* [dpdk-dev] [PATCH] lpm: fix freeing of rules_tbl in rte_lpm_free_v20
@ 2016-04-12 13:49 Christian Ehrhardt
2016-04-12 15:06 ` Olivier MATZ
0 siblings, 1 reply; 3+ messages in thread
From: Christian Ehrhardt @ 2016-04-12 13:49 UTC (permalink / raw)
To: christian.ehrhardt, bruce.richardson, dev, olivier.matz
Back then when we fixed the missing free lpm I was to quickly to say yes
if it applies not only to the lpm6 but also to all of the lpm code.
It turned out to not apply to all of them. In rte_lpm_create_v20 there
is an unexpected fused allocation:
mem_size = sizeof(*lpm) + (sizeof(lpm->rules_tbl[0]) * max_rules);
[...]
lpm = (struct rte_lpm_v20 *)rte_zmalloc_socket(mem_name,mem_size,
RTE_CACHE_LINE_SIZE, socket_id);
That causes lpm->rules_tbl not to have an own struct malloc_elem that
can be derived via RTE_PTR_SUB(data, MALLOC_ELEM_HEADER_LEN) in
malloc_elem_from_data.
Due to that the rte_lpm_free_v20 accidentially misderives the elem and
assumes it is ELEM_FREE triggering in malloc_elem_free
if (!malloc_elem_cookies_ok(elem) || elem->state !=
return -1;
While it seems counter-intuitive the way to properly remove rules_tbl in
the old fused allocation style of rte_lpm_free_v20 is to not remove it.
The newer rte_lpm_free_v1604 is safe because in rte_lpm_create_v1604
rules_tbl is a separate allocation.
Fixes: d4c18f0a1d5d ("lpm: fix missing free")
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
lib/librte_lpm/rte_lpm.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/librte_lpm/rte_lpm.c b/lib/librte_lpm/rte_lpm.c
index 8bdf606..6f65d1c 100644
--- a/lib/librte_lpm/rte_lpm.c
+++ b/lib/librte_lpm/rte_lpm.c
@@ -373,7 +373,6 @@ rte_lpm_free_v20(struct rte_lpm_v20 *lpm)
rte_rwlock_write_unlock(RTE_EAL_TAILQ_RWLOCK);
- rte_free(lpm->rules_tbl);
rte_free(lpm);
rte_free(te);
}
--
2.7.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH] lpm: fix freeing of rules_tbl in rte_lpm_free_v20
2016-04-12 13:49 [dpdk-dev] [PATCH] lpm: fix freeing of rules_tbl in rte_lpm_free_v20 Christian Ehrhardt
@ 2016-04-12 15:06 ` Olivier MATZ
2016-05-02 10:34 ` Thomas Monjalon
0 siblings, 1 reply; 3+ messages in thread
From: Olivier MATZ @ 2016-04-12 15:06 UTC (permalink / raw)
To: Christian Ehrhardt, bruce.richardson, dev
Hi,
On 04/12/2016 03:49 PM, Christian Ehrhardt wrote:
> Back then when we fixed the missing free lpm I was to quickly to say yes
> if it applies not only to the lpm6 but also to all of the lpm code.
>
> It turned out to not apply to all of them. In rte_lpm_create_v20 there
> is an unexpected fused allocation:
> mem_size = sizeof(*lpm) + (sizeof(lpm->rules_tbl[0]) * max_rules);
> [...]
> lpm = (struct rte_lpm_v20 *)rte_zmalloc_socket(mem_name,mem_size,
> RTE_CACHE_LINE_SIZE, socket_id);
>
> That causes lpm->rules_tbl not to have an own struct malloc_elem that
> can be derived via RTE_PTR_SUB(data, MALLOC_ELEM_HEADER_LEN) in
> malloc_elem_from_data.
> Due to that the rte_lpm_free_v20 accidentially misderives the elem and
> assumes it is ELEM_FREE triggering in malloc_elem_free
> if (!malloc_elem_cookies_ok(elem) || elem->state !=
> return -1;
>
> While it seems counter-intuitive the way to properly remove rules_tbl in
> the old fused allocation style of rte_lpm_free_v20 is to not remove it.
>
> The newer rte_lpm_free_v1604 is safe because in rte_lpm_create_v1604
> rules_tbl is a separate allocation.
>
> Fixes: d4c18f0a1d5d ("lpm: fix missing free")
>
> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Thanks, I missed it too during the review.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH] lpm: fix freeing of rules_tbl in rte_lpm_free_v20
2016-04-12 15:06 ` Olivier MATZ
@ 2016-05-02 10:34 ` Thomas Monjalon
0 siblings, 0 replies; 3+ messages in thread
From: Thomas Monjalon @ 2016-05-02 10:34 UTC (permalink / raw)
To: Christian Ehrhardt; +Cc: dev, Olivier MATZ, bruce.richardson
> > Back then when we fixed the missing free lpm I was to quickly to say yes
> > if it applies not only to the lpm6 but also to all of the lpm code.
> >
> > It turned out to not apply to all of them. In rte_lpm_create_v20 there
> > is an unexpected fused allocation:
> > mem_size = sizeof(*lpm) + (sizeof(lpm->rules_tbl[0]) * max_rules);
> > [...]
> > lpm = (struct rte_lpm_v20 *)rte_zmalloc_socket(mem_name,mem_size,
> > RTE_CACHE_LINE_SIZE, socket_id);
> >
> > That causes lpm->rules_tbl not to have an own struct malloc_elem that
> > can be derived via RTE_PTR_SUB(data, MALLOC_ELEM_HEADER_LEN) in
> > malloc_elem_from_data.
> > Due to that the rte_lpm_free_v20 accidentially misderives the elem and
> > assumes it is ELEM_FREE triggering in malloc_elem_free
> > if (!malloc_elem_cookies_ok(elem) || elem->state !=
> > return -1;
> >
> > While it seems counter-intuitive the way to properly remove rules_tbl in
> > the old fused allocation style of rte_lpm_free_v20 is to not remove it.
> >
> > The newer rte_lpm_free_v1604 is safe because in rte_lpm_create_v1604
> > rules_tbl is a separate allocation.
> >
> > Fixes: d4c18f0a1d5d ("lpm: fix missing free")
> >
> > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
>
> Acked-by: Olivier Matz <olivier.matz@6wind.com>
>
> Thanks, I missed it too during the review.
Applied, thanks
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-05-02 10:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-12 13:49 [dpdk-dev] [PATCH] lpm: fix freeing of rules_tbl in rte_lpm_free_v20 Christian Ehrhardt
2016-04-12 15:06 ` Olivier MATZ
2016-05-02 10:34 ` Thomas Monjalon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).