From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from foss.arm.com (usa-sjc-mx-foss1.foss.arm.com [217.140.101.70]) by dpdk.org (Postfix) with ESMTP id 51C3E1B163 for ; Thu, 22 Nov 2018 03:52:10 +0100 (CET) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 97A6136C2; Wed, 21 Nov 2018 18:52:09 -0800 (PST) Received: from qc2400f-1.austin.arm.com (qc2400f-1.austin.arm.com [10.118.14.34]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 38DB83F5CF; Wed, 21 Nov 2018 18:52:09 -0800 (PST) From: Honnappa Nagarahalli To: bruce.richardson@intel.com, pablo.de.lara.guarch@intel.com Cc: dev@dpdk.org, yipeng1.wang@intel.com, gavin.hu@arm.com, honnappa.nagarahalli@arm.com, nd@arm.com Date: Wed, 21 Nov 2018 20:51:56 -0600 Message-Id: <20181122025156.42217-1-honnappa.nagarahalli@arm.com> X-Mailer: git-send-email 2.17.1 Subject: [dpdk-dev] [PATCH] hash: fix out-of-bound write while freeing key slot X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2018 02:52:10 -0000 Add a debug check for out-of-bound write while freeing the key slot. Coverity issue: 325733 Fixes: e605a1d36ca7 ("hash: add lock-free r/w concurrency") Cc: honnappa.nagarahalli@arm.com Signed-off-by: Honnappa Nagarahalli Reviewed-by: Steve Capper Reviewed-by: Gavin Hu --- lib/librte_hash/rte_cuckoo_hash.c | 4 ++++ lib/librte_hash/rte_cuckoo_hash.h | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/lib/librte_hash/rte_cuckoo_hash.c b/lib/librte_hash/rte_cuckoo_hash.c index 5ddcccd87..c35a60266 100644 --- a/lib/librte_hash/rte_cuckoo_hash.c +++ b/lib/librte_hash/rte_cuckoo_hash.c @@ -1272,6 +1272,9 @@ remove_entry(const struct rte_hash *h, struct rte_hash_bucket *bkt, unsigned i) n_slots = rte_ring_mp_enqueue_burst(h->free_slots, cached_free_slots->objs, LCORE_CACHE_SIZE, NULL); + ERR_IF_TRUE((n_slots == 0), + "%s: could not enqueue free slots in global ring\n", + __func__); cached_free_slots->len -= n_slots; } /* Put index of new free slot in cache. */ @@ -1477,6 +1480,7 @@ rte_hash_free_key_with_position(const struct rte_hash *h, n_slots = rte_ring_mp_enqueue_burst(h->free_slots, cached_free_slots->objs, LCORE_CACHE_SIZE, NULL); + RETURN_IF_TRUE((n_slots == 0), -EFAULT); cached_free_slots->len -= n_slots; } /* Put index of new free slot in cache. */ diff --git a/lib/librte_hash/rte_cuckoo_hash.h b/lib/librte_hash/rte_cuckoo_hash.h index 5dfbbc48b..eacdaa8d4 100644 --- a/lib/librte_hash/rte_cuckoo_hash.h +++ b/lib/librte_hash/rte_cuckoo_hash.h @@ -29,6 +29,17 @@ #define RETURN_IF_TRUE(cond, retval) #endif +#if defined(RTE_LIBRTE_HASH_DEBUG) +#define ERR_IF_TRUE(cond, fmt, args...) do { \ + if (cond) { \ + RTE_LOG(ERR, HASH, fmt, ##args); \ + return; \ + } \ +} while (0) +#else +#define ERR_IF_TRUE(cond, fmt, args...) +#endif + #include #include -- 2.17.1