[dpdk-stable] patch 'mem: fix malloc element resize with padding' has been queued to LTS release 16.11.3

Yuanhan Liu yliu at fridaylinux.org
Fri Jul 14 12:33:43 CEST 2017

Previous message: [dpdk-stable] patch 'ip_frag: free mbufs on reassembly table destroy' has been queued to LTS release 16.11.3
Next message: [dpdk-stable] patch 'examples/l2fwd-crypto: fix option parsing' has been queued to LTS release 16.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to LTS release 16.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 07/19/17. So please
shout if anyone has objections.

Thanks.

	--yliu

---
>From 473e0736fdd56daee55ee1596a8e15bc7efb9f4e Mon Sep 17 00:00:00 2001
From: Jamie Lavigne <lavignen at amazon.com>
Date: Thu, 8 Jun 2017 19:12:17 +0000
Subject: [PATCH] mem: fix malloc element resize with padding

[ upstream commit 6dc931654f6cc90fdf61b278d465cbdf87f795e0 ]

Currently when a malloc_elem is split after resizing, any padding
present in the elem is ignored.  This causes the resized elem to be too
small when padding is present, and user data can overwrite the beginning
of the following malloc_elem.

Solve this by including the size of the padding when computing where to
split the malloc_elem.

Fixes: af75078fece3 ("first public release")

Signed-off-by: Jamie Lavigne <lavignen at amazon.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>
---
 lib/librte_eal/common/malloc_elem.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
index 42568e1..08516af 100644
--- a/lib/librte_eal/common/malloc_elem.c
+++ b/lib/librte_eal/common/malloc_elem.c
@@ -314,17 +314,16 @@ malloc_elem_free(struct malloc_elem *elem)
 int
 malloc_elem_resize(struct malloc_elem *elem, size_t size)
 {
-	const size_t new_size = size + MALLOC_ELEM_OVERHEAD;
+	const size_t new_size = size + elem->pad + MALLOC_ELEM_OVERHEAD;
 	/* if we request a smaller size, then always return ok */
-	const size_t current_size = elem->size - elem->pad;
-	if (current_size >= new_size)
+	if (elem->size >= new_size)
 		return 0;
 
 	struct malloc_elem *next = RTE_PTR_ADD(elem, elem->size);
 	rte_spinlock_lock(&elem->heap->lock);
 	if (next ->state != ELEM_FREE)
 		goto err_return;
-	if (current_size + next->size < new_size)
+	if (elem->size + next->size < new_size)
 		goto err_return;
 
 	/* we now know the element fits, so remove from free list,
@@ -333,7 +332,7 @@ malloc_elem_resize(struct malloc_elem *elem, size_t size)
 	elem_free_list_remove(next);
 	join_elem(elem, next);
 
-	if (elem->size - new_size >= MIN_DATA_SIZE + MALLOC_ELEM_OVERHEAD){
+	if (elem->size - new_size >= MIN_DATA_SIZE + MALLOC_ELEM_OVERHEAD) {
 		/* now we have a big block together. Lets cut it down a bit, by splitting */
 		struct malloc_elem *split_pt = RTE_PTR_ADD(elem, new_size);
 		split_pt = RTE_PTR_ALIGN_CEIL(split_pt, RTE_CACHE_LINE_SIZE);
-- 
2.7.4

Previous message: [dpdk-stable] patch 'ip_frag: free mbufs on reassembly table destroy' has been queued to LTS release 16.11.3
Next message: [dpdk-stable] patch 'examples/l2fwd-crypto: fix option parsing' has been queued to LTS release 16.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list