* [dpdk-stable] patch 'mem: fix crash on hugepage mapping error' has been queued to stable release 16.07.1
@ 2016-10-12 6:44 Yuanhan Liu
0 siblings, 0 replies; only message in thread
From: Yuanhan Liu @ 2016-10-12 6:44 UTC (permalink / raw)
To: Maciej Czekaj; +Cc: dpdk stable
Hi,
FYI, your patch has been queued to stable release 16.07.1
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable
yet. It will be pushed if I get no objections before this Friday.
So please shutout if anyone has objections.
Thanks.
--yliu
---
>From e3ef4895da77499b9e956a0c7d65cf5fbcd38377 Mon Sep 17 00:00:00 2001
From: Maciej Czekaj <maciej.czekaj@caviumnetworks.com>
Date: Wed, 28 Sep 2016 12:52:57 +0200
Subject: [PATCH] mem: fix crash on hugepage mapping error
[ upstream commit c00ae961ff8dbc036322fdb41137a7dedac005c9 ]
In ASLR-enabled system, it is possible that selected
virtual space is occupied by program segments. Therefore,
error path should not blindly unmap all memmory segments
but only those already mapped.
Steps that lead to crash:
1. memeseg 0 in secondary process overlaps with libc.so
2. mmap of /dev/zero fails for virtual space of memseg 0
3. munmap of memseg 0 leads to unmapping libc.so itself
4. app gets SIGSEGV after returning from syscall to libc
Fixes: ea329d7f8e34 ("mem: fix leak after mapping failure")
Signed-off-by: Maciej Czekaj <maciej.czekaj@caviumnetworks.com>
---
lib/librte_eal/linuxapp/eal/eal_memory.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c b/lib/librte_eal/linuxapp/eal/eal_memory.c
index 41e0a92..575de63 100644
--- a/lib/librte_eal/linuxapp/eal/eal_memory.c
+++ b/lib/librte_eal/linuxapp/eal/eal_memory.c
@@ -1552,6 +1552,7 @@ rte_eal_hugepage_attach(void)
struct hugepage_file *hp = NULL;
unsigned num_hp = 0;
unsigned i, s = 0; /* s used to track the segment number */
+ unsigned max_seg = RTE_MAX_MEMSEG;
off_t size;
int fd, fd_zero = -1, fd_hugepage = -1;
@@ -1619,6 +1620,9 @@ rte_eal_hugepage_attach(void)
"in /dev/zero to requested address [%p]: '%s'\n",
(unsigned long long)mcfg->memseg[s].len,
mcfg->memseg[s].addr, strerror(errno));
+ max_seg = s;
+ if (base_addr != MAP_FAILED)
+ munmap(base_addr, mcfg->memseg[s].len);
if (aslr_enabled() > 0) {
RTE_LOG(ERR, EAL, "It is recommended to "
"disable ASLR in the kernel "
@@ -1701,11 +1705,8 @@ rte_eal_hugepage_attach(void)
return 0;
error:
- s = 0;
- while (s < RTE_MAX_MEMSEG && mcfg->memseg[s].len > 0) {
- munmap(mcfg->memseg[s].addr, mcfg->memseg[s].len);
- s++;
- }
+ for (i = 0; i < max_seg && mcfg->memseg[i].len > 0; i++)
+ munmap(mcfg->memseg[i].addr, mcfg->memseg[i].len);
if (hp != NULL && hp != MAP_FAILED)
munmap(hp, size);
if (fd_zero >= 0)
--
1.9.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-10-12 6:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-12 6:44 [dpdk-stable] patch 'mem: fix crash on hugepage mapping error' has been queued to stable release 16.07.1 Yuanhan Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).