From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id D239E1B39B; Wed, 12 Dec 2018 12:26:10 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Dec 2018 03:26:09 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,344,1539673200"; d="scan'208";a="117719731" Received: from aburakov-mobl1.ger.corp.intel.com (HELO [10.237.220.93]) ([10.237.220.93]) by orsmga002.jf.intel.com with ESMTP; 12 Dec 2018 03:26:08 -0800 To: Yongseok Koh Cc: dev@dpdk.org, stable@dpdk.org References: <20181212111054.35935-1-yskoh@mellanox.com> From: "Burakov, Anatoly" Message-ID: <1812ed89-fc60-1298-d789-201bd8a80471@intel.com> Date: Wed, 12 Dec 2018 11:26:07 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 MIME-Version: 1.0 In-Reply-To: <20181212111054.35935-1-yskoh@mellanox.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH] malloc: fix finding maximum contiguous IOVA size X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Dec 2018 11:26:11 -0000 On 12-Dec-18 11:10 AM, Yongseok Koh wrote: > malloc_elem_find_max_iova_contig() could return invalid size due to a > missing sanity check. The following gdb output shows how 'cur_size' can be > invalid in find_biggest_element(). > > (gdb) p/x cur_size > $4 = 0xffffffffffe42900 > (gdb) p elem > $1 = (struct malloc_elem *) 0x12e842000 > (gdb) p *elem > $2 = {heap = 0x7ffff7ff387c, prev = 0x12e831fc0, next = > 0x12e842900, free_list = {le_next = 0x109538000, le_prev = > 0x7ffff7ff3894}, msl = 0x7ffff7ff107c, state = ELEM_FREE, > pad = 0, size = 2304} > (gdb) p *elem->msl > $5 = {{base_va = 0x100200000, addr_64 = 4297064448}, page_sz = > 2097152, socket_id = 0, version = 790, len = 17179869184, > external = 0, memseg_arr = {name = "memseg-2048k-0-0", > '\000' , count = 493, len = 8192, elt_sz > = 48, data = 0x10002e000, rwlock = {cnt = 0}}} > > Fixes: 9fe6bceafd51 ("malloc: add finding biggest free IOVA-contiguous element") > Cc: stable@dpdk.org > Cc: anatoly.burakov@intel.com > > Signed-off-by: Yongseok Koh > --- Acked-by: Anatoly Burakov -- Thanks, Anatoly