Re: [dpdk-dev] [PATCH] mbuf: Fix illegal pointer access to mempool members
From: Jerin Jacob <hidden>
Date: 2021-03-31 07:12:54
On Wed, Mar 31, 2021 at 7:19 AM Wenwu Ma [off-list ref] wrote:
quoted hunk ↗ jump to hunk
Before accessing the private data of mempool in function rte_pktmbuf_priv_size() and rte_pktmbuf_data_room_size(), it is necessary to determine whether the private data exists, otherwise it will cause null pointer access. Signed-off-by: Wenwu Ma <redacted> --- lib/librte_mbuf/rte_mbuf.h | 6 ++++++ 1 file changed, 6 insertions(+)diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h index c4c9ebfaa..6c2559550 100644 --- a/lib/librte_mbuf/rte_mbuf.h +++ b/lib/librte_mbuf/rte_mbuf.h@@ -811,6 +811,9 @@ rte_pktmbuf_data_room_size(struct rte_mempool *mp) { struct rte_pktmbuf_pool_private *mbp_priv; + if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private)) + return 0;
If mp->private_data_size updated in the slow path at mempool create time, why not have this sanity check in the slow path?
quoted hunk ↗ jump to hunk
+ mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp); return mbp_priv->mbuf_data_room_size; }@@ -832,6 +835,9 @@ rte_pktmbuf_priv_size(struct rte_mempool *mp) { struct rte_pktmbuf_pool_private *mbp_priv; + if (mp->private_data_size < sizeof(struct rte_pktmbuf_pool_private)) + return 0; + mbp_priv = (struct rte_pktmbuf_pool_private *)rte_mempool_get_priv(mp); return mbp_priv->mbuf_priv_size; } --2.25.1