* [PATCH] app/testpmd: fix invalid memory access @ 2018-05-07 9:50 Qi Zhang 2018-05-08 6:24 ` Zhao1, Wei 2018-05-09 13:58 ` Thomas Monjalon 0 siblings, 2 replies; 4+ messages in thread From: Qi Zhang @ 2018-05-07 9:50 UTC (permalink / raw) To: adrien.mazarguil; +Cc: yuan.peng, wei.zhao1, dev, Qi Zhang When calulate memory size of an RTE_FLOW_ITEM_TYPE_RAW 's mask mask->length is not the real size of binary pattern, it should take spec->length, or memory size will be over counted (0xffff) and invalid memory be access during following memcpy. Fixes: d0ad8648b1c5 ("app/testpmd: fix RSS flow action configuration") Signed-off-by: Qi Zhang <qi.z.zhang@intel.com> --- app/test-pmd/config.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c index 16fc481ce..bcaf429c4 100644 --- a/app/test-pmd/config.c +++ b/app/test-pmd/config.c @@ -1077,7 +1077,8 @@ flow_item_spec_copy(void *buf, const struct rte_flow_item *item, dst.raw = buf; off = RTE_ALIGN_CEIL(sizeof(struct rte_flow_item_raw), sizeof(*src.raw->pattern)); - size = off + src.raw->length * sizeof(*src.raw->pattern); + size = off + ((const struct rte_flow_item_raw *)item->spec)-> + length * sizeof(*src.raw->pattern); if (dst.raw) { memcpy(dst.raw, src.raw, sizeof(*src.raw)); dst.raw->pattern = memcpy((uint8_t *)dst.raw + off, -- 2.13.6 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] app/testpmd: fix invalid memory access 2018-05-07 9:50 [PATCH] app/testpmd: fix invalid memory access Qi Zhang @ 2018-05-08 6:24 ` Zhao1, Wei 2018-05-08 8:31 ` Zhang, Qi Z 2018-05-09 13:58 ` Thomas Monjalon 1 sibling, 1 reply; 4+ messages in thread From: Zhao1, Wei @ 2018-05-08 6:24 UTC (permalink / raw) To: Zhang, Qi Z, adrien.mazarguil; +Cc: Peng, Yuan, dev Hi, zhang qi This fix patch to DPDK.or is also useful for igb flex byte core dump issue. I have validation it. But there is some patch check warning. https://dpdk.org/dev/patchwork/patch/39417/ > -----Original Message----- > From: Zhang, Qi Z > Sent: Monday, May 7, 2018 5:51 PM > To: adrien.mazarguil@6wind.com > Cc: Peng, Yuan <yuan.peng@intel.com>; Zhao1, Wei <wei.zhao1@intel.com>; > dev@dpdk.org; Zhang, Qi Z <qi.z.zhang@intel.com> > Subject: [PATCH] app/testpmd: fix invalid memory access > > When calulate memory size of an RTE_FLOW_ITEM_TYPE_RAW 's mask > mask->length is not the real size of binary pattern, it should take > spec->length, or memory size will be over counted (0xffff) and invalid > memory be access during following memcpy. > > Fixes: d0ad8648b1c5 ("app/testpmd: fix RSS flow action configuration") > > Signed-off-by: Qi Zhang <qi.z.zhang@intel.com> > --- > app/test-pmd/config.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c index > 16fc481ce..bcaf429c4 100644 > --- a/app/test-pmd/config.c > +++ b/app/test-pmd/config.c > @@ -1077,7 +1077,8 @@ flow_item_spec_copy(void *buf, const struct > rte_flow_item *item, > dst.raw = buf; > off = RTE_ALIGN_CEIL(sizeof(struct rte_flow_item_raw), > sizeof(*src.raw->pattern)); > - size = off + src.raw->length * sizeof(*src.raw->pattern); > + size = off + ((const struct rte_flow_item_raw *)item->spec)-> > + length * sizeof(*src.raw->pattern); > if (dst.raw) { > memcpy(dst.raw, src.raw, sizeof(*src.raw)); > dst.raw->pattern = memcpy((uint8_t *)dst.raw + off, > -- > 2.13.6 ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] app/testpmd: fix invalid memory access 2018-05-08 