From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <anatoly.burakov@intel.com>
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by dpdk.org (Postfix) with ESMTP id D239E1B39B;
 Wed, 12 Dec 2018 12:26:10 +0100 (CET)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 12 Dec 2018 03:26:09 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,344,1539673200"; d="scan'208";a="117719731"
Received: from aburakov-mobl1.ger.corp.intel.com (HELO [10.237.220.93])
 ([10.237.220.93])
 by orsmga002.jf.intel.com with ESMTP; 12 Dec 2018 03:26:08 -0800
To: Yongseok Koh <yskoh@mellanox.com>
Cc: dev@dpdk.org, stable@dpdk.org
References: <20181212111054.35935-1-yskoh@mellanox.com>
From: "Burakov, Anatoly" <anatoly.burakov@intel.com>
Message-ID: <1812ed89-fc60-1298-d789-201bd8a80471@intel.com>
Date: Wed, 12 Dec 2018 11:26:07 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.3.3
MIME-Version: 1.0
In-Reply-To: <20181212111054.35935-1-yskoh@mellanox.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Subject: Re: [dpdk-dev] [PATCH] malloc: fix finding maximum contiguous IOVA
	size
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Dec 2018 11:26:11 -0000

On 12-Dec-18 11:10 AM, Yongseok Koh wrote:
> malloc_elem_find_max_iova_contig() could return invalid size due to a
> missing sanity check. The following gdb output shows how 'cur_size' can be
> invalid in find_biggest_element().
> 
> 	(gdb) p/x cur_size
> 	$4 = 0xffffffffffe42900
> 	(gdb) p elem
> 	$1 = (struct malloc_elem *) 0x12e842000
> 	(gdb) p *elem
> 	$2 = {heap = 0x7ffff7ff387c, prev = 0x12e831fc0, next =
> 		0x12e842900, free_list = {le_next = 0x109538000, le_prev =
> 		0x7ffff7ff3894}, msl = 0x7ffff7ff107c, state = ELEM_FREE,
> 		pad = 0, size = 2304}
> 	(gdb) p *elem->msl
> 	$5 = {{base_va = 0x100200000, addr_64 = 4297064448}, page_sz =
> 		2097152, socket_id = 0, version = 790, len = 17179869184,
> 		external = 0, memseg_arr = {name = "memseg-2048k-0-0",
> 		'\000' <repeats 47 times>, count = 493, len = 8192, elt_sz
> 		= 48, data = 0x10002e000, rwlock = {cnt = 0}}}
> 
> Fixes: 9fe6bceafd51 ("malloc: add finding biggest free IOVA-contiguous element")
> Cc: stable@dpdk.org
> Cc: anatoly.burakov@intel.com
> 
> Signed-off-by: Yongseok Koh <yskoh@mellanox.com>
> ---

Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>

-- 
Thanks,
Anatoly