From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ua1-f50.google.com (mail-ua1-f50.google.com [209.85.222.50]) by dpdk.org (Postfix) with ESMTP id 824A94D27 for ; Tue, 9 Apr 2019 16:51:20 +0200 (CEST) Received: by mail-ua1-f50.google.com with SMTP id k32so932572uae.3 for ; Tue, 09 Apr 2019 07:51:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lSM8qxvp20xMwehhV2PreIT2aKf17xDp/MthaqKtRJg=; b=m9x6XTr5DQptFPM/yxV8smtfIQzIr0IGN3J6Y627pX++s9GCthkWwdx2VMZheNw7H8 pvANpo27qq9VsJBZzzKeuXG+kQhLylhees7ESRBmM11SufomS2TVJCIl5T3dIB0Jr9p+ jyTPmoflvAB8FS9mQXfRSqvoZnIiQ+5cEnozIKbTX9XfDkencybThanrG9HKPB5DRmUE gK+wzBJOXhcrJePMvckACRy1IQpa9qOHFVRai5BBtESzXXpkOwW2YEsYoRUpRu/VuYnV 29/0wz2kygLz4BlU5eAa1ZxKjjIGx9dab4evomo5JWD3esnOuoevb3XdLTMdFDlmFvUv B2kg== X-Gm-Message-State: APjAAAUWwCOPh2itPI2ptuqD6adeyOxmZ11/0gWI1SXu505RARY8Jks9 3JFSmvadVEsr7ps65c7a9FA5KhClJs6Ok9XehdTVLA== X-Google-Smtp-Source: APXvYqzcuHfxfE8+ToYHmIr1Um6CdIEj8LatadsgWxFFxFT4hGTlFqDJqHK7Gtlui3XxCtlfe3OGzd2HACQ+BcFMUJk= X-Received: by 2002:ab0:4870:: with SMTP id c45mr11045799uad.21.1554821479884; Tue, 09 Apr 2019 07:51:19 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: David Marchand Date: Tue, 9 Apr 2019 16:51:08 +0200 Message-ID: To: p.oltarzewski@gmail.com, Chas Williams <3chas3@gmail.com> Cc: dev Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] [Bug 248] Bonding PMD: Invalid array dimension in TX burst for 802.3ad mode with fast queue leads to SEGFAULT X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 14:51:20 -0000 On Tue, Apr 9, 2019 at 4:45 PM wrote: > https://bugs.dpdk.org/show_bug.cgi?id=248 > > Bug ID: 248 > Summary: Bonding PMD: Invalid array dimension in TX burst for > 802.3ad mode with fast queue leads to SEGFAULT > Product: DPDK > Version: 18.11 > Hardware: All > OS: All > Status: CONFIRMED > Severity: major > Priority: Normal > Component: ethdev > Assignee: dev@dpdk.org > Reporter: p.oltarzewski@gmail.com > Target Milestone: --- > > DPDK 18.11.1 > > In drivers/net/bonding/rte_eth_bond_pmd.c::bond_ethdev_tx_burst_8023ad, > bufs_slave_port_idxs array is defined as follows (lines 1293-1294): > > /* Mapping array generated by hash function to map mbufs to slaves */ > uint16_t bufs_slave_port_idxs[RTE_MAX_ETHPORTS] = { 0 }; > > Array dimension should be equal to number of packets being transmitted > (nb_pkts) - as correctly implemented in > rte_eth_bond_pmd.c::bond_ethdev_tx_burst_balance. > > Invalid array dimension causes overflow when number of transmitted packets > is > greater than RTE_MAX_ETHPORTS. Some areas of memory end up overwritten (in > my > particular case, slave_nb_bufs array), which leads to SIGSEGV and crash. > > To work around the issue, ensure that number of packets transmitted in a > single > burst is no greater than RTE_MAX_ETHPORTS. > > To fix it, it should be sufficient to define bufs_slave_port_idxs as a > variable-length array, as in bond_ethdev_tx_burst_balance: > > /* Mapping array generated by hash function to map mbufs to slaves */ > uint16_t bufs_slave_port_idxs[nb_bufs]; > I have a series of fixes for this, and on the rx parts as well but did not have time to properly check them. Would you have some time to test it if I send it ? -- David Marchand From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id E604BA0096 for ; Tue, 9 Apr 2019 16:51:23 