From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BF60EA0524; Wed, 2 Jun 2021 11:47:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5DC6F4069F; Wed, 2 Jun 2021 11:47:21 +0200 (CEST) Received: from shelob.oktetlabs.ru (shelob.oktetlabs.ru [91.220.146.113]) by mails.dpdk.org (Postfix) with ESMTP id EB6FE40689; Wed, 2 Jun 2021 11:47:19 +0200 (CEST) Received: from [192.168.38.17] (aros.oktetlabs.ru [192.168.38.17]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by shelob.oktetlabs.ru (Postfix) with ESMTPSA id 75DC97F4F3; Wed, 2 Jun 2021 12:47:19 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 shelob.oktetlabs.ru 75DC97F4F3 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=oktetlabs.ru; s=default; t=1622627239; bh=MYqFk5XvR05/TVke97grir2oZ0HkHg7+gMGH5uF93U0=; h=Subject:From:To:Cc:References:Date:In-Reply-To; b=RAi+4T8MD5okahzTgXfVCHnFigsOU3ROGpCXJHd+0TayXFzdc+NVp/yjZVFIzpEU3 2t2P8XXB5RERgI6oWphIsLY0ZPTJVWL1n/qJlETisi9DupVdw2xYmE33TDynvTKswE 1ufRkB3AiUm55VCjyH4g7hg043uwfdapPv5Mlt2o= From: Andrew Rybchenko To: Cristian Dumitrescu Cc: dev@dpdk.org, Ivan Ilchenko , stable@dpdk.org, Andy Moreton References: <20210602090629.3495940-1-andrew.rybchenko@oktetlabs.ru> Organization: OKTET Labs Message-ID: <9e7c83ca-4b09-c416-eadd-8439fcd951f7@oktetlabs.ru> Date: Wed, 2 Jun 2021 12:47:19 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0 MIME-Version: 1.0 In-Reply-To: <20210602090629.3495940-1-andrew.rybchenko@oktetlabs.ru> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH] bitmap: fix buffer overrun in bitmap init function X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 6/2/21 12:06 PM, Andrew Rybchenko wrote: > From: Ivan Ilchenko > > Bitmap initialization function is allowed to memset > caller-provided buffer with number of bytes exceeded > this buffer size. This happens due to wrong comparision > sign between buffer size and number of bytes required > to initialize bitmap. > > Fixes: 602c9ca33a4 ("sched: bitmap is now dynamically allocated") > Cc: stable@dpdk.org > > Reported-by: Andy Moreton > Signed-off-by: Ivan Ilchenko > Signed-off-by: Andrew Rybchenko > Reviewed-by: Andy Moreton > --- > lib/eal/include/rte_bitmap.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/eal/include/rte_bitmap.h b/lib/eal/include/rte_bitmap.h > index 9e2b8f2cbf..870aecc594 100644 > --- a/lib/eal/include/rte_bitmap.h > +++ b/lib/eal/include/rte_bitmap.h > @@ -185,7 +185,7 @@ rte_bitmap_init(uint32_t n_bits, uint8_t *mem, uint32_t mem_size) > size = __rte_bitmap_get_memory_footprint(n_bits, > &array1_byte_offset, &array1_slabs, > &array2_byte_offset, &array2_slabs); > - if (size < mem_size) { > + if (size > mem_size) { > return NULL; > } > > Self-NACK, will fix spelling in v2 and remove curly brackets. Strictly speaking it is out of scope of the patch, but nice cleanup on the way.