[PATCH] mbuf: fix mbuf operations history recording

Konstantin Ananyev konstantin.ananyev at huawei.com
Wed Apr 29 18:35:59 CEST 2026

Previous message (by thread): [PATCH] mbuf: fix mbuf operations history recording
Next message (by thread): [PATCH 1/4] net/ice: demote path selection logs from NOTICE to DEBUG
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This addresses two bugs in mbuf operations history recording.
> 
> 1. With mbuf operations history recording enabled, when allocating mbufs
> from a mempool failed, the array of fetched mbuf pointers was not set, but
> it was dereferenced for mbuf operations history recording anyway, which
> would trigger a segmentation fault or cause undefined behavior.
> 
> This was fixed by changing how the return value from the mempool
> allocation is checked, so the function returns early on failure, and only
> proceeds on success.
> 
> 2. When allocating a bulk of mbufs using rte_pktmbuf_alloc_bulk(), two
> mbuf library allocation operations were recorded on the mbuf, because the
> function calls rte_mbuf_raw_alloc_bulk() for allocation, and both
> functions record a mbuf library allocation operation.
> 
> This was fixed by not recording a mbuf library allocation operation in
> rte_pktmbuf_alloc_bulk().
> 
> Fixes: d265a24a32a4 ("mbuf: record mbuf operations history")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Morten Brørup <mb at smartsharesystems.com>
> ---
>  lib/mbuf/rte_mbuf.h | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/lib/mbuf/rte_mbuf.h b/lib/mbuf/rte_mbuf.h
> index e7c3bbadd4..60ec8158cd 100644
> --- a/lib/mbuf/rte_mbuf.h
> +++ b/lib/mbuf/rte_mbuf.h
> @@ -663,14 +663,14 @@ static __rte_always_inline int
>  rte_mbuf_raw_alloc_bulk(struct rte_mempool *mp, struct rte_mbuf **mbufs,
> unsigned int count)
>  {
>  	int rc = rte_mempool_get_bulk(mp, (void **)mbufs, count);
> -	if (likely(rc == 0)) {
> -		for (unsigned int idx = 0; idx < count; idx++)
> -			__rte_mbuf_raw_sanity_check_mp(mbufs[idx], mp);
> -	}
> +	if (unlikely(rc))
> +		return rc;
> +	for (unsigned int idx = 0; idx < count; idx++)
> +		__rte_mbuf_raw_sanity_check_mp(mbufs[idx], mp);
> 
>  	rte_mbuf_history_mark_bulk(mbufs, count,
> RTE_MBUF_HISTORY_OP_LIB_ALLOC);
> 
> -	return rc;
> +	return 0;
>  }
> 
>  /**
> @@ -1068,8 +1068,6 @@ static inline int rte_pktmbuf_alloc_bulk(struct
> rte_mempool *pool,
>  	if (unlikely(rc))
>  		return rc;
> 
> -	rte_mbuf_history_mark_bulk(mbufs, count,
> RTE_MBUF_HISTORY_OP_LIB_ALLOC);
> -
>  	rte_mbuf_raw_reset_bulk(pool, mbufs, count);
> 
>  	return 0;
> --

Acked-by: Konstantin Ananyev <konstantin.ananyev at huawei.com>

> 2.43.0

Previous message (by thread): [PATCH] mbuf: fix mbuf operations history recording
Next message (by thread): [PATCH 1/4] net/ice: demote path selection logs from NOTICE to DEBUG
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list