From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 3E2E5A0096 for ; Tue, 9 Apr 2019 16:44:47 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E538F4D27; Tue, 9 Apr 2019 16:44:45 +0200 (CEST) Received: by dpdk.org (Postfix, from userid 33) id ED93D4D27; Tue, 9 Apr 2019 16:44:44 +0200 (CEST) From: bugzilla@dpdk.org To: dev@dpdk.org Date: Tue, 09 Apr 2019 14:44:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: DPDK X-Bugzilla-Component: ethdev X-Bugzilla-Version: 18.11 X-Bugzilla-Keywords: X-Bugzilla-Severity: major X-Bugzilla-Who: p.oltarzewski@gmail.com X-Bugzilla-Status: CONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: dev@dpdk.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All MIME-Version: 1.0 Subject: [dpdk-dev] [Bug 248] Bonding PMD: Invalid array dimension in TX burst for 802.3ad mode with fast queue leads to SEGFAULT X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Message-ID: <20190409144445.OAHQ4VlDCy2CAUKrlytxXe00kz52TLsL1XLSDFCFMh4@z> https://bugs.dpdk.org/show_bug.cgi?id=3D248 Bug ID: 248 Summary: Bonding PMD: Invalid array dimension in TX burst for 802.3ad mode with fast queue leads to SEGFAULT Product: DPDK Version: 18.11 Hardware: All OS: All Status: CONFIRMED Severity: major Priority: Normal Component: ethdev Assignee: dev@dpdk.org Reporter: p.oltarzewski@gmail.com Target Milestone: --- DPDK 18.11.1 In drivers/net/bonding/rte_eth_bond_pmd.c::bond_ethdev_tx_burst_8023ad, bufs_slave_port_idxs array is defined as follows (lines 1293-1294): /* Mapping array generated by hash function to map mbufs to slaves */ uint16_t bufs_slave_port_idxs[RTE_MAX_ETHPORTS] =3D { 0 }; Array dimension should be equal to number of packets being transmitted (nb_pkts) - as correctly implemented in rte_eth_bond_pmd.c::bond_ethdev_tx_burst_balance. Invalid array dimension causes overflow when number of transmitted packets = is greater than RTE_MAX_ETHPORTS. Some areas of memory end up overwritten (in = my particular case, slave_nb_bufs array), which leads to SIGSEGV and crash. To work around the issue, ensure that number of packets transmitted in a si= ngle burst is no greater than RTE_MAX_ETHPORTS. To fix it, it should be sufficient to define bufs_slave_port_idxs as a variable-length array, as in bond_ethdev_tx_burst_balance: /* Mapping array generated by hash function to map mbufs to slaves */ uint16_t bufs_slave_port_idxs[nb_bufs]; --=20 You are receiving this mail because: You are the assignee for the bug.=