[PATCH v1] net/memif: fix segfault with large burst size
Ferruh Yigit
ferruh.yigit at amd.com
Fri Sep 29 16:41:43 CEST 2023
On 9/4/2023 8:10 AM, Joyce Kong wrote:
> There will be a segfault when Rx burst size is greater than
> MAX_PKT_BURST of memif. Fix the issue by correcting the
> wrong mbuf index in eth_memif_rx, which results in accessing
> invalid memory address.
>
> Bugzilla ID: 1273
> Fixes: aa17df860891 ("net/memif: add a Rx fast path")
> Cc: stable at dpdk.org
>
> Signed-off-by: Joyce Kong <joyce.kong at arm.com>
> Reviewed-by: Feifei Wang <feifei.wang2 at arm.com>
> Reviewed-by: Ruifeng Wang <ruifeng.wang at arm.com>
>
Hi Joyce, good catch.
Reviewed-by: Ferruh Yigit <ferruh.yigit at amd.com>
Applied to dpdk-next-net/main, thanks.
For record, if nb_pkts > MAX_PKT_BURST, memif buffer consumed in chunks
of MAX_PKT_BURST mbufs, next chunk consumption starts with 'goto
next_bulk' call.
For each chunk, MAX_PKT_BURST mbufs allocated and filled, they are
accessed by 'n_rx_pkts' index, but 'n_rx_pkts' is overall received mbuf
number, so it shouldn't be used as index for that chunk, but 'rx_pkts'
should be used which is reset at the beginning of the chunk processing.
For the first chunk using 'n_rx_pkts' or 'rx_pkts' are same, that
explains how issue lived till now, as commit log mentions issue can be
observed when nb_pkts > MAX_PKT_BURST.
More information about the stable
mailing list