From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Monjalon Subject: Re: [dpdk-stable] [PATCH] malloc: fix finding maximum contiguous IOVA size Date: Thu, 20 Dec 2018 15:18:23 +0100 Message-ID: <2873251.GVQA5Hj5eQ@xps> References: <20181212111054.35935-1-yskoh@mellanox.com> <1812ed89-fc60-1298-d789-201bd8a80471@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: stable@dpdk.org, "Burakov, Anatoly" , dev@dpdk.org To: Yongseok Koh Return-path: In-Reply-To: <1812ed89-fc60-1298-d789-201bd8a80471@intel.com> List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 12/12/2018 12:26, Burakov, Anatoly: > On 12-Dec-18 11:10 AM, Yongseok Koh wrote: > > malloc_elem_find_max_iova_contig() could return invalid size due to a > > missing sanity check. The following gdb output shows how 'cur_size' can be > > invalid in find_biggest_element(). > > > > (gdb) p/x cur_size > > $4 = 0xffffffffffe42900 > > (gdb) p elem > > $1 = (struct malloc_elem *) 0x12e842000 > > (gdb) p *elem > > $2 = {heap = 0x7ffff7ff387c, prev = 0x12e831fc0, next = > > 0x12e842900, free_list = {le_next = 0x109538000, le_prev = > > 0x7ffff7ff3894}, msl = 0x7ffff7ff107c, state = ELEM_FREE, > > pad = 0, size = 2304} > > (gdb) p *elem->msl > > $5 = {{base_va = 0x100200000, addr_64 = 4297064448}, page_sz = > > 2097152, socket_id = 0, version = 790, len = 17179869184, > > external = 0, memseg_arr = {name = "memseg-2048k-0-0", > > '\000' , count = 493, len = 8192, elt_sz > > = 48, data = 0x10002e000, rwlock = {cnt = 0}}} > > > > Fixes: 9fe6bceafd51 ("malloc: add finding biggest free IOVA-contiguous element") > > Cc: stable@dpdk.org > > Cc: anatoly.burakov@intel.com > > > > Signed-off-by: Yongseok Koh > > --- > > Acked-by: Anatoly Burakov Applied, thanks