From: "Burakov, Anatoly" <anatoly.burakov@intel.com>
To: Bing Zhao <bingz@mellanox.com>
Cc: dev@dpdk.org, sergio.gonzalez.monroy@intel.com, stable@dpdk.org
Subject: Re: [dpdk-dev] [PATCH] mem: fix the alloc size roundup overflow
Date: Mon, 20 Apr 2020 12:39:49 +0100 [thread overview]
Message-ID: <88ce7ff0-27f7-9cf0-13bf-b66795bd64cd@intel.com> (raw)
In-Reply-To: <1586256364-185699-1-git-send-email-bingz@mellanox.com>
On 07-Apr-20 11:46 AM, Bing Zhao wrote:
> The size checking is done in the caller. The size parameter is an
> unsigned (64b wide) right now, so the comparison with zero should be
> enough in most cases. But it won't help in the following case.
> If the allocating request input a huge number by mistake, e.g., some
> overflow after the calculation (especially subtraction), the checking
> in the caller will succeed since it is not zero. Indeed, there is not
> enough space in the system to support such huge memory allocation.
> Usually it will return failure in the following code. But if the
> input size is just a little smaller than the UINT64_MAX, like -2 in
> signed type.
> The roundup will cause an overflow and then "reset" the size to 0,
> and then only a header (128B now) with zero length will be returned.
> The following will be the previous allocation header.
> It should be OK in most cases if the application won't access the
> memory body. Or else, some critical issue will be caused and not easy
> to debug. So this issue should be prevented at the beginning, like
> other big size failure, NULL pointer should be returned also.
>
> Fixes: fdf20fa7bee9 ("add prefix to cache line macros")
> Cc: sergio.gonzalez.monroy@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Bing Zhao <bingz@mellanox.com>
> ---
> lib/librte_eal/common/malloc_heap.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/lib/librte_eal/common/malloc_heap.c b/lib/librte_eal/common/malloc_heap.c
> index 842eb9d..bd50656 100644
> --- a/lib/librte_eal/common/malloc_heap.c
> +++ b/lib/librte_eal/common/malloc_heap.c
> @@ -241,6 +241,9 @@
> size = RTE_CACHE_LINE_ROUNDUP(size);
> align = RTE_CACHE_LINE_ROUNDUP(align);
>
> + /* roundup might cause an overflow */
> + if (size == 0)
> + return NULL;
> elem = find_suitable_element(heap, size, flags, align, bound, contig);
> if (elem != NULL) {
> elem = malloc_elem_alloc(elem, size, align, bound, contig);
>
Can we add a unit test for this in malloc_autotest?
Otherwise,
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
--
Thanks,
Anatoly
next prev parent reply other threads:[~2020-04-20 11:39 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-07 10:46 Bing Zhao
2020-04-20 11:39 ` Burakov, Anatoly [this message]
2020-04-21 3:18 ` Bing Zhao
2020-05-06 21:43 ` [dpdk-dev] [dpdk-stable] " Thomas Monjalon
2020-05-07 7:39 ` [dpdk-dev] [PATCH v2] " Bing Zhao
2020-05-07 7:41 ` Bing Zhao
2020-05-07 8:02 ` [dpdk-dev] [PATCH v3] " Bing Zhao
2020-05-11 14:52 ` David Marchand
2020-05-07 11:55 ` [dpdk-dev] [PATCH v2] " Burakov, Anatoly
2020-05-07 12:12 ` [dpdk-dev] [dpdk-stable] " David Marchand
2020-05-07 12:16 ` Bing Zhao
2020-05-07 12:18 ` David Marchand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=88ce7ff0-27f7-9cf0-13bf-b66795bd64cd@intel.com \
--to=anatoly.burakov@intel.com \
--cc=bingz@mellanox.com \
--cc=dev@dpdk.org \
--cc=sergio.gonzalez.monroy@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).