Memzones are created in testpmd in order to test external data
buffers functionality. Each memzone is 2Mb in size and divided among
the pool of external memory buffers.
Memzone may not always be fully utilized because mbufs size can vary
and some space can be left unused at the tail of a memzone. This is
not handled properly and mbuf can get the address of this leftover
space since this address is still valid (part of memzone), but there
is not enough space to fit the whole packet data. As a result packet
data may overflow and cause the memory corruption.
Take mbuf size into account when distributing memory addresses from
a memzone to external mbufs. Skip the remaining tail in case there
is not enough room for a packet and move to a next memzone instead.
Fixes:
6c8e50c2e5 ("mbuf: create pool with external memory buffers")
Cc: stable@dpdk.org
Signed-off-by: Alexander Kozyrev <akozyrev@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
ext_mem = ctx->ext_mem + ctx->ext;
RTE_ASSERT(ctx->ext < ctx->ext_num);
- RTE_ASSERT(ctx->off < ext_mem->buf_len);
+ RTE_ASSERT(ctx->off + ext_mem->elt_size <= ext_mem->buf_len);
m->buf_addr = RTE_PTR_ADD(ext_mem->buf_ptr, ctx->off);
m->buf_iova = ext_mem->buf_iova == RTE_BAD_IOVA ?
RTE_BAD_IOVA : (ext_mem->buf_iova + ctx->off);
ctx->off += ext_mem->elt_size;
- if (ctx->off >= ext_mem->buf_len) {
+ if (ctx->off + ext_mem->elt_size > ext_mem->buf_len) {
ctx->off = 0;
++ctx->ext;
}