[PATCH RESEND v2 08/11] malloc: check result of rte_mem_virt2memseg

Tue, 22 Nov 2022 07:31:48 -0800 

From: Sinan Kaya <ok...@kernel.org>

In malloc_elem_find_max_iova_contig result of call to rte_mem_virt2memseg
is dereferenced here and may be null.

Signed-off-by: Sinan Kaya <ok...@kernel.org>
---
 lib/eal/common/malloc_elem.c | 11 ++++++++---
 lib/eal/common/malloc_heap.c |  2 +-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/eal/common/malloc_elem.c b/lib/eal/common/malloc_elem.c
index 83f05497cc..8f49812846 100644
--- a/lib/eal/common/malloc_elem.c
+++ b/lib/eal/common/malloc_elem.c
@@ -63,6 +63,8 @@ malloc_elem_find_max_iova_contig(struct malloc_elem *elem, 
size_t align)
 
        cur_page = RTE_PTR_ALIGN_FLOOR(contig_seg_start, page_sz);
        ms = rte_mem_virt2memseg(cur_page, elem->msl);
+       if (ms == NULL)
+               return 0;
 
        /* do first iteration outside the loop */
        page_end = RTE_PTR_ADD(cur_page, page_sz);
@@ -91,9 +93,12 @@ malloc_elem_find_max_iova_contig(struct malloc_elem *elem, 
size_t align)
                         * we're not blowing past data end.
                         */
                        ms = rte_mem_virt2memseg(contig_seg_start, elem->msl);
-                       cur_page = ms->addr;
-                       /* don't trigger another recalculation */
-                       expected_iova = ms->iova;
+                       if (ms != NULL) {
+                               cur_page = ms->addr;
+
+                               /* don't trigger another recalculation */
+                               expected_iova = ms->iova;
+                       }
                        continue;
                }
                /* cur_seg_end ends on a page boundary or on data end. if we're
diff --git a/lib/eal/common/malloc_heap.c b/lib/eal/common/malloc_heap.c
index 3f41430e42..88270ce4d2 100644
--- a/lib/eal/common/malloc_heap.c
+++ b/lib/eal/common/malloc_heap.c
@@ -930,7 +930,7 @@ malloc_heap_free(struct malloc_elem *elem)
                const struct rte_memseg *tmp =
                                rte_mem_virt2memseg(aligned_start, msl);
 
-               if (tmp->flags & RTE_MEMSEG_FLAG_DO_NOT_FREE) {
+               if ((tmp != NULL) && (tmp->flags & 
RTE_MEMSEG_FLAG_DO_NOT_FREE)) {
                        /* this is an unfreeable segment, so move start */
                        aligned_start = RTE_PTR_ADD(tmp->addr, tmp->len);
                }
-- 
2.25.1

Reply via email to