[dpdk-stable] [PATCH] mbuf: fix reset on mbuf free
Olivier Matz
olivier.matz at 6wind.com
Thu Nov 5 08:46:26 CET 2020
On Thu, Nov 05, 2020 at 12:15:49AM +0000, Ananyev, Konstantin wrote:
>
> Hi Olivier,
>
> > m->nb_seg must be reset on mbuf free whatever the value of m->next,
> > because it can happen that m->nb_seg is != 1. For instance in this
> > case:
> >
> > m1 = rte_pktmbuf_alloc(mp);
> > rte_pktmbuf_append(m1, 500);
> > m2 = rte_pktmbuf_alloc(mp);
> > rte_pktmbuf_append(m2, 500);
> > rte_pktmbuf_chain(m1, m2);
> > m0 = rte_pktmbuf_alloc(mp);
> > rte_pktmbuf_append(m0, 500);
> > rte_pktmbuf_chain(m0, m1);
> >
> > As rte_pktmbuf_chain() does not reset nb_seg in the initial m1
> > segment (this is not required), after this code the mbuf chain
> > have 3 segments:
> > - m0: next=m1, nb_seg=3
> > - m1: next=m2, nb_seg=2
> > - m2: next=NULL, nb_seg=1
> >
> > Freeing this mbuf chain will not restore nb_seg=1 in the second
> > segment.
>
> Hmm, not sure why is that?
> You are talking about freeing m1, right?
> rte_pktmbuf_prefree_seg(struct rte_mbuf *m)
> {
> ...
> if (m->next != NULL) {
> m->next = NULL;
> m->nb_segs = 1;
> }
>
> m1->next != NULL, so it will enter the if() block,
> and will reset both next and nb_segs.
> What I am missing here?
> Thinking in more generic way, that change:
> - if (m->next != NULL) {
> - m->next = NULL;
> - m->nb_segs = 1;
> - }
> + m->next = NULL;
> + m->nb_segs = 1;
Ah, sorry. I oversimplified the example and now it does not
show the issue...
The full example also adds a split() to break the mbuf chain
between m1 and m2. The kind of thing that would be done for
software TCP segmentation.
After this operation, we have 2 mbuf chain:
- m0 with 2 segments, the last one has next=NULL but nb_seg=2
- new_m with 1 segment
Freeing m0 will not restore nb_seg=1 in the second segment.
> Assumes that it is ok to have an mbuf with
> nb_seg > 1 and next == NULL.
> Which seems wrong to me.
I don't think it is wrong: nb_seg is just ignored when not in the first
segment, and there is nothing saying it should be set to 1. Typically,
rte_pktmbuf_chain() does not change it, and I guess it's the same for
many similar functions in applications.
Olivier
>
>
> >This is expected that mbufs stored in pool have their
> > nb_seg field set to 1.
> >
> > Fixes: 8f094a9ac5d7 ("mbuf: set mbuf fields while in pool")
> > Cc: stable at dpdk.org
> >
> > Signed-off-by: Olivier Matz <olivier.matz at 6wind.com>
> > ---
> > lib/librte_mbuf/rte_mbuf.c | 6 ++----
> > lib/librte_mbuf/rte_mbuf.h | 12 ++++--------
> > 2 files changed, 6 insertions(+), 12 deletions(-)
> >
> > diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> > index 8a456e5e64..e632071c23 100644
> > --- a/lib/librte_mbuf/rte_mbuf.c
> > +++ b/lib/librte_mbuf/rte_mbuf.c
> > @@ -129,10 +129,8 @@ rte_pktmbuf_free_pinned_extmem(void *addr, void *opaque)
> >
> > rte_mbuf_ext_refcnt_set(m->shinfo, 1);
> > m->ol_flags = EXT_ATTACHED_MBUF;
> > - if (m->next != NULL) {
> > - m->next = NULL;
> > - m->nb_segs = 1;
> > - }
> > + m->next = NULL;
> > + m->nb_segs = 1;
> > rte_mbuf_raw_free(m);
> > }
> >
> > diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
> > index a1414ed7cd..ef5800c8ef 100644
> > --- a/lib/librte_mbuf/rte_mbuf.h
> > +++ b/lib/librte_mbuf/rte_mbuf.h
> > @@ -1329,10 +1329,8 @@ rte_pktmbuf_prefree_seg(struct rte_mbuf *m)
> > return NULL;
> > }
> >
> > - if (m->next != NULL) {
> > - m->next = NULL;
> > - m->nb_segs = 1;
> > - }
> > + m->next = NULL;
> > + m->nb_segs = 1;
> >
> > return m;
> >
> > @@ -1346,10 +1344,8 @@ rte_pktmbuf_prefree_seg(struct rte_mbuf *m)
> > return NULL;
> > }
> >
> > - if (m->next != NULL) {
> > - m->next = NULL;
> > - m->nb_segs = 1;
> > - }
> > + m->next = NULL;
> > + m->nb_segs = 1;
> > rte_mbuf_refcnt_set(m, 1);
> >
> > return m;
> > --
> > 2.25.1
>
More information about the stable
mailing list