[PATCH] rte_memcpy: fix off by one for size 16 and 32

Mattias Rönnblom hofors at lysator.liu.se
Sun Mar 3 07:46:25 CET 2024

Previous message (by thread): [PATCH] rte_memcpy: fix off by one for size 16 and 32
Next message (by thread): [PATCH] rte_memcpy: fix off by one for size 16 and 32
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2024-03-02 21:56, Stephen Hemminger wrote:
> On Sat,  2 Mar 2024 12:49:23 -0800
> Stephen Hemminger <stephen at networkplumber.org> wrote:
> 
>> The rte_memcpy code would do extra instructions for size 16
>> and 32 which potentially could reference past end of data.
>>
>> For size of 16, only single mov16 is needed.
>> same for size of 32, only single mov32.
>>
>> Fixes: f5472703c0bd ("eal: optimize aligned memcpy on x86")
>> Fixes: d35cc1fe6a7a ("eal/x86: revert select optimized memcpy at run-time")
>>
>> Suggested-by: Morten Brørup <mb at smartsharesystems.com>
>> Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
> 
> Self-NAK, more is needed here.
> 
> The code has lots of pre-existing bugs where it will reference past the end
> of the data in some cases.

Memory beyond the buffer is not accessed in this case. The rte_mov16() 
copies just overlap.

A colleague pointed out the same "bug" to me a couple of years ago. We 
didn't realize what code would be generated in the n == 16 case though. 
That seems very much worth fixing.

Maybe it's worth adding a comment regarding the overlap.

Previous message (by thread): [PATCH] rte_memcpy: fix off by one for size 16 and 32
Next message (by thread): [PATCH] rte_memcpy: fix off by one for size 16 and 32
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list