From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-oln040092066035.outbound.protection.outlook.com [40.92.66.35]) by dpdk.org (Postfix) with ESMTP id 14F381041 for ; Sat, 19 Jan 2019 13:16:34 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ip5zEOM7PJUGvIR1lp9g9iUdxovRi1UAQM3c3ex24WA=; b=T9ujOXMhglXWlYexi2vMWyFCoSauCpGvukksp8hMMbWd+e0qTajEkP+5fSXFDSzrAG2rBL7RQa4KP3OwPXvpUiNsgUYrWSSplSS7nKRqejybdO+HD5LZ4ZBSa2VgwRLc9Dz2/wBXy/ti9GZf6N29YBh7jDoa+NgZT/tgRblRD74B0sUlylmJWtupBoL9S6lXqSkuYOiER70r+Uidaam4sEaoIoboaxLOhtxseoDAeGKt0R36nl+zdTLXGSHFsCJywwvIkRKgeYuPayyiGc/x3nzS4JjB/ZwF01WzIEp7zxshNMU+jJltL8xPe+wfS/OnrapM8Vlcrw7cu1pWbPSgFw== Received: from HE1EUR01FT019.eop-EUR01.prod.protection.outlook.com (10.152.0.59) by HE1EUR01HT053.eop-EUR01.prod.protection.outlook.com (10.152.1.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.18; Sat, 19 Jan 2019 12:16:32 +0000 Received: from AM0PR0402MB3826.eurprd04.prod.outlook.com (10.152.0.57) by HE1EUR01FT019.mail.protection.outlook.com (10.152.0.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.11 via Frontend Transport; Sat, 19 Jan 2019 12:16:32 +0000 Received: from AM0PR0402MB3826.eurprd04.prod.outlook.com ([fe80::f054:626f:38a6:777f]) by AM0PR0402MB3826.eurprd04.prod.outlook.com ([fe80::f054:626f:38a6:777f%3]) with mapi id 15.20.1516.019; Sat, 19 Jan 2019 12:16:32 +0000 From: Daniel Pharos To: Yongseok Koh CC: "dev@dpdk.org" , Dekel Peled , "Olga Shern" Thread-Topic: [dpdk-dev] MLX5: Array written to out-of-bounds when freeing memory Thread-Index: AdSvVFz67lu5CZjxTiSR721bKdwf6wAclVOAAAp/S4A= Date: Sat, 19 Jan 2019 12:16:32 +0000 Message-ID: References: In-Reply-To: Accept-Language: nl-NL, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:D9B7AA08934C12541356E4D7C7CD806524612C71CFBC163F54206E2101DF1C7F; UpperCasedChecksum:9F623FFCA035E2A476E732135BE03ED4A12708E282F9B7903297468CC33CA668; SizeAsReceived:7298; Count:47 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [2tCd+XWW4w7tBf+0E15H8WLtGlQf5Muh] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; HE1EUR01HT053; 6:Sr9671dL/mKPxVR1ZQakINxpO5MWAWh9DUFZ/E4D8KPjfzKMt/Yy0gWuqNhpem6yH/d6pfWv1JvJADsaIy1t3RRxCW50pDzPFZqLoeMxrRmauencmEJcunpxcdjMPkyGS07E2E/pRw4rWTXF+ey3JxyrO9YmCshwyvYcE3Kc+xYPH2ZZKPMbjzUyIWegYq3y5mMRTESqyIZkxg+LghTPW5bLcDSeAGtO4PaQSSnyTBcTklEzqJjAB+PGWFNfKk7XC+hH1sdRzNkCwJZ9VVPdX9hiyf6UoRL+rnWtnlXmCI+mzNFXrtpyXAFMr6bo2Q5YrmqSahR0xotJQZmdeNqUX+MVvWSQB2yiZxZWK71Drmur/QfM8SNYBoWg3ATIYQ/h2nsdt/f3xtmCdVuJIcNhPlgCH3/IwmfkpLiaTqqUH5r5Po4xOiNgEBy7RdYU37WRAfsjQp2xm+7YdKZPm22PeQ==; 5:cP6SL+sfJO+EpYyhemuZMN1h2bDUJ9sJZKkHq7Nc/6bEd9na+nLnCMcA0Y805WBHhbYHcZbYNypSxvW0XkRSeqJVvOcO+Lh246Hhb/nmiFCyKnODisX/nic2Yckc5gxWHcAHUHOjSvcDA6tDARp8y6zKXTEd8S8qRvg+bjlWc0LP7wKBAu0x/WKN1gvCiq3du8rF5zuh7wuNl4JeEYLBKw==; 7:cl05LkVRnJ0yVeZJmcLtXdGeadVhbf92xcIt8mU76Ts6xg09QSfGGWiQlUr8aO/F6YVt4R+MGFmhHeKQcO2MUoQBcWZ0W3UPSZqzkp9JTwwyAOFhOdLP4SqRFqa+tBfhfXcEDRjQDT6ggq3HLIumwg== x-incomingheadercount: 47 x-eopattributedmessage: 0 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(20181119070)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031322404)(2017031323274)(2017031324274)(1601125500)(1603101475)(1701031045); SRVR:HE1EUR01HT053; x-ms-traffictypediagnostic: