From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 881B0A0A02; Fri, 15 Jan 2021 13:15:48 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0C9C414102F; Fri, 15 Jan 2021 13:15:48 +0100 (CET) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mails.dpdk.org (Postfix) with ESMTP id 8FC3A14102E for ; Fri, 15 Jan 2021 13:15:46 +0100 (CET) IronPort-SDR: df7zLKXcy+j+pIvpqzcdvNWcSQ58xgWC3+EUbPBLxeIj6Oibdz8gIq6BilrUJT6s68RSJUCCdM 5KvbwXaFdk9g== X-IronPort-AV: E=McAfee;i="6000,8403,9864"; a="240084114" X-IronPort-AV: E=Sophos;i="5.79,349,1602572400"; d="scan'208";a="240084114" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jan 2021 04:15:45 -0800 IronPort-SDR: nUH/FPt71Bxc3s1h8K6OFxMx3X/xK6Yym2r1ATIlBtGyH2qRcM8bjQzm3je4CrB87g4jE3wFo9 Kh2UoZ82TxJQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.79,349,1602572400"; d="scan'208";a="364563078" Received: from silpixa00399498.ir.intel.com (HELO silpixa00399498.ger.corp.intel.com) ([10.237.222.179]) by orsmga002.jf.intel.com with ESMTP; 15 Jan 2021 04:15:44 -0800 From: Anatoly Burakov To: dev@dpdk.org Date: Fri, 15 Jan 2021 12:15:43 +0000 Message-Id: <9843593ce51003ea5e372a8107a96acdc01e8958.1610712939.git.anatoly.burakov@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH] mem: improve parameter checking on memory hotplug X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Currently, we don't check anything that comes in through memory hotplug subsystem using the IPC, because we always assume the data is correct. This is okay as anyone having access to the IPC socket would also have rights to crash the DPDK process through other means, but it's still a good practice to do parameter checking, so fix the code to do that. Signed-off-by: Anatoly Burakov --- lib/librte_eal/common/malloc_heap.c | 3 +- lib/librte_eal/common/malloc_mp.c | 70 +++++++++++++++++++++++++---- lib/librte_eal/common/malloc_mp.h | 2 +- 3 files changed, 65 insertions(+), 10 deletions(-) diff --git a/lib/librte_eal/common/malloc_heap.c b/lib/librte_eal/common/malloc_heap.c index 5a09247a65..ee400f38ec 100644 --- a/lib/librte_eal/common/malloc_heap.c +++ b/lib/librte_eal/common/malloc_heap.c @@ -460,6 +460,7 @@ try_expand_heap_secondary(struct malloc_heap *heap, uint64_t pg_sz, size_t elt_size, int socket, unsigned int flags, size_t align, size_t bound, bool contig) { + struct rte_mem_config *mcfg = rte_eal_get_configuration()->mem_config; struct malloc_mp_req req; int req_result; @@ -473,7 +474,7 @@ try_expand_heap_secondary(struct malloc_heap *heap, uint64_t pg_sz, req.alloc_req.elt_size = elt_size; req.alloc_req.page_sz = pg_sz; req.alloc_req.socket = socket; - req.alloc_req.heap = heap; /* it's in shared memory */ + req.alloc_req.malloc_heap_idx = heap - mcfg->malloc_heaps; req_result = request_to_primary(&req); diff --git a/lib/librte_eal/common/malloc_mp.c b/lib/librte_eal/common/malloc_mp.c index 1f212f8349..1b0e15b518 100644 --- a/lib/librte_eal/common/malloc_mp.c +++ b/lib/librte_eal/common/malloc_mp.c @@ -11,6 +11,7 @@ #include "eal_memalloc.h" #include "eal_memcfg.h" +#include "eal_private.h" #include "malloc_elem.h" #include "malloc_mp.h" @@ -175,10 +176,49 @@ handle_sync(const struct rte_mp_msg *msg, const void *peer) return 0; } +static int +handle_free_request(const struct malloc_mp_req *m) +{ + const struct rte_memseg_list *msl; + void *start, *end; + uint64_t len; + + len = m->free_req.len; + start = m->free_req.addr; + end = RTE_PTR_ADD(start, len - 1); + + /* check if the requested memory actually exists */ + msl = rte_mem_virt2memseg_list(start); + if (msl == NULL) { + RTE_LOG(ERR, EAL, "Requested to free unknown memory\n"); + return -1; + } + + /* check if end is within the same memory region */ + if (rte_mem_virt2memseg_list(end) != msl) { + RTE_LOG(ERR, EAL, "Requested to free memory spanning multiple regions\n"); + return -1; + } + + /* we're supposed to only free memory that's not external */ + if (msl->external) { + RTE_LOG(ERR, EAL, "Requested to free external memory\n"); + return -1; + } + + /* now that we've validated the request, time for a PSA */ + eal_memalloc_mem_event_notify(RTE_MEM_EVENT_FREE, + m->free_req.addr, m->free_req.len); + + /* now, do the actual freeing */ + return malloc_heap_free_pages(m->free_req.addr, m->free_req.len); +} + static int handle_alloc_request(const struct malloc_mp_req *m, struct mp_request *req) { + struct rte_mem_config *mcfg = rte_eal_get_configuration()->mem_config; const struct malloc_req_alloc *ar = &m->alloc_req; struct malloc_heap *heap; struct malloc_elem *elem; @@ -187,17 +227,35 @@ handle_alloc_request(const struct malloc_mp_req *m, int n_segs; void *map_addr; + /* this is checked by the API, but we need to prevent divide by zero */ + if (ar->page_sz == 0 || !rte_is_power_of_2(ar->page_sz)) { + RTE_LOG(ERR, EAL, "Attempting to allocate with page size\n"); + return -1; + } + + /* heap idx is index into the heap array, not socket ID */ + if (ar->malloc_heap_idx >= RTE_MAX_HEAPS) { + RTE_LOG(ERR, EAL, "Attempting to allocate from invalid heap\n"); + return -1; + } + + heap = &mcfg->malloc_heaps[ar->malloc_heap_idx]; + + /* for allocations, we must only use internal heaps */ + if (rte_malloc_heap_socket_is_external(heap->socket_id)) { + RTE_LOG(ERR, EAL, "Attempting to allocate from external heap\n"); + return -1; + } + alloc_sz = RTE_ALIGN_CEIL(ar->align + ar->elt_size + MALLOC_ELEM_TRAILER_LEN, ar->page_sz); n_segs = alloc_sz / ar->page_sz; - heap = ar->heap; - /* we can't know in advance how many pages we'll need, so we malloc */ ms = malloc(sizeof(*ms) * n_segs); if (ms == NULL) { RTE_LOG(ERR, EAL, "Couldn't allocate memory for request state\n"); - goto fail; + return -1; } memset(ms, 0, sizeof(*ms) * n_segs); @@ -261,11 +319,7 @@ handle_request(const struct rte_mp_msg *msg, const void *peer __rte_unused) if (m->t == REQ_TYPE_ALLOC) { ret = handle_alloc_request(m, entry); } else if (m->t == REQ_TYPE_FREE) { - eal_memalloc_mem_event_notify(RTE_MEM_EVENT_FREE, - m->free_req.addr, m->free_req.len); - - ret = malloc_heap_free_pages(m->free_req.addr, - m->free_req.len); + ret = handle_free_request(m); } else { RTE_LOG(ERR, EAL, "Unexpected request from secondary\n"); goto fail; diff --git a/lib/librte_eal/common/malloc_mp.h b/lib/librte_eal/common/malloc_mp.h index 2b86b76f68..015b7ec393 100644 --- a/lib/librte_eal/common/malloc_mp.h +++ b/lib/librte_eal/common/malloc_mp.h @@ -30,7 +30,7 @@ enum malloc_req_result { }; struct malloc_req_alloc { - struct malloc_heap *heap; + uint32_t malloc_heap_idx; uint64_t page_sz; size_t elt_size; int socket; -- 2.25.1