From: "Burakov, Anatoly" <anatoly.burakov@intel.com>
To: Jake Freeland <jfree@FreeBSD.org>,
Bruce Richardson <bruce.richardson@intel.com>
Cc: <dev@dpdk.org>
Subject: Re: [PATCH 2/3] eal/freebsd: Do not index out of bounds in memseg list
Date: Thu, 8 May 2025 13:20:44 +0200 [thread overview]
Message-ID: <e0e7d27f-c047-41a1-ac40-912eedd6c431@intel.com> (raw)
In-Reply-To: <20250506175010.1141585-3-jfree@FreeBSD.org>
On 5/6/2025 7:50 PM, Jake Freeland wrote:
> It is possible for rte_fbarray_find_next_n_free() to misreport that there
> are n contiguous open spots. If we need two contiguous entries for a
> hole, make sure that we're not indexing out-of-bounds in the fbarray.
>
> The `arr->len - arr->count < n` condition in fbarray_find_n() is meant to
> safeguard against this, but we are not updating arr->count when inserting
> holes, so an undesired index may be returned.
>
> Signed-off-by: Jake Freeland <jfree@FreeBSD.org>
I don't quite get how this happens.
If we "need hole" that means the memseg list isn't empty, and previous
segment is occupied. When we need hole, we request 2 free spots from the
memseg. Let's assume there's only 2 free spots left in the memseg list,
so we get ms_idx equal to (arr->len - 2).
We get ms_idx - that is, the index of where the free spot starts, and
there's 2 spots guaranteed to be free at that point. We need a hole, so
we increment ms_idx once to arrive at last free spot (arr->len - 1).
Where would the overflow come from?
(also, now that I think of it, I suspect we should not be starting our
search from index 0 every time, because if we "don't need a hole"
because the segment is adjacent to previous one, that means
find_next_n(1) starting from 0 will find us a hole we left previously
for some other segment - perhaps we should find first unoccupied spot
from the end, and start the find_next_n search from there?)
--
Thanks,
Anatoly
next prev parent reply other threads:[~2025-05-08 11:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-06 17:50 [PATCH 0/3] EAL memory fixes Jake Freeland
2025-05-06 17:50 ` [PATCH 1/3] eal/freebsd: Do not use prev_ms_idx for hole detection Jake Freeland
2025-05-08 10:31 ` Burakov, Anatoly
2025-05-08 11:05 ` Burakov, Anatoly
2025-05-06 17:50 ` [PATCH 2/3] eal/freebsd: Do not index out of bounds in memseg list Jake Freeland
2025-05-08 11:20 ` Burakov, Anatoly [this message]
2025-05-06 17:50 ` [PATCH 3/3] eal/linux: Check hugepage access permissions Jake Freeland
2025-05-07 8:52 ` Stephen Hemminger
2025-05-07 16:09 ` Jake Freeland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e0e7d27f-c047-41a1-ac40-912eedd6c431@intel.com \
--to=anatoly.burakov@intel.com \
--cc=bruce.richardson@intel.com \
--cc=dev@dpdk.org \
--cc=jfree@FreeBSD.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).