From: Bing Zhao <bingz@mellanox.com>
To: David Marchand <david.marchand@redhat.com>,
"Burakov, Anatoly" <anatoly.burakov@intel.com>
Cc: Thomas Monjalon <thomas@monjalon.net>, dev <dev@dpdk.org>,
dpdk stable <stable@dpdk.org>,
"sergio.gonzalez.monroy@intel.com"
<sergio.gonzalez.monroy@intel.com>
Subject: Re: [dpdk-stable] [PATCH v2] mem: fix the alloc size roundup overflow
Date: Thu, 7 May 2020 12:16:09 +0000 [thread overview]
Message-ID: <VI1PR05MB4192EBCFADC1DF2545315F43DDA50@VI1PR05MB4192.eurprd05.prod.outlook.com> (raw)
In-Reply-To: <CAJFAV8zm=cEMSN2swGRMpmzDt4B6m_ZN1+jrFTXpGM6S=2etKQ@mail.gmail.com>
Hi David,
I've changed the space into tabs in v3 and suppressed this one.
Thanks a lot
BR. Bing
> -----Original Message-----
> From: David Marchand <david.marchand@redhat.com>
> Sent: Thursday, May 7, 2020 8:12 PM
> To: Burakov, Anatoly <anatoly.burakov@intel.com>; Bing Zhao
> <bingz@mellanox.com>
> Cc: Thomas Monjalon <thomas@monjalon.net>; dev <dev@dpdk.org>;
> dpdk stable <stable@dpdk.org>; sergio.gonzalez.monroy@intel.com
> Subject: Re: [dpdk-stable] [PATCH v2] mem: fix the alloc size roundup
> overflow
>
> On Thu, May 7, 2020 at 1:55 PM Burakov, Anatoly
> <anatoly.burakov@intel.com> wrote:
> >
> > On 07-May-20 8:41 AM, Bing Zhao wrote:
> > > The size checking is done in the caller. The size parameter is an
> > > unsigned (64b wide) right now, so the comparison with zero should
> be
> > > enough in most cases. But it won't help in the following case.
> > > If the allocating request input a huge number by mistake, e.g.,
> some
> > > overflow after the calculation (especially subtraction), the
> > > checking in the caller will succeed since it is not zero. Indeed,
> > > there is not enough space in the system to support such huge
> memory allocation.
> > > Usually it will return failure in the following code. But if the
> > > input size is just a little smaller than the UINT64_MAX, like -2 in
> > > signed type.
> > > The roundup will cause an overflow and then "reset" the size to 0,
> > > and then only a header (128B now) with zero length will be
> returned.
> > > The following will be the previous allocation header.
> > > It should be OK in most cases if the application won't access the
> > > memory body. Or else, some critical issue will be caused and not
> > > easy to debug. So this issue should be prevented at the beginning,
> > > like other big size failure, NULL pointer should be returned also.
> > >
> > > Fixes: fdf20fa7bee9 ("add prefix to cache line macros")
> > > Cc: stable@dpdk.org
> > >
> > > Signed-off-by: Bing Zhao <bingz@mellanox.com>
> > > ---
> > > v2: add unit test for this case
> > > ---
> > > app/test/test_malloc.c | 12 ++++++++++++
> > > lib/librte_eal/common/malloc_heap.c | 3 +++
> > > 2 files changed, 15 insertions(+)
> > >
> > > diff --git a/app/test/test_malloc.c b/app/test/test_malloc.c index
> > > 40a2f50..a96c060 100644
> > > --- a/app/test/test_malloc.c
> > > +++ b/app/test/test_malloc.c
> > > @@ -846,6 +846,18 @@
> > > if (bad_ptr != NULL)
> > > goto err_return;
> > >
> > > + /* rte_malloc expected to return null with size will cause
> overflow */
> > > + align = RTE_CACHE_LINE_SIZE;
> > > + size = (size_t)-8;
> > > +
> > > + bad_ptr = rte_malloc(type, size, align);
> > > + if (bad_ptr != NULL)
> > > + goto err_return;
> > > +
> > > + bad_ptr = rte_realloc(NULL, size, align);
> > > + if (bad_ptr != NULL)
> > > + goto err_return;
> >
> > You're mixing space and tabs as indentation here.
>
> Will fix while applying.
>
> >
> > Otherwise,
> >
> > Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
>
> You acked the v1, so I will go with it.
> Thanks for the work Bing, Anatoly.
>
>
> --
> David Marchand
next prev parent reply other threads:[~2020-05-07 12:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-07 10:46 [dpdk-stable] [PATCH] " Bing Zhao
2020-04-20 11:39 ` Burakov, Anatoly
2020-04-21 3:18 ` Bing Zhao
2020-05-07 7:39 ` [dpdk-stable] [PATCH v2] " Bing Zhao
2020-05-07 7:41 ` Bing Zhao
2020-05-07 8:02 ` [dpdk-stable] [PATCH v3] " Bing Zhao
2020-05-11 14:52 ` [dpdk-stable] [dpdk-dev] " David Marchand
2020-05-07 11:55 ` [dpdk-stable] [PATCH v2] " Burakov, Anatoly
2020-05-07 12:12 ` David Marchand
2020-05-07 12:16 ` Bing Zhao [this message]
2020-05-07 12:18 ` David Marchand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=VI1PR05MB4192EBCFADC1DF2545315F43DDA50@VI1PR05MB4192.eurprd05.prod.outlook.com \
--to=bingz@mellanox.com \
--cc=anatoly.burakov@intel.com \
--cc=david.marchand@redhat.com \
--cc=dev@dpdk.org \
--cc=sergio.gonzalez.monroy@intel.com \
--cc=stable@dpdk.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).