[dpdk-dev] lpm: fix overflow issue

Message ID	19E2A698-96BB-4CFE-9BCE-50AFB815D24B@intel.com (mailing list archive)
State	Not Applicable, archived
Headers	From: "Richardson, Bruce" <bruce.richardson@intel.com> To: Igor Ryzhov <iryzhov@nfware.com> Thread-Topic: [PATCH] lpm: fix overflow issue Thread-Index: AQHQTimsT6rbLqrfD0ik46rtD3zyCpz9Adlk Date: Sun, 22 Feb 2015 18:40:53 +0000 Message-ID: <19E2A698-96BB-4CFE-9BCE-50AFB815D24B@intel.com> References: <1424438206-29526-1-git-send-email-iryzhov@nfware.com>, <CAF+s_FyLywggUfOL55qdkzT=kb=RTQ6DiscOcObTn+6+Q+gH4g@mail.gmail.com> In-Reply-To: <CAF+s_FyLywggUfOL55qdkzT=kb=RTQ6DiscOcObTn+6+Q+gH4g@mail.gmail.com> Accept-Language: en-GB, en-US Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "dev@dpdk.org" <dev@dpdk.org> Subject: Re: [dpdk-dev] [PATCH] lpm: fix overflow issue Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>

Message ID

19E2A698-96BB-4CFE-9BCE-50AFB815D24B@intel.com (mailing list archive)

State

Not Applicable, archived

Headers

From: "Richardson, Bruce" <bruce.richardson@intel.com>
To: Igor Ryzhov <iryzhov@nfware.com>
Thread-Topic: [PATCH] lpm: fix overflow issue
Thread-Index: AQHQTimsT6rbLqrfD0ik46rtD3zyCpz9Adlk
Date: Sun, 22 Feb 2015 18:40:53 +0000
Message-ID: <19E2A698-96BB-4CFE-9BCE-50AFB815D24B@intel.com>
References: <1424438206-29526-1-git-send-email-iryzhov@nfware.com>,
	<CAF+s_FyLywggUfOL55qdkzT=kb=RTQ6DiscOcObTn+6+Q+gH4g@mail.gmail.com>
In-Reply-To: <CAF+s_FyLywggUfOL55qdkzT=kb=RTQ6DiscOcObTn+6+Q+gH4g@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH] lpm: fix overflow issue
Precedence: list
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Commit Message

Bruce Richardson Feb. 22, 2015, 6:40 p.m. UTC

  Sorry I missed this Friday. I'll look at it  shortly.



On 21 Feb 2015, at 22:56, Igor Ryzhov <iryzhov@nfware.com<mailto:iryzhov@nfware.com>> wrote:

Hello again. Will anybody review this patch?
This is really critical issue, because it can lead to memory corruption and break any program using LPM.

CCing this to Bruce Richardson, because he is maintainer of LPM.

Regards,
Igor Ryzhov

On Fri, Feb 20, 2015 at 4:16 PM, Igor Ryzhov <iryzhov@nfware.com<mailto:iryzhov@nfware.com>> wrote:
LPM table overflow may occur if table is full and added rule has the biggest depth that already have some rules.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com<mailto:iryzhov@nfware.com>>
---
 lib/librte_lpm/rte_lpm.c | 3 +++
 1 file changed, 3 insertions(+)

--
1.9.3 (Apple Git-50)




--
Regards,
Igor Ryzhov

Comments

Igor Ryzhov Feb. 22, 2015, 6:47 p.m. UTC | #1

Great. The easiest way to reproduce the issue is to fill LPM table with
rules using only one depth and try to add another one rule with same depth.
Rule will be successfully added and memory will be corrupted.

воскресенье, 22 февраля 2015 г. пользователь Richardson, Bruce написал:

> Sorry I missed this Friday. I'll look at it  shortly.
>
>
>
> On 21 Feb 2015, at 22:56, Igor Ryzhov <iryzhov@nfware.com <javascript:;>
> <mailto:iryzhov@nfware.com <javascript:;>>> wrote:
>
> Hello again. Will anybody review this patch?
> This is really critical issue, because it can lead to memory corruption
> and break any program using LPM.
>
> CCing this to Bruce Richardson, because he is maintainer of LPM.
>
> Regards,
> Igor Ryzhov
>
> On Fri, Feb 20, 2015 at 4:16 PM, Igor Ryzhov <iryzhov@nfware.com
> <javascript:;><mailto:iryzhov@nfware.com <javascript:;>>> wrote:
> LPM table overflow may occur if table is full and added rule has the
> biggest depth that already have some rules.
>
> Signed-off-by: Igor Ryzhov <iryzhov@nfware.com <javascript:;><mailto:
> iryzhov@nfware.com <javascript:;>>>
> ---
>  lib/librte_lpm/rte_lpm.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/lib/librte_lpm/rte_lpm.c b/lib/librte_lpm/rte_lpm.c
> index 983e04b..cc51210 100644
> --- a/lib/librte_lpm/rte_lpm.c
> +++ b/lib/librte_lpm/rte_lpm.c
> @@ -298,6 +298,9 @@ rule_add(struct rte_lpm *lpm, uint32_t ip_masked,
> uint8_t depth,
>                                 return rule_index;
>                         }
>                 }
> +
> +               if (rule_index == lpm->max_rules)
> +                       return -ENOSPC;
>         } else {
>                 /* Calculate the position in which the rule will be
> stored. */
>                 rule_index = 0;
> --
> 1.9.3 (Apple Git-50)
>
>
>
>
> --
> Regards,
> Igor Ryzhov
>

diff mbox

Patch

diff --git a/lib/librte_lpm/rte_lpm.c b/lib/librte_lpm/rte_lpm.c
index 983e04b..cc51210 100644
--- a/lib/librte_lpm/rte_lpm.c
+++ b/lib/librte_lpm/rte_lpm.c
@@ -298,6 +298,9 @@  rule_add(struct rte_lpm *lpm, uint32_t ip_masked, uint8_t depth,
                                return rule_index;
                        }
                }
+
+               if (rule_index == lpm->max_rules)
+                       return -ENOSPC;
        } else {
                /* Calculate the position in which the rule will be stored. */
                rule_index = 0;