6:24 ` Zhao1, Wei @ 2018-05-08 8:31 ` Zhang, Qi Z 0 siblings, 0 replies; 4+ messages in thread From: Zhang, Qi Z @ 2018-05-08 8:31 UTC (permalink / raw) To: Zhao1, Wei, adrien.mazarguil; +Cc: Peng, Yuan, dev Hi Zhao Wei: > -----Original Message----- > From: Zhao1, Wei > Sent: Tuesday, May 8, 2018 2:24 PM > To: Zhang, Qi Z <qi.z.zhang@intel.com>; adrien.mazarguil@6wind.com > Cc: Peng, Yuan <yuan.peng@intel.com>; dev@dpdk.org > Subject: RE: [PATCH] app/testpmd: fix invalid memory access > > Hi, zhang qi > This fix patch to DPDK.or is also useful for igb flex byte core dump issue. > I have validation it. But there is some patch check warning. > https://dpdk.org/dev/patchwork/patch/39417/ Thanks for testing, I will capture the typo if Adrien agree with the fix. Regards Qi > > > > > -----Original Message----- > > From: Zhang, Qi Z > > Sent: Monday, May 7, 2018 5:51 PM > > To: adrien.mazarguil@6wind.com > > Cc: Peng, Yuan <yuan.peng@intel.com>; Zhao1, Wei > <wei.zhao1@intel.com>; > > dev@dpdk.org; Zhang, Qi Z <qi.z.zhang@intel.com> > > Subject: [PATCH] app/testpmd: fix invalid memory access > > > > When calulate memory size of an RTE_FLOW_ITEM_TYPE_RAW 's mask > > mask->length is not the real size of binary pattern, it should take > > spec->length, or memory size will be over counted (0xffff) and invalid > > memory be access during following memcpy. > > > > Fixes: d0ad8648b1c5 ("app/testpmd: fix RSS flow action configuration") > > > > Signed-off-by: Qi Zhang <qi.z.zhang@intel.com> > > --- > > app/test-pmd/config.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c index > > 16fc481ce..bcaf429c4 100644 > > --- a/app/test-pmd/config.c > > +++ b/app/test-pmd/config.c > > @@ -1077,7 +1077,8 @@ flow_item_spec_copy(void *buf, const struct > > rte_flow_item *item, > > dst.raw = buf; > > off = RTE_ALIGN_CEIL(sizeof(struct rte_flow_item_raw), > > sizeof(*src.raw->pattern)); > > - size = off + src.raw->length * sizeof(*src.raw->pattern); > > + size = off + ((const struct rte_flow_item_raw *)item->spec)-> > > + length * sizeof(*src.raw->pattern); > > if (dst.raw) { > > memcpy(dst.raw, src.raw, sizeof(*src.raw)); > > dst.raw->pattern = memcpy((uint8_t *)dst.raw + off, > > -- > > 2.13.6 ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] app/testpmd: fix invalid memory access 2018-05-07 9:50 [PATCH] app/testpmd: fix invalid memory access Qi Zhang 2018-05-08 6:24 ` Zhao1, Wei @ 2018-05-09 13:58 ` Thomas Monjalon 1 sibling, 0 replies; 4+ messages in thread From: Thomas Monjalon @ 2018-05-09 13:58 UTC (permalink / raw) To: Qi Zhang; +Cc: dev, adrien.mazarguil, yuan.peng, wei.zhao1 07/05/2018 11:50, Qi Zhang: > When calulate memory size of an RTE_FLOW_ITEM_TYPE_RAW 's mask > mask->length is not the real size of binary pattern, it should take > spec->length, or memory size will be over counted (0xffff) and invalid > memory be access during following memcpy. > > Fixes: d0ad8648b1c5 ("app/testpmd: fix RSS flow action configuration") > > Signed-off-by: Qi Zhang <qi.z.zhang@intel.com> Applied, thanks ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-05-09 13:58 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-05-07 9:50 [PATCH] app/testpmd: fix invalid memory access Qi Zhang 2018-05-08 6:24 ` Zhao1, Wei 2018-05-08 8:31 ` Zhang, Qi Z 2018-05-09 13:58 ` Thomas Monjalon
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.