From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B99FEA0C43; Thu, 26 Aug 2021 16:39:56 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 698BB4120D; Thu, 26 Aug 2021 16:39:56 +0200 (CEST) Received: from inbox.dpdk.org (inbox.dpdk.org [95.142.172.178]) by mails.dpdk.org (Postfix) with ESMTP id 4915540689 for ; Thu, 26 Aug 2021 16:39:55 +0200 (CEST) Received: by inbox.dpdk.org (Postfix, from userid 33) id 2B736A0C4B; Thu, 26 Aug 2021 16:39:55 +0200 (CEST) From: bugzilla@dpdk.org To: dev@dpdk.org Date: Thu, 26 Aug 2021 14:39:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: DPDK X-Bugzilla-Component: ethdev X-Bugzilla-Version: 21.05 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: camilo.vega@mail.utoronto.ca X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: dev@dpdk.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All MIME-Version: 1.0 Subject: [dpdk-dev] [Bug 796] Lack of error checking in rte_pktmbuf_mtod could lead to a seg fault X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" https://bugs.dpdk.org/show_bug.cgi?id=3D796 Bug ID: 796 Summary: Lack of error checking in rte_pktmbuf_mtod could lead to a seg fault Product: DPDK Version: 21.05 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: Normal Component: ethdev Assignee: dev@dpdk.org Reporter: camilo.vega@mail.utoronto.ca Target Milestone: --- I have been working with DPDK and I came across a bug that unless well documented could lead to a segmentation fault at runtime. I have a workarou= nd but I wanted to let you know to help the community improve. When calling rte_eth_rx_burst at very high speeds (above 10G), we will on very rare occasions (It usually takes hours to reproduce) we receive packet bursts wh= ere most of the packets are valid but one or more packets in the middle have pkts[i]->buf_addr equal to NULL (potentially due to a NIC glitch I assume).= The problem is that this parameter is usually abstracted away from the user who would normally just use the rte_pktmbuf_mtod to perform the checks and retu= rn the address to the payload rather than accessing it directly, and therefore would not think, unless the documentation explicitly requires it, to check = if pkts[i]->buf_addr is NULL for any of the values or not. rte_pktmbuf_mtod al= so does not check this condition and so if we call=20 "char *base_pkt_address =3D rte_pktmbuf_mtod(pkts[i],char *);"=20 where pkts[i]->buf_addr =3D=3D NULL, then base_pkt_address will not get a v= alid address but instead gets 0+the size of the preamble (which is usually the constant 0x80). This is not a value the user would normally be checking for, they would instead typically check if base_pkt_address is NULL and otherwise assume the pointer is valid. Attempting to use the data pointed to by base_pkt_address will then lead to a segmentation fault as we try to access invalid address 0x80. I am using dpdk-21.05. I have an older NIC that does not support VFIO so th= is was produced using the uio_pci_generic driver. Thanks --=20 You are receiving this mail because: You are the assignee for the bug.=