[PATCH v1] net/memif: fix segfault with large burst size

Ferruh Yigit ferruh.yigit at amd.com
Fri Sep 29 16:41:43 CEST 2023

Previous message (by thread): [PATCH v1] net/memif: fix segfault with large burst size
Next message (by thread): [PATCH v2] eal: fix memory initialization deadlock
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/4/2023 8:10 AM, Joyce Kong wrote:
> There will be a segfault when Rx burst size is greater than
> MAX_PKT_BURST of memif. Fix the issue by correcting the
> wrong mbuf index in eth_memif_rx, which results in accessing
> invalid memory address.
> 
> Bugzilla ID: 1273
> Fixes: aa17df860891 ("net/memif: add a Rx fast path")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Joyce Kong <joyce.kong at arm.com>
> Reviewed-by: Feifei Wang <feifei.wang2 at arm.com>
> Reviewed-by: Ruifeng Wang <ruifeng.wang at arm.com>
> 

Hi Joyce, good catch.

Reviewed-by: Ferruh Yigit <ferruh.yigit at amd.com>

Applied to dpdk-next-net/main, thanks.

For record, if nb_pkts > MAX_PKT_BURST, memif buffer consumed in chunks
of MAX_PKT_BURST mbufs, next chunk consumption starts with 'goto
next_bulk' call.

For each chunk, MAX_PKT_BURST mbufs allocated and filled, they are
accessed by 'n_rx_pkts' index, but 'n_rx_pkts' is overall received mbuf
number, so it shouldn't be used as index for that chunk, but 'rx_pkts'
should be used which is reset at the beginning of the chunk processing.

For the first chunk using 'n_rx_pkts' or 'rx_pkts' are same, that
explains how issue lived till now, as commit log mentions issue can be
observed when nb_pkts > MAX_PKT_BURST.

Previous message (by thread): [PATCH v1] net/memif: fix segfault with large burst size
Next message (by thread): [PATCH v2] eal: fix memory initialization deadlock
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list