[PATCH v2] net/memif: fix buffer overflow in zero copy Rx

Ferruh Yigit ferruh.yigit at amd.com
Thu Oct 10 04:33:09 CEST 2024

Previous message (by thread): [PATCH v2] net/memif: fix buffer overflow in zero copy Rx
Next message (by thread): [PATCH] net/nfp: fix duplicate call to rte_free
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/28/2024 10:01 PM, Mihai Brodschi wrote:
> rte_pktmbuf_alloc_bulk is called by the zero-copy receiver to allocate
> new mbufs to be provided to the sender. The allocated mbuf pointers
> are stored in a ring, but the alloc function doesn't implement index
> wrap-around, so it writes past the end of the array. This results in
> memory corruption and duplicate mbufs being received.
> 
> Allocate 2x the space for the mbuf ring, so that the alloc function
> has a contiguous array to write to, then copy the excess entries
> to the start of the array.
> 
> Fixes: 43b815d88188 ("net/memif: support zero-copy slave")
> Cc: stable at dpdk.org
>
> Signed-off-by: Mihai Brodschi <mihai.brodschi at broadcom.com>
>

Reviewed-by: Ferruh Yigit <ferruh.yigit at amd.com>

Applied to dpdk-next-net/main, thanks.

Previous message (by thread): [PATCH v2] net/memif: fix buffer overflow in zero copy Rx
Next message (by thread): [PATCH] net/nfp: fix duplicate call to rte_free
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list