[dpdk-dev] [dpdk-stable] [PATCH v2] mem: fix the alloc size roundup overflow

Bing Zhao bingz at mellanox.com
Thu May 7 14:16:09 CEST 2020

Previous message: [dpdk-dev] [dpdk-stable] [PATCH v2] mem: fix the alloc size roundup overflow
Next message: [dpdk-dev] [dpdk-stable] [PATCH v2] mem: fix the alloc size roundup overflow
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi David,
I've changed the space into tabs in v3 and suppressed this one.

Thanks a lot

BR. Bing

> -----Original Message-----
> From: David Marchand <david.marchand at redhat.com>
> Sent: Thursday, May 7, 2020 8:12 PM
> To: Burakov, Anatoly <anatoly.burakov at intel.com>; Bing Zhao
> <bingz at mellanox.com>
> Cc: Thomas Monjalon <thomas at monjalon.net>; dev <dev at dpdk.org>;
> dpdk stable <stable at dpdk.org>; sergio.gonzalez.monroy at intel.com
> Subject: Re: [dpdk-stable] [PATCH v2] mem: fix the alloc size roundup
> overflow
> 
> On Thu, May 7, 2020 at 1:55 PM Burakov, Anatoly
> <anatoly.burakov at intel.com> wrote:
> >
> > On 07-May-20 8:41 AM, Bing Zhao wrote:
> > > The size checking is done in the caller. The size parameter is an
> > > unsigned (64b wide) right now, so the comparison with zero should
> be
> > > enough in most cases. But it won't help in the following case.
> > > If the allocating request input a huge number by mistake, e.g.,
> some
> > > overflow after the calculation (especially subtraction), the
> > > checking in the caller will succeed since it is not zero. Indeed,
> > > there is not enough space in the system to support such huge
> memory allocation.
> > > Usually it will return failure in the following code. But if the
> > > input size is just a little smaller than the UINT64_MAX, like -2 in
> > > signed type.
> > > The roundup will cause an overflow and then "reset" the size to 0,
> > > and then only a header (128B now) with zero length will be
> returned.
> > > The following will be the previous allocation header.
> > > It should be OK in most cases if the application won't access the
> > > memory body. Or else, some critical issue will be caused and not
> > > easy to debug. So this issue should be prevented at the beginning,
> > > like other big size failure, NULL pointer should be returned also.
> > >
> > > Fixes: fdf20fa7bee9 ("add prefix to cache line macros")
> > > Cc: stable at dpdk.org
> > >
> > > Signed-off-by: Bing Zhao <bingz at mellanox.com>
> > > ---
> > > v2: add unit test for this case
> > > ---
> > >   app/test/test_malloc.c              | 12 ++++++++++++
> > >   lib/librte_eal/common/malloc_heap.c |  3 +++
> > >   2 files changed, 15 insertions(+)
> > >
> > > diff --git a/app/test/test_malloc.c b/app/test/test_malloc.c index
> > > 40a2f50..a96c060 100644
> > > --- a/app/test/test_malloc.c
> > > +++ b/app/test/test_malloc.c
> > > @@ -846,6 +846,18 @@
> > >       if (bad_ptr != NULL)
> > >               goto err_return;
> > >
> > > +     /* rte_malloc expected to return null with size will cause
> overflow */
> > > +     align = RTE_CACHE_LINE_SIZE;
> > > +     size = (size_t)-8;
> > > +
> > > +     bad_ptr = rte_malloc(type, size, align);
> > > +     if (bad_ptr != NULL)
> > > +             goto err_return;
> > > +
> > > +     bad_ptr = rte_realloc(NULL, size, align);
> > > +        if (bad_ptr != NULL)
> > > +                goto err_return;
> >
> > You're mixing space and tabs as indentation here.
> 
> Will fix while applying.
> 
> >
> > Otherwise,
> >
> > Reviewed-by: Anatoly Burakov <anatoly.burakov at intel.com>
> 
> You acked the v1, so I will go with it.
> Thanks for the work Bing, Anatoly.
> 
> 
> --
> David Marchand

Previous message: [dpdk-dev] [dpdk-stable] [PATCH v2] mem: fix the alloc size roundup overflow
Next message: [dpdk-dev] [dpdk-stable] [PATCH v2] mem: fix the alloc size roundup overflow
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list