[PATCH] fib: fix vector lookup
    Vladimir Medvedkin 
    vladimir.medvedkin at intel.com
       
    Fri Sep  6 19:04:36 CEST 2024
    
    
  
Vector lookup uses gather instructions which loads data in 4byte chunks.
This could lead to out of bounds access at the end of the tbl24 in case
of 1 or 2 byte entries if e.g. lookup is attempted for 255.255.255.255
in IPv4 case.
This patch fixes potential out of bound access by gather instruction
allocating an extra 4 byte in the end of the tbl24.
Fixes: 7dc7868b200d ("fib: add DIR24-8 dataplane algorithm")
Fixes: c3e12e0f0354 ("fib: add dataplane algorithm for IPv6")
Cc: stable at dpdk.org
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin at intel.com>
---
 lib/fib/dir24_8.c | 4 ++--
 lib/fib/trie.c    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/fib/dir24_8.c b/lib/fib/dir24_8.c
index c739e92304..07c324743b 100644
--- a/lib/fib/dir24_8.c
+++ b/lib/fib/dir24_8.c
@@ -526,8 +526,8 @@ dir24_8_create(const char *name, int socket_id, struct rte_fib_conf *fib_conf)
 
 	snprintf(mem_name, sizeof(mem_name), "DP_%s", name);
 	dp = rte_zmalloc_socket(name, sizeof(struct dir24_8_tbl) +
-		DIR24_8_TBL24_NUM_ENT * (1 << nh_sz), RTE_CACHE_LINE_SIZE,
-		socket_id);
+		DIR24_8_TBL24_NUM_ENT * (1 << nh_sz) + sizeof(uint32_t),
+		RTE_CACHE_LINE_SIZE, socket_id);
 	if (dp == NULL) {
 		rte_errno = ENOMEM;
 		return NULL;
diff --git a/lib/fib/trie.c b/lib/fib/trie.c
index 09470e7287..265135c57d 100644
--- a/lib/fib/trie.c
+++ b/lib/fib/trie.c
@@ -645,8 +645,8 @@ trie_create(const char *name, int socket_id,
 
 	snprintf(mem_name, sizeof(mem_name), "DP_%s", name);
 	dp = rte_zmalloc_socket(name, sizeof(struct rte_trie_tbl) +
-		TRIE_TBL24_NUM_ENT * (1 << nh_sz), RTE_CACHE_LINE_SIZE,
-		socket_id);
+		TRIE_TBL24_NUM_ENT * (1 << nh_sz) + sizeof(uint32_t),
+		RTE_CACHE_LINE_SIZE, socket_id);
 	if (dp == NULL) {
 		rte_errno = ENOMEM;
 		return dp;
-- 
2.34.1
    
    
More information about the dev
mailing list