From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 63B30460C4 for ; Mon, 20 Jan 2025 15:54:37 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4E19E4021F; Mon, 20 Jan 2025 15:54:37 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id EAA524021F for ; Mon, 20 Jan 2025 15:54:35 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1737384875; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WZYTrIWd1PcFx+R2a36Y2Fj6v2L9zIFQxpJ5qLmLbjg=; b=BRwjqAU53s239XhDZKs9tVlI/zaSqBSgja67coYtFcpeTlZzdmES2ngDs6fg0q3V/UrnQG jHcZu8Rqcy3gktzSVbas/31Co7qOahO+/L2Y+c7Rzs4FPRjRt8X2B43HclJVWaU00Khllq mBpeimpZZNw+dLklYKRk17vHZgUD4Zs= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-607-3D9sIJ2bNqKfj5FRSF8glQ-1; Mon, 20 Jan 2025 09:54:34 -0500 X-MC-Unique: 3D9sIJ2bNqKfj5FRSF8glQ-1 X-Mimecast-MFC-AGG-ID: 3D9sIJ2bNqKfj5FRSF8glQ Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-436723bf7ffso36132045e9.3 for ; Mon, 20 Jan 2025 06:54:33 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737384873; x=1737989673; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WZYTrIWd1PcFx+R2a36Y2Fj6v2L9zIFQxpJ5qLmLbjg=; b=MApzv03iGi3Ef+uVeT4kS2iEnJtkknzHIJ8pcW68dWQSCJMEOiLEUcAyLjI2Fg6+Lh 36YTMWq3KhhujcPoK8Ss57IqEd6ub6EgJRLflG5lOR2mhXTWq+K9RN2BxTzrb7elVN2r 87hTqXYEzcHAc83opO5XdB2A4RDg3N0xI0C/iJubcWHK+r7SFNu/Az7hLwazQNubEEhc DVmAv2pHgshb5eAc7Qk0qqMTVbVeyErw7FKdu4qYCHMqPpktRx2d3pwrjBkuuRfW7Srs 4Pzd95SF2JSln/KeLfV3ZPNTBBKcLCj0pdm84DDixUrQ44LzVs0bBPSYNw1DSVBXyJ9b Kfdw== X-Gm-Message-State: AOJu0YzUrf7us+u5hx4UxHGpwlFfdFm+fGUrojrL+k5ShnMdoZclW5Ie suTvi5q3iUimBI5daK+1n4XWcEbC5IRnoggktBSx28xDGDZc2OZubBmP45KNIQfZ2CeJ2okKdd4 CwnQfAbvghzdQoJ2DNUNhvTF7UJxY6PB2X8BBvroaLPRl X-Gm-Gg: ASbGncvDWFTeKXb4PAvywx3UdpWV9Gxnr+Exgbkb4ds/TsRpEpJ3iq7PP8yH65s3ASS htJChXr6IXqpfJx608OLA5FI35Xbja/Ye8FyTORS2ZkvIAtgI3pKQ9GfqezfYT0XgYOl/iNHXmS Jnseg0Px9ypFZBGl8QWw/llgwhQKavbb3pLxH+WyCdYpNRVWVG0dyeVRvXAMtBZBKRclAVC7USq U6G+QCG9eKBdLaZqU4Ocw/uip5GOWSBrizjAcNf7lOm6fVF5yuuMc4O60juyXdqoy0wK9Kw+MxJ PTRGpdQOhRYgnhGAZS3kfQ6kFeQYcXs6rLO9YQsI04KT/17APneMdKpE5TxKt3rPfA== X-Received: by 2002:a05:600c:3548:b0:434:a1d3:a321 with SMTP id 5b1f17b1804b1-438913c6150mr123570645e9.3.1737384873009; Mon, 20 Jan 2025 06:54:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IHfsBzFE4W7NnXWBfYxXky5g7l5GPqtK3DZTx/0HKO+bojXSLvyNH2N8fDT0XDM9O4RAjnd+A== X-Received: by 2002:a05:600c:3548:b0:434:a1d3:a321 with SMTP id 5b1f17b1804b1-438913c6150mr123570315e9.3.1737384872588; Mon, 20 Jan 2025 06:54:32 -0800 (PST) Received: from ?IPV6:2a06:5900:c00c:9000:45fa:7c02:baca:2de9? ([2a06:5900:c00c:9000:45fa:7c02:baca:2de9]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4389046226asm140694985e9.31.2025.01.20.06.54.31 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 20 Jan 2025 06:54:32 -0800 (PST) Message-ID: <30d650e7-4f7a-4cd1-92d2-02b049f3889e@redhat.com> Date: Mon, 20 Jan 2025 14:54:31 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 1/2] net/af_xdp: fix use after free in af_xdp_tx_zc() To: Ariel Otilibili , dev@dpdk.org Cc: stable@dpdk.org, Stephen Hemminger , Thomas Monjalon , David Marchand , Ciara Loftus References: <20250116195640.68885-1-ariel.otilibili@6wind.com> <20250116225151.188214-1-ariel.otilibili@6wind.com> <20250116225151.188214-2-ariel.otilibili@6wind.com> From: Maryam Tahhan In-Reply-To: <20250116225151.188214-2-ariel.otilibili@6wind.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: eHfRNAKs-2TNveokiJokvVZBZ5ppnvoNAMTbCgI_a4M_1737384873 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org On 16/01/2025 17:51, Ariel Otilibili wrote: > tx_bytes is computed after both legs are tested. This might > produce a use after memory free. > > The computation is now moved into each leg. > > Bugzilla ID: 1440 > Fixes: d8a210774e1d ("net/af_xdp: support unaligned umem chunks") > Signed-off-by: Ariel Otilibili > --- > drivers/net/af_xdp/rte_eth_af_xdp.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/af_xdp/rte_eth_af_xdp.c b/drivers/net/af_xdp/rte_eth_af_xdp.c > index 814398ba4b44..4326a29f7042 100644 > --- a/drivers/net/af_xdp/rte_eth_af_xdp.c > +++ b/drivers/net/af_xdp/rte_eth_af_xdp.c > @@ -574,6 +574,7 @@ af_xdp_tx_zc(void *queue, struct rte_mbuf **bufs, uint16_t nb_pkts) > umem->mb_pool->header_size; > offset = offset << XSK_UNALIGNED_BUF_OFFSET_SHIFT; > desc->addr = addr | offset; > + tx_bytes += mbuf->pkt_len; > count++; > } else { > struct rte_mbuf *local_mbuf = > @@ -601,11 +602,10 @@ af_xdp_tx_zc(void *queue, struct rte_mbuf **bufs, uint16_t nb_pkts) > desc->addr = addr | offset; > rte_memcpy(pkt, rte_pktmbuf_mtod(mbuf, void *), > desc->len); > + tx_bytes += mbuf->pkt_len; > rte_pktmbuf_free(mbuf); > count++; > } > - > - tx_bytes += mbuf->pkt_len; > } > > out: I think that you could've just set tx_bytes to the desc->len as this is being set in all scenarios... tx_bytes += desc->len;