From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-oln040092067022.outbound.protection.outlook.com [40.92.67.22]) by dpdk.org (Postfix) with ESMTP id 0A82714EC for ; Fri, 18 Jan 2019 18:36:41 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P5XIezTFXvZj2OuYXqPI3jW8maZuoC0qwfII79HNZsE=; b=IIwB0o/p9cjQrPPbZrTY3TzjWoaeYLbbNkzDkzDpoyP7BSvoTbh3OWIucEj0yaocHmJ4QGB6Q4sflFkdAjliZSTosHuCE2c5VrvjGCtop8MqyRrbd36pax8IBUADsSIzHXwu1zyL9calHqLC2R3lRDxdyke4ySDYhfUH+oK0QZuBaCAtiDDU91OE9n57uX+CqdRdIZq7jjgi0URKuownWq9wtb2VPHPN66j9JofdHNp5Xb2B+XHx0Ewh8kPvexFEHGzNOo4jxGJYY6TMFsoWgzThH5ho8KhCg6x2tDYHL/ibNuGc/GDpi057NeC9DxY7rtPPtn4P0yj2xgkAlzf+Gg== Received: from HE1EUR02FT009.eop-EUR02.prod.protection.outlook.com (10.152.10.51) by HE1EUR02HT216.eop-EUR02.prod.protection.outlook.com (10.152.11.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1537.18; Fri, 18 Jan 2019 17:36:40 +0000 Received: from AM0PR0402MB3826.eurprd04.prod.outlook.com (10.152.10.59) by HE1EUR02FT009.mail.protection.outlook.com (10.152.10.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Fri, 18 Jan 2019 17:36:40 +0000 Received: from AM0PR0402MB3826.eurprd04.prod.outlook.com ([fe80::f054:626f:38a6:777f]) by AM0PR0402MB3826.eurprd04.prod.outlook.com ([fe80::f054:626f:38a6:777f%3]) with mapi id 15.20.1516.019; Fri, 18 Jan 2019 17:36:40 +0000 From: Daniel Pharos To: "dev@dpdk.org" Thread-Topic: MLX5: Array written to out-of-bounds when freeing memory Thread-Index: AdSvVFz67lu5CZjxTiSR721bKdwf6w== Date: Fri, 18 Jan 2019 17:36:39 +0000 Message-ID: Accept-Language: nl-NL, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:47D22D9807E3943A0DD4FFE4DAFC10427B1DE3EBBE2F9739D36F9555F20275FC; UpperCasedChecksum:592520BB0B5E902F452F922CBDFE209D243840A6C72781A1DA49F86B38DBB575; SizeAsReceived:6910; Count:44 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [qG25+UGEq/Msnj7fUPWC9ySv0O60Vyst] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; HE1EUR02HT216; 6:TItLnVzolpXZKaSSKLc53mepLMZTc+u4HyyGP9C5Ms4RyQelZz9g/M9bNlglSuYm7Gqc+F4+9LxSmiKP+hPnHmkDojhLDndd1H1cvdINRU2hf2cfNdr3jzBBMX2AzCgiVpmRxcKU4S7pRU8tKOgRtKS3UqKvcR5UoWofcreoaPHoxaMjymW5AdbP94zyoKkBLQhh5AheZSVr9xkqZ2efTTpBhP+KDUu5/6eDsprCCT5E+yRnO6l2U1lgsUkYVYoCzgGnUdJZTSg24uHRyh0Q6UJJE5JRJXDyfGnD7RPNbEaKa5c2rat+1bFRyETuH6E/qMUIdeOK6rCyca549sR4R7XpQ78KemElcHO1CVFxQ0oHXiMnD2INFHFKh7MlJe0dWvfFgn4AyE5QsIaMsdhF/vVVBSl4Nei5J1Nuqo2+qM7KgtYt4kEpfKz89ueDXEsh0uKDJZaNGMUqbjNDHzHb/g==; 5:n0EhWNdfJw0YALJGs25Z1AV/15wTsp+oCZR4otvwEwA5VbjmDmVPuDwtT+U2xc3rUVB8XbWxFopjzxRmZcnG+UWSbvPBW3WC0sMQdboIJWd2TvFs/kKwG7PsdSjAs9SCvQKa6hg/GI26TsT3uzWTn4UdfSZAuV+qqDv+9kNeR2NJR/7nEfHgp3PlGj7/4M7E0vOJbK8RpAgleSEWoY75/Q==; 7:v8037Nz5rajvKcYN1lTTJlZjhdNtz3nyTSCT2X0fE+jZF+uFoHTuh2RCZ27e3+8EtSh4HQeiCji+iqXPMETgprzsYOnNuLdj2oF47NuUfEsOwpvlrqXQYjePLxQo6eELFTXq0PKH2Johchy1Flz7Fg== x-incomingheadercount: 44 x-eopattributedmessage: 0 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(20181119070)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031323274)(2017031324274)(2017031322404)(1601125500)(1603101475)(1701031045); SRVR:HE1EUR02HT216; x-ms-traffictypediagnostic: HE1EUR02HT216: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(4566010)(82015058); SRVR:HE1EUR02HT216; BCL:0; PCL:0; RULEID:; SRVR:HE1EUR02HT216; x-microsoft-antispam-message-info: Di2kbvv5z+GHQnqjkqaIwZvzpwxGpKEtf6Da/5kH7wcDvL0VLPVN6b1zir7lIPiu MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 9bd8b953-1c55-4da7-b616-8bcad099ae8b X-MS-Exchange-CrossTenant-Network-Message-Id: 26d1edcb-3d21-48e8-caff-08d67d6b8123 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 9bd8b953-1c55-4da7-b616-8bcad099ae8b X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jan 2019 17:36:40.0770 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR02HT216 X-Mailman-Approved-At: Sat, 19 Jan 2019 00:14:28 +0100 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [dpdk-dev] MLX5: Array written to out-of-bounds when freeing memory X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2019 17:36:41 -0000 Hi, Recently I had the privilege of some play-time on a IBM Power 9 machine wit= h a Mellanox MLX5-card in it. However, I encountered a seg fault problem us= ing DPDK and DPDK-pktgen. It's the exact same one as somebody else encounte= red (also on a Power 9) here: https://bugzilla.redhat.com/show_bug.cgi?id=3D1634159#c10 It looks like it's writing out-of-bounds on the "free"-array in DPDK. Reverting the patch that added the bulk-free ( http://mails.dpdk.org/archiv= es/dev/2017-June/069154.html ) indeed makes DPDK and pktgen function correc= tly. A better workaround I found is to change drivers/net/mlx5/mlx5_rxtx.h,= line 580 to: if (likely((m->pool =3D=3D pool) && (blk_n !=3D elt= s_n))) { I'm not familiar enough with the code to understand why the array is being = written to out-of-bounds, and why it's only happening on a Power 9 machine.= Unfortunately, my play-time is now over, but I thought I'd report this iss= ue anyway, so hopefully it can be investigated and fixed properly. Kind regards, DanielPharos