|SUCCESS| mbuf: fix mbuf operations history recording

dpdklab at iol.unh.edu dpdklab at iol.unh.edu
Mon Apr 20 02:42:11 CEST 2026

Previous message (by thread): |SUCCESS| mbuf: fix mbuf operations history recording
Next message (by thread): |WARNING| pw163210 [PATCH] mbuf: fix mbuf operations history recordi
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Test-Label: ai-code-review
Test-Status: SUCCESS
https://dpdk.org/patch/163210

_AI Code Review_

=== Patch Review: series.patch (via Claude) ===
Review date: 2026-04-20

Reviewed commit from the patch file.

Author: Morten Brorup <mb at smartsharesystems.com>
Subject: [PATCH] mbuf: fix mbuf operations history recording

This patch addresses two bugs in mbuf operations history recording:
First, when mempool allocation fails, the code would dereference an
unset mbuf pointer array, risking a segfault. Second, bulk allocation
through rte_pktmbuf_alloc_bulk() recorded the operation twice because
it calls rte_mbuf_raw_alloc_bulk(), and both functions recorded the
same operation.

> diff --git a/lib/mbuf/rte_mbuf.h b/lib/mbuf/rte_mbuf.h
> index e7c3bbadd4..60ec8158cd 100644
> --- a/lib/mbuf/rte_mbuf.h
> +++ b/lib/mbuf/rte_mbuf.h

[ ... ]

> @@ -663,14 +663,14 @@ static __rte_always_inline int
>  rte_mbuf_raw_alloc_bulk(struct rte_mempool *mp, struct rte_mbuf **mbufs, unsigned int count)
>  {
>  	int rc = rte_mempool_get_bulk(mp, (void **)mbufs, count);
> -	if (likely(rc == 0)) {
> -		for (unsigned int idx = 0; idx < count; idx++)
> -			__rte_mbuf_raw_sanity_check_mp(mbufs[idx], mp);
> -	}
> +	if (unlikely(rc))
> +		return rc;

Does this fix the first bug described in the commit message? The
original code only dereferenced mbufs[] when rc == 0 (success). With
or without this change, when rte_mempool_get_bulk() fails (rc != 0),
the mbufs[] array is never dereferenced. Can you clarify where the
use-before-set issue occurs?

> +	for (unsigned int idx = 0; idx < count; idx++)
> +		__rte_mbuf_raw_sanity_check_mp(mbufs[idx], mp);
>  
>  	rte_mbuf_history_mark_bulk(mbufs, count, RTE_MBUF_HISTORY_OP_LIB_ALLOC);
>  
> -	return rc;
> +	return 0;
>  }

[ ... ]

> @@ -1068,8 +1068,6 @@ static inline int rte_pktmbuf_alloc_bulk(struct rte_mempool *pool,
>  	if (unlikely(rc))
>  		return rc;
>  
> -	rte_mbuf_history_mark_bulk(mbufs, count, RTE_MBUF_HISTORY_OP_LIB_ALLOC);
> -
>  	rte_mbuf_raw_reset_bulk(pool, mbufs, count);
>  
>  	return 0;

The removal of the duplicate recording in rte_pktmbuf_alloc_bulk()
makes sense since rte_mbuf_raw_alloc_bulk() already records the
operation.

Previous message (by thread): |SUCCESS| mbuf: fix mbuf operations history recording
Next message (by thread): |WARNING| pw163210 [PATCH] mbuf: fix mbuf operations history recordi
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the test-report mailing list