Message ID | 1465398627-35022-1-git-send-email-sergio.gonzalez.monroy@intel.com (mailing list archive) |
---|---|
State | Superseded, archived |
Delegated to: | Thomas Monjalon |
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id E90A7AF84; Wed, 8 Jun 2016 17:10:48 +0200 (CEST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id D2BDEADEA for <dev@dpdk.org>; Wed, 8 Jun 2016 17:10:46 +0200 (CEST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga104.fm.intel.com with ESMTP; 08 Jun 2016 08:10:45 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,439,1459839600"; d="scan'208";a="997874602" Received: from sie-lab-212-209.ir.intel.com (HELO silpixa00377983.ir.intel.com) ([10.237.212.209]) by fmsmga002.fm.intel.com with ESMTP; 08 Jun 2016 08:10:29 -0700 From: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com> To: dev@dpdk.org Date: Wed, 8 Jun 2016 16:10:27 +0100 Message-Id: <1465398627-35022-1-git-send-email-sergio.gonzalez.monroy@intel.com> X-Mailer: git-send-email 2.4.11 Subject: [dpdk-dev] [PATCH] mempool: fix local cache initialization X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Commit Message
Sergio Gonzalez Monroy
June 8, 2016, 3:10 p.m. UTC
The mempool local cache is not being initialize properly leading to
undefined behavior in cases where the allocated memory was used and left
with data.
Fixes: af75078fece3 ("first public release")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
lib/librte_mempool/rte_mempool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Hi Sergio, Good catch, thanks. The patch looks ok, just few comments on the commit log: On 06/08/2016 05:10 PM, Sergio Gonzalez Monroy wrote: > The mempool local cache is not being initialize properly leading to 'initialize' -> 'initialized' ? and maybe 'is not being' -> 'was not' ? > undefined behavior in cases where the allocated memory was used and left > with data. > > Fixes: af75078fece3 ("first public release") I think it fixes this one instead: 213af31e0960 ("mempool: reduce structure size if no cache needed") > > Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com> > --- > lib/librte_mempool/rte_mempool.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/librte_mempool/rte_mempool.c b/lib/librte_mempool/rte_mempool.c > index b54de43..216514c 100644 > --- a/lib/librte_mempool/rte_mempool.c > +++ b/lib/librte_mempool/rte_mempool.c > @@ -787,7 +787,7 @@ rte_mempool_create_empty(const char *name, unsigned n, unsigned elt_size, > > /* init the mempool structure */ > mp = mz->addr; > - memset(mp, 0, sizeof(*mp)); > + memset(mp, 0, MEMPOOL_HEADER_SIZE(mp, cache_size)); > ret = snprintf(mp->name, sizeof(mp->name), "%s", name); > if (ret < 0 || ret >= (int)sizeof(mp->name)) { > rte_errno = ENAMETOOLONG; >
Hi Olivier, On 08/06/2016 20:14, Olivier Matz wrote: > Hi Sergio, > > Good catch, thanks. The patch looks ok, just few comments > on the commit log: > > On 06/08/2016 05:10 PM, Sergio Gonzalez Monroy wrote: >> The mempool local cache is not being initialize properly leading to > 'initialize' -> 'initialized' ? > and maybe 'is not being' -> 'was not' ? > >> undefined behavior in cases where the allocated memory was used and left >> with data. >> >> Fixes: af75078fece3 ("first public release") > I think it fixes this one instead: > > 213af31e0960 ("mempool: reduce structure size if no cache needed") Fair enough, I thought the issue was there as we never initialized/zeroed the local cache on mempool creation. Usually we would have allocated all mempools on init (or close) and that would be it (initially all memory would be zeroed), but I think you could still manage to reproduce the problem if somehow you where to do something like: rte_malloc(), rte_free(), rte_mempool_create() and the memory was the one we got with malloc and never gets zeroed again. Sergio
Hi Sergio, On 06/09/2016 09:57 AM, Sergio Gonzalez Monroy wrote: > Hi Olivier, > > On 08/06/2016 20:14, Olivier Matz wrote: >> Hi Sergio, >> >> Good catch, thanks. The patch looks ok, just few comments >> on the commit log: >> >> On 06/08/2016 05:10 PM, Sergio Gonzalez Monroy wrote: >>> The mempool local cache is not being initialize properly leading to >> 'initialize' -> 'initialized' ? >> and maybe 'is not being' -> 'was not' ? >> >>> undefined behavior in cases where the allocated memory was used and left >>> with data. >>> >>> Fixes: af75078fece3 ("first public release") >> I think it fixes this one instead: >> >> 213af31e0960 ("mempool: reduce structure size if no cache needed") > > Fair enough, I thought the issue was there as we never > initialized/zeroed the local cache > on mempool creation. Usually we would have allocated all mempools on > init (or close) > and that would be it (initially all memory would be zeroed), but I think > you could still > manage to reproduce the problem if somehow you where to do something like: > rte_malloc(), rte_free(), rte_mempool_create() and the memory was the > one we got > with malloc and never gets zeroed again. Before Keith's commit (213af31e0960), the local cache was initialized when doing the memset() because it was included in the mempool structure. So I think the problem did not exist before this patch. Or did I miss something in your explanation? Regards, Olivier
On 09/06/2016 09:03, Olivier Matz wrote: > Hi Sergio, > > On 06/09/2016 09:57 AM, Sergio Gonzalez Monroy wrote: >> Hi Olivier, >> >> On 08/06/2016 20:14, Olivier Matz wrote: >>> Hi Sergio, >>> >>> Good catch, thanks. The patch looks ok, just few comments >>> on the commit log: >>> >>> On 06/08/2016 05:10 PM, Sergio Gonzalez Monroy wrote: >>>> The mempool local cache is not being initialize properly leading to >>> 'initialize' -> 'initialized' ? >>> and maybe 'is not being' -> 'was not' ? >>> >>>> undefined behavior in cases where the allocated memory was used and left >>>> with data. >>>> >>>> Fixes: af75078fece3 ("first public release") >>> I think it fixes this one instead: >>> >>> 213af31e0960 ("mempool: reduce structure size if no cache needed") >> Fair enough, I thought the issue was there as we never >> initialized/zeroed the local cache >> on mempool creation. Usually we would have allocated all mempools on >> init (or close) >> and that would be it (initially all memory would be zeroed), but I think >> you could still >> manage to reproduce the problem if somehow you where to do something like: >> rte_malloc(), rte_free(), rte_mempool_create() and the memory was the >> one we got >> with malloc and never gets zeroed again. > Before Keith's commit (213af31e0960), the local cache was initialized > when doing the memset() because it was included in the mempool > structure. So I think the problem did not exist before this patch. > Or did I miss something in your explanation? > > Regards, > Olivier You are spot on! I did look at a wrong commit when checking for the old mempool struct. Cheers, Sergio
diff --git a/lib/librte_mempool/rte_mempool.c b/lib/librte_mempool/rte_mempool.c index b54de43..216514c 100644 --- a/lib/librte_mempool/rte_mempool.c +++ b/lib/librte_mempool/rte_mempool.c @@ -787,7 +787,7 @@ rte_mempool_create_empty(const char *name, unsigned n, unsigned elt_size, /* init the mempool structure */ mp = mz->addr; - memset(mp, 0, sizeof(*mp)); + memset(mp, 0, MEMPOOL_HEADER_SIZE(mp, cache_size)); ret = snprintf(mp->name, sizeof(mp->name), "%s", name); if (ret < 0 || ret >= (int)sizeof(mp->name)) { rte_errno = ENAMETOOLONG;