[dpdk-dev] [PATCH] net/bonding: fix double fetch for active_slave_count
Chas Williams
3chas3 at gmail.com
Fri Nov 30 04:27:03 CET 2018
I guess this is slightly more correct. There is still a race here though.
After you make your copy of active_slave_count, the number of active
slaves could go to 0 and the memcpy() would copy an invalid element,
acitve_slaves[0]. There is no simple fix to this problem. Your patch
reduces the opportunity for a race but doesn't eliminate it.
What you are using this API for?
On 11/29/18 12:32 AM, Haifeng Lin wrote:
> 1. when memcpy slaves the internals->active_slave_count 1
> 2. return internals->active_slave_count is 2
> 3. the slaves[1] would be a random invalid value
>
> Signed-off-by: Haifeng Lin <haifeng.lin at huawei.com>
> ---
> drivers/net/bonding/rte_eth_bond_api.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/bonding/rte_eth_bond_api.c b/drivers/net/bonding/rte_eth_bond_api.c
> index 21bcd50..ed7b02e 100644
> --- a/drivers/net/bonding/rte_eth_bond_api.c
> +++ b/drivers/net/bonding/rte_eth_bond_api.c
> @@ -815,6 +815,7 @@
> uint16_t len)
> {
> struct bond_dev_private *internals;
> + uint16_t active_slave_count;
>
> if (valid_bonded_port_id(bonded_port_id) != 0)
> return -1;
> @@ -824,13 +825,14 @@
>
> internals = rte_eth_devices[bonded_port_id].data->dev_private;
>
> - if (internals->active_slave_count > len)
> + active_slave_count = internals->active_slave_count;
> + if (active_slave_count > len)
> return -1;
>
> memcpy(slaves, internals->active_slaves,
> - internals->active_slave_count * sizeof(internals->active_slaves[0]));
> + active_slave_count * sizeof(internals->active_slaves[0]));
>
> - return internals->active_slave_count;
> + return active_slave_count;
> }
>
> int
>
More information about the dev
mailing list