[dpdk-dev] [PATCH] mbuf: fix reset on mbuf free
Ananyev, Konstantin
konstantin.ananyev at intel.com
Thu Nov 5 01:15:49 CET 2020
Hi Olivier,
> m->nb_seg must be reset on mbuf free whatever the value of m->next,
> because it can happen that m->nb_seg is != 1. For instance in this
> case:
>
> m1 = rte_pktmbuf_alloc(mp);
> rte_pktmbuf_append(m1, 500);
> m2 = rte_pktmbuf_alloc(mp);
> rte_pktmbuf_append(m2, 500);
> rte_pktmbuf_chain(m1, m2);
> m0 = rte_pktmbuf_alloc(mp);
> rte_pktmbuf_append(m0, 500);
> rte_pktmbuf_chain(m0, m1);
>
> As rte_pktmbuf_chain() does not reset nb_seg in the initial m1
> segment (this is not required), after this code the mbuf chain
> have 3 segments:
> - m0: next=m1, nb_seg=3
> - m1: next=m2, nb_seg=2
> - m2: next=NULL, nb_seg=1
>
> Freeing this mbuf chain will not restore nb_seg=1 in the second
> segment.
Hmm, not sure why is that?
You are talking about freeing m1, right?
rte_pktmbuf_prefree_seg(struct rte_mbuf *m)
{
...
if (m->next != NULL) {
m->next = NULL;
m->nb_segs = 1;
}
m1->next != NULL, so it will enter the if() block,
and will reset both next and nb_segs.
What I am missing here?
Thinking in more generic way, that change:
- if (m->next != NULL) {
- m->next = NULL;
- m->nb_segs = 1;
- }
+ m->next = NULL;
+ m->nb_segs = 1;
Assumes that it is ok to have an mbuf with
nb_seg > 1 and next == NULL.
Which seems wrong to me.
Konstantin
>This is expected that mbufs stored in pool have their
> nb_seg field set to 1.
>
> Fixes: 8f094a9ac5d7 ("mbuf: set mbuf fields while in pool")
> Cc: stable at dpdk.org
>
> Signed-off-by: Olivier Matz <olivier.matz at 6wind.com>
> ---
> lib/librte_mbuf/rte_mbuf.c | 6 ++----
> lib/librte_mbuf/rte_mbuf.h | 12 ++++--------
> 2 files changed, 6 insertions(+), 12 deletions(-)
>
> diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
> index 8a456e5e64..e632071c23 100644
> --- a/lib/librte_mbuf/rte_mbuf.c
> +++ b/lib/librte_mbuf/rte_mbuf.c
> @@ -129,10 +129,8 @@ rte_pktmbuf_free_pinned_extmem(void *addr, void *opaque)
>
> rte_mbuf_ext_refcnt_set(m->shinfo, 1);
> m->ol_flags = EXT_ATTACHED_MBUF;
> - if (m->next != NULL) {
> - m->next = NULL;
> - m->nb_segs = 1;
> - }
> + m->next = NULL;
> + m->nb_segs = 1;
> rte_mbuf_raw_free(m);
> }
>
> diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
> index a1414ed7cd..ef5800c8ef 100644
> --- a/lib/librte_mbuf/rte_mbuf.h
> +++ b/lib/librte_mbuf/rte_mbuf.h
> @@ -1329,10 +1329,8 @@ rte_pktmbuf_prefree_seg(struct rte_mbuf *m)
> return NULL;
> }
>
> - if (m->next != NULL) {
> - m->next = NULL;
> - m->nb_segs = 1;
> - }
> + m->next = NULL;
> + m->nb_segs = 1;
>
> return m;
>
> @@ -1346,10 +1344,8 @@ rte_pktmbuf_prefree_seg(struct rte_mbuf *m)
> return NULL;
> }
>
> - if (m->next != NULL) {
> - m->next = NULL;
> - m->nb_segs = 1;
> - }
> + m->next = NULL;
> + m->nb_segs = 1;
> rte_mbuf_refcnt_set(m, 1);
>
> return m;
> --
> 2.25.1
More information about the dev
mailing list