ext; RTE_ASSERT(ctx->ext < ctx->ext_num); - RTE_ASSERT(ctx->off < ext_mem->buf_len); + RTE_ASSERT(ctx->off + ext_mem->elt_size <= ext_mem->buf_len); m->buf_addr = RTE_PTR_ADD(ext_mem->buf_ptr, ctx->off); m->buf_iova = ext_mem->buf_iova == RTE_BAD_IOVA ? RTE_BAD_IOVA : (ext_mem->buf_iova + ctx->off); ctx->off += ext_mem->elt_size; - if (ctx->off >= ext_mem->buf_len) { + if (ctx->off + ext_mem->elt_size > ext_mem->buf_len) { ctx->off = 0; ++ctx->ext; }