[dpdk-dev] [PATCH] lpm: fix overflow issue

Igor Ryzhov iryzhov at nfware.com
Sun Feb 22 19:47:36 CET 2015


Great. The easiest way to reproduce the issue is to fill LPM table with
rules using only one depth and try to add another one rule with same depth.
Rule will be successfully added and memory will be corrupted.

воскресенье, 22 февраля 2015 г. пользователь Richardson, Bruce написал:

> Sorry I missed this Friday. I'll look at it  shortly.
>
>
>
> On 21 Feb 2015, at 22:56, Igor Ryzhov <iryzhov at nfware.com <javascript:;>
> <mailto:iryzhov at nfware.com <javascript:;>>> wrote:
>
> Hello again. Will anybody review this patch?
> This is really critical issue, because it can lead to memory corruption
> and break any program using LPM.
>
> CCing this to Bruce Richardson, because he is maintainer of LPM.
>
> Regards,
> Igor Ryzhov
>
> On Fri, Feb 20, 2015 at 4:16 PM, Igor Ryzhov <iryzhov at nfware.com
> <javascript:;><mailto:iryzhov at nfware.com <javascript:;>>> wrote:
> LPM table overflow may occur if table is full and added rule has the
> biggest depth that already have some rules.
>
> Signed-off-by: Igor Ryzhov <iryzhov at nfware.com <javascript:;><mailto:
> iryzhov at nfware.com <javascript:;>>>
> ---
>  lib/librte_lpm/rte_lpm.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/lib/librte_lpm/rte_lpm.c b/lib/librte_lpm/rte_lpm.c
> index 983e04b..cc51210 100644
> --- a/lib/librte_lpm/rte_lpm.c
> +++ b/lib/librte_lpm/rte_lpm.c
> @@ -298,6 +298,9 @@ rule_add(struct rte_lpm *lpm, uint32_t ip_masked,
> uint8_t depth,
>                                 return rule_index;
>                         }
>                 }
> +
> +               if (rule_index == lpm->max_rules)
> +                       return -ENOSPC;
>         } else {
>                 /* Calculate the position in which the rule will be
> stored. */
>                 rule_index = 0;
> --
> 1.9.3 (Apple Git-50)
>
>
>
>
> --
> Regards,
> Igor Ryzhov
>


More information about the dev mailing list