From 356445f97a28b66bce9e7300e21fdcfa7def55c9 Mon Sep 17 00:00:00 2001 From: Jasvinder Singh Date: Mon, 11 Apr 2016 18:55:37 +0100 Subject: [PATCH] port: fix ring writer buffer overflow Fixes the buffer overflow that occurs due to following; 1. When the input packet burst does not meet the conditions: (a) being contiguous (first n bits set in pkts_mask, all the other bits cleared) and (b) containing a full burst, i.e. at least tx_burst_sz packets (n >= tx_burst_size). This is the slow(er) code path taken when local variable expr != 0. 2. There are some packets already in the buffer. 3. The number of packets in the incoming burst (i.e. popcount(pkts_mask)) plus the number of packets already in the buffer exceeds the buffer size (RTE_PORT_IN_BURST_SIZE_MAX, i.e. 64). Fixes: bf6931b242f7 ("port: ring") Fixes: 5f4cd47309d6 ("port: add ring writer nodrop") Signed-off-by: Jasvinder Singh Acked-by: Cristian Dumitrescu --- lib/librte_port/rte_port_ring.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/librte_port/rte_port_ring.c b/lib/librte_port/rte_port_ring.c index d36e12d615..3b9d3d0876 100644 --- a/lib/librte_port/rte_port_ring.c +++ b/lib/librte_port/rte_port_ring.c @@ -179,7 +179,7 @@ rte_port_ring_reader_stats_read(void *port, struct rte_port_ring_writer { struct rte_port_out_stats stats; - struct rte_mbuf *tx_buf[RTE_PORT_IN_BURST_SIZE_MAX]; + struct rte_mbuf *tx_buf[2 * RTE_PORT_IN_BURST_SIZE_MAX]; struct rte_ring *ring; uint32_t tx_burst_sz; uint32_t tx_buf_count; @@ -447,7 +447,7 @@ rte_port_ring_writer_stats_read(void *port, struct rte_port_ring_writer_nodrop { struct rte_port_out_stats stats; - struct rte_mbuf *tx_buf[RTE_PORT_IN_BURST_SIZE_MAX]; + struct rte_mbuf *tx_buf[2 * RTE_PORT_IN_BURST_SIZE_MAX]; struct rte_ring *ring; uint32_t tx_burst_sz; uint32_t tx_buf_count; -- 2.20.1