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E9BD54D3A; Tue, 9 Apr 2019 16:51:21 +0200 (CEST) Received: from mail-ua1-f50.google.com (mail-ua1-f50.google.com [209.85.222.50]) by dpdk.org (Postfix) with ESMTP id 824A94D27 for ; Tue, 9 Apr 2019 16:51:20 +0200 (CEST) Received: by mail-ua1-f50.google.com with SMTP id k32so932572uae.3 for ; Tue, 09 Apr 2019 07:51:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lSM8qxvp20xMwehhV2PreIT2aKf17xDp/MthaqKtRJg=; b=m9x6XTr5DQptFPM/yxV8smtfIQzIr0IGN3J6Y627pX++s9GCthkWwdx2VMZheNw7H8 pvANpo27qq9VsJBZzzKeuXG+kQhLylhees7ESRBmM11SufomS2TVJCIl5T3dIB0Jr9p+ jyTPmoflvAB8FS9mQXfRSqvoZnIiQ+5cEnozIKbTX9XfDkencybThanrG9HKPB5DRmUE gK+wzBJOXhcrJePMvckACRy1IQpa9qOHFVRai5BBtESzXXpkOwW2YEsYoRUpRu/VuYnV 29/0wz2kygLz4BlU5eAa1ZxKjjIGx9dab4evomo5JWD3esnOuoevb3XdLTMdFDlmFvUv B2kg== X-Gm-Message-State: APjAAAUWwCOPh2itPI2ptuqD6adeyOxmZ11/0gWI1SXu505RARY8Jks9 3JFSmvadVEsr7ps65c7a9FA5KhClJs6Ok9XehdTVLA== X-Google-Smtp-Source: APXvYqzcuHfxfE8+ToYHmIr1Um6CdIEj8LatadsgWxFFxFT4hGTlFqDJqHK7Gtlui3XxCtlfe3OGzd2HACQ+BcFMUJk= X-Received: by 2002:ab0:4870:: with SMTP id c45mr11045799uad.21.1554821479884; Tue, 09 Apr 2019 07:51:19 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: David Marchand Date: Tue, 9 Apr 2019 16:51:08 +0200 Message-ID: To: p.oltarzewski@gmail.com, Chas Williams <3chas3@gmail.com> Cc: dev Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] [Bug 248] Bonding PMD: Invalid array dimension in TX burst for 802.3ad mode with fast queue leads to SEGFAULT X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Message-ID: <20190409145108.dVio7L5-7_GTi5KKFBXUFZLiJExhGthQ5FPlm6jR3p4@z> On Tue, Apr 9, 2019 at 4:45 PM wrote: > https://bugs.dpdk.org/show_bug.cgi?id=248 > > Bug ID: 248 > Summary: Bonding PMD: Invalid array dimension in TX burst for > 802.3ad mode with fast queue leads to SEGFAULT > Product: DPDK > Version: 18.11 > Hardware: All > OS: All > Status: CONFIRMED > Severity: major > Priority: Normal > Component: ethdev > Assignee: dev@dpdk.org > Reporter: p.oltarzewski@gmail.com > Target Milestone: --- > > DPDK 18.11.1 > > In drivers/net/bonding/rte_eth_bond_pmd.c::bond_ethdev_tx_burst_8023ad, > bufs_slave_port_idxs array is defined as follows (lines 1293-1294): > > /* Mapping array generated by hash function to map mbufs to slaves */ > uint16_t bufs_slave_port_idxs[RTE_MAX_ETHPORTS] = { 0 }; > > Array dimension should be equal to number of packets being transmitted > (nb_pkts) - as correctly implemented in > rte_eth_bond_pmd.c::bond_ethdev_tx_burst_balance. > > Invalid array dimension causes overflow when number of transmitted packets > is > greater than RTE_MAX_ETHPORTS. Some areas of memory end up overwritten (in > my > particular case, slave_nb_bufs array), which leads to SIGSEGV and crash. > > To work around the issue, ensure that number of packets transmitted in a > single > burst is no greater than RTE_MAX_ETHPORTS. > > To fix it, it should be sufficient to define bufs_slave_port_idxs as a > variable-length array, as in bond_ethdev_tx_burst_balance: > > /* Mapping array generated by hash function to map mbufs to slaves */ > uint16_t bufs_slave_port_idxs[nb_bufs]; > I have a series of fixes for this, and on the rx parts as well but did not have time to properly check them. Would you have some time to test it if I send it ? -- David Marchand