From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 705355688 for ; Tue, 8 May 2018 08:24:32 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 May 2018 23:24:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,377,1520924400"; d="scan'208";a="226649915" Received: from pgsmsx102.gar.corp.intel.com ([10.221.44.80]) by fmsmga005.fm.intel.com with ESMTP; 07 May 2018 23:24:29 -0700 Received: from pgsmsx101.gar.corp.intel.com ([169.254.1.211]) by PGSMSX102.gar.corp.intel.com ([169.254.6.245]) with mapi id 14.03.0319.002; Tue, 8 May 2018 14:24:29 +0800 From: "Zhao1, Wei" To: "Zhang, Qi Z" , "adrien.mazarguil@6wind.com" CC: "Peng, Yuan" , "dev@dpdk.org" Thread-Topic: [PATCH] app/testpmd: fix invalid memory access Thread-Index: AQHT5ejb3EDQfkGR8keRBZRiP1iIKqQlXeIg Date: Tue, 8 May 2018 06:24:28 +0000 Message-ID: References: <20180507095044.48038-1-qi.z.zhang@intel.com> In-Reply-To: <20180507095044.48038-1-qi.z.zhang@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [172.30.20.206] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] app/testpmd: fix invalid memory access X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 May 2018 06:24:33 -0000 Hi, zhang qi=20 This fix patch to DPDK.or is also useful for igb flex byte core dump iss= ue. I have validation it. But there is some patch check warning. https://dpdk.org/dev/patchwork/patch/39417/ > -----Original Message----- > From: Zhang, Qi Z > Sent: Monday, May 7, 2018 5:51 PM > To: adrien.mazarguil@6wind.com > Cc: Peng, Yuan ; Zhao1, Wei ; > dev@dpdk.org; Zhang, Qi Z > Subject: [PATCH] app/testpmd: fix invalid memory access >=20 > When calulate memory size of an RTE_FLOW_ITEM_TYPE_RAW 's mask > mask->length is not the real size of binary pattern, it should take > spec->length, or memory size will be over counted (0xffff) and invalid > memory be access during following memcpy. >=20 > Fixes: d0ad8648b1c5 ("app/testpmd: fix RSS flow action configuration") >=20 > Signed-off-by: Qi Zhang > --- > app/test-pmd/config.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) >=20 > diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c index > 16fc481ce..bcaf429c4 100644 > --- a/app/test-pmd/config.c > +++ b/app/test-pmd/config.c > @@ -1077,7 +1077,8 @@ flow_item_spec_copy(void *buf, const struct > rte_flow_item *item, > dst.raw =3D buf; > off =3D RTE_ALIGN_CEIL(sizeof(struct rte_flow_item_raw), > sizeof(*src.raw->pattern)); > - size =3D off + src.raw->length * sizeof(*src.raw->pattern); > + size =3D off + ((const struct rte_flow_item_raw *)item->spec)-> > + length * sizeof(*src.raw->pattern); > if (dst.raw) { > memcpy(dst.raw, src.raw, sizeof(*src.raw)); > dst.raw->pattern =3D memcpy((uint8_t *)dst.raw + off, > -- > 2.13.6