* Re: [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members
2021-03-31 13:43 [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members Wenwu Ma
@ 2021-03-31 7:12 ` Jerin Jacob
0 siblings, 0 replies; 4+ messages in thread
From: Jerin Jacob @ 2021-03-31 7:12 UTC (permalink / raw)
To: Wenwu Ma; +Cc: Olivier Matz, dpdk-dev
On Wed, Mar 31, 2021 at 7:19 AM Wenwu Ma <wenwux.ma@intel.com> wrote:
>
> Before accessing the private data of mempool in
> function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
> it is necessary to determine whether the private data exists,
> otherwise it will cause null pointer access.
>
> Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> ---
> lib/librte_mbuf/rte_mbuf.h | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
> index c4c9ebfaa..6c2559550 100644
> --- a/lib/librte_mbuf/rte_mbuf.h
> +++ b/lib/librte_mbuf/rte_mbuf.h
> @@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
> {
> struct rte_pktmbuf_pool_private *mbp_priv;
>
> + if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
> + return 0;
If mp->private_data_size updated in the slow path at mempool create
time, why not have this sanity check in the slow path?
> +
> mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
> return mbp_priv->mbuf_data_room_size;
> }
> @@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
> {
> struct rte_pktmbuf_pool_private *mbp_priv;
>
> + if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
> + return 0;
> +
> mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
> return mbp_priv->mbuf_priv_size;
> }
> --
> 2.25.1
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members
@ 2021-03-31 13:43 Wenwu Ma
2021-03-31 7:12 ` Jerin Jacob
0 siblings, 1 reply; 4+ messages in thread
From: Wenwu Ma @ 2021-03-31 13:43 UTC (permalink / raw)
To: olivier.matz, dev; +Cc: Wenwu Ma
Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause null pointer access.
Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
lib/librte_mbuf/rte_mbuf.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..6c2559550 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
{
struct rte_pktmbuf_pool_private *mbp_priv;
+ if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+ return 0;
+
mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
return mbp_priv->mbuf_data_room_size;
}
@@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
{
struct rte_pktmbuf_pool_private *mbp_priv;
+ if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+ return 0;
+
mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
return mbp_priv->mbuf_priv_size;
}
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members
@ 2021-03-31 19:02 Wenwu Ma
0 siblings, 0 replies; 4+ messages in thread
From: Wenwu Ma @ 2021-03-31 19:02 UTC (permalink / raw)
To: olivier.matz; +Cc: dev
Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause heap-buffer-overflow.
Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
lib/librte_mbuf/rte_mbuf.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..6c2559550 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
{
struct rte_pktmbuf_pool_private *mbp_priv;
+ if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+ return 0;
+
mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
return mbp_priv->mbuf_data_room_size;
}
@@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
{
struct rte_pktmbuf_pool_private *mbp_priv;
+ if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private))
+ return 0;
+
mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
return mbp_priv->mbuf_priv_size;
}
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members
@ 2021-03-30 14:07 wenwux.ma
0 siblings, 0 replies; 4+ messages in thread
From: wenwux.ma @ 2021-03-30 14:07 UTC (permalink / raw)
To: olivier.matz; +Cc: dev, wenwu ma
From: wenwu ma <wenwux.ma@intel.com>
Before accessing the private data of mempool in
function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(),
it is necessary to determine whether the private data exists,
otherwise it will cause null pointer access.
Signed-off-by: wenwu ma <wenwux.ma@intel.com>
---
lib/librte_mbuf/rte_mbuf.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index c4c9ebfaa..9cca9a7d4 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp)
{
struct rte_pktmbuf_pool_private *mbp_priv;
+ if (mp->private_data_size != sizeof(struct rte_pktmbuf_pool_private))
+ return 0;
+
mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
return mbp_priv->mbuf_data_room_size;
}
@@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp)
{
struct rte_pktmbuf_pool_private *mbp_priv;
+ if (mp->private_data_size != sizeof(struct rte_pktmbuf_pool_private))
+ return 0;
+
mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp);
return mbp_priv->mbuf_priv_size;
}
--
2.25.1
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-31 7:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-31 13:43 [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members Wenwu Ma
2021-03-31 7:12 ` Jerin Jacob
-- strict thread matches above, loose matches on Subject: below --
2021-03-31 19:02 Wenwu Ma
2021-03-30 14:07 wenwux.ma
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).