https://bugs.dpdk.org/show_bug.cgi?id=248
Bug ID: 248
Summary: Bonding PMD: Invalid array dimension in TX burst for
802.3ad mode with fast queue leads to SEGFAULT
Product: DPDK
Version: 18.11
Hardware: All
OS: All
Status: CONFIRMED
Severity: major
Priority: Normal
Component: ethdev
Assignee: dev@dpdk.org
Reporter: p.oltarzew...@gmail.com
Target Milestone: ---
DPDK 18.11.1
In drivers/net/bonding/rte_eth_bond_pmd.c::bond_ethdev_tx_burst_8023ad,
bufs_slave_port_idxs array is defined as follows (lines 1293-1294):
/* Mapping array generated by hash function to map mbufs to slaves */
uint16_t bufs_slave_port_idxs[RTE_MAX_ETHPORTS] = { 0 };
Array dimension should be equal to number of packets being transmitted
(nb_pkts) - as correctly implemented in
rte_eth_bond_pmd.c::bond_ethdev_tx_burst_balance.
Invalid array dimension causes overflow when number of transmitted packets is
greater than RTE_MAX_ETHPORTS. Some areas of memory end up overwritten (in my
particular case, slave_nb_bufs array), which leads to SIGSEGV and crash.
To work around the issue, ensure that number of packets transmitted in a single
burst is no greater than RTE_MAX_ETHPORTS.
To fix it, it should be sufficient to define bufs_slave_port_idxs as a
variable-length array, as in bond_ethdev_tx_burst_balance:
/* Mapping array generated by hash function to map mbufs to slaves */
uint16_t bufs_slave_port_idxs[nb_bufs];
--
You are receiving this mail because:
You are the assignee for the bug.