HE1EUR01HT053: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(4566010)(82015058); SRVR:HE1EUR01HT053; BCL:0; PCL:0; RULEID:; SRVR:HE1EUR01HT053; x-microsoft-antispam-message-info: VEHpPvTyu+UV9axE9g7IdWlBLtWLIAQC+Wu/+7kmIyXBQJgiUemm1sAdSlU8dXmD Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 9bd8b953-1c55-4da7-b616-8bcad099ae8b X-MS-Exchange-CrossTenant-Network-Message-Id: 5dc3e3e6-fb5f-448f-46f9-08d67e07f319 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 9bd8b953-1c55-4da7-b616-8bcad099ae8b X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jan 2019 12:16:32.7269 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR01HT053 X-Mailman-Approved-At: Sun, 20 Jan 2019 22:46:50 +0100 Subject: Re: [dpdk-dev] MLX5: Array written to out-of-bounds when freeing memory X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jan 2019 12:16:34 -0000 Hi Yongseok, Thanks for the quick response! If there is any information you need that I = may be able to provide, please just ask. Kind regards, DanielPharos -----Original Message----- From: Yongseok Koh =20 Sent: 19 January 2019 08:15 To: Daniel Pharos Cc: dev@dpdk.org; Dekel Peled ; Olga Shern Subject: Re: [dpdk-dev] MLX5: Array written to out-of-bounds when freeing m= emory Appreciate your report. We are aware of the issue and Dekel is investigating it. As I wrote the code, I'm also looking at the issue. Will keep you posted. Thanks, Yongseok > On Jan 18, 2019, at 9:36 AM, Daniel Pharos wro= te: >=20 > Hi, >=20 > Recently I had the privilege of some play-time on a IBM Power 9 machine w= ith a Mellanox MLX5-card in it. However, I encountered a seg fault problem = using DPDK and DPDK-pktgen. It's the exact same one as somebody else encoun= tered (also on a Power 9) here: > https://emea01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugz= illa.redhat.com%2Fshow_bug.cgi%3Fid%3D1634159%23c10&data=3D02%7C01%7Cys= koh%40mellanox.com%7Ce3e3546283b64a84e3b608d67d9acf8f%7Ca652971c7d2e4d9ba6a= 4d149256f461b%7C0%7C0%7C636834501198813346&sdata=3D722uRuNvcISF69NTrqwF= ldzIPC%2FP8Wz3CDKPutStWP8%3D&reserved=3D0 > It looks like it's writing out-of-bounds on the "free"-array in DPDK. >=20 > Reverting the patch that added the bulk-free ( https://emea01.safelinks.p= rotection.outlook.com/?url=3Dhttp%3A%2F%2Fmails.dpdk.org%2Farchives%2Fdev%2= F2017-June%2F069154.html&data=3D02%7C01%7Cyskoh%40mellanox.com%7Ce3e354= 6283b64a84e3b608d67d9acf8f%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636= 834501198813346&sdata=3D73up%2FKm9SZHBTdu64f5guSojTGNTFRkY7ePrBal7Bvo%3= D&reserved=3D0 ) indeed makes DPDK and pktgen function correctly. A bet= ter workaround I found is to change drivers/net/mlx5/mlx5_rxtx.h, line 580 = to: > if (likely((m->pool =3D=3D pool) && (blk_n !=3D el= ts_n))) { >=20 > I'm not familiar enough with the code to understand why the array is bein= g written to out-of-bounds, and why it's only happening on a Power 9 machin= e. Unfortunately, my play-time is now over, but I thought I'd report this i= ssue anyway, so hopefully it can be investigated and fixed properly. >=20 >=20 > Kind regards, > DanielPharos