Re: [PATCH v2 08/11] malloc: check result of rte_mem_virt2memseg

Tue, 22 Nov 2022 07:52:50 -0800 

2022-11-21 17:32 (UTC-0500), ok...@kernel.org:
> From: Sinan Kaya <ok...@kernel.org>
> 
> In malloc_elem_find_max_iova_contig result of call to rte_mem_virt2memseg
> is dereferenced here and may be null.
> 
> Signed-off-by: Sinan Kaya <ok...@kernel.org>
> ---
>  lib/eal/common/malloc_elem.c | 11 ++++++++---
>  lib/eal/common/malloc_heap.c |  2 +-
>  2 files changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/lib/eal/common/malloc_elem.c b/lib/eal/common/malloc_elem.c
> index 83f05497cc..8f49812846 100644
> --- a/lib/eal/common/malloc_elem.c
> +++ b/lib/eal/common/malloc_elem.c
> @@ -63,6 +63,8 @@ malloc_elem_find_max_iova_contig(struct malloc_elem *elem, 
> size_t align)
>  
>       cur_page = RTE_PTR_ALIGN_FLOOR(contig_seg_start, page_sz);
>       ms = rte_mem_virt2memseg(cur_page, elem->msl);
> +     if (ms == NULL)
> +             return 0;
>  
>       /* do first iteration outside the loop */
>       page_end = RTE_PTR_ADD(cur_page, page_sz);
> @@ -91,9 +93,12 @@ malloc_elem_find_max_iova_contig(struct malloc_elem *elem, 
> size_t align)
>                        * we're not blowing past data end.
>                        */
>                       ms = rte_mem_virt2memseg(contig_seg_start, elem->msl);
> -                     cur_page = ms->addr;
> -                     /* don't trigger another recalculation */
> -                     expected_iova = ms->iova;
> +                     if (ms != NULL) {
> +                             cur_page = ms->addr;
> +
> +                             /* don't trigger another recalculation */
> +                             expected_iova = ms->iova;
> +                     }
>                       continue;
>               }
>               /* cur_seg_end ends on a page boundary or on data end. if we're
> diff --git a/lib/eal/common/malloc_heap.c b/lib/eal/common/malloc_heap.c
> index 3f41430e42..88270ce4d2 100644
> --- a/lib/eal/common/malloc_heap.c
> +++ b/lib/eal/common/malloc_heap.c
> @@ -930,7 +930,7 @@ malloc_heap_free(struct malloc_elem *elem)
>               const struct rte_memseg *tmp =
>                               rte_mem_virt2memseg(aligned_start, msl);
>  
> -             if (tmp->flags & RTE_MEMSEG_FLAG_DO_NOT_FREE) {
> +             if ((tmp != NULL) && (tmp->flags & 
> RTE_MEMSEG_FLAG_DO_NOT_FREE)) {
>                       /* this is an unfreeable segment, so move start */
>                       aligned_start = RTE_PTR_ADD(tmp->addr, tmp->len);
>               }

In these three places "ms" or "tmp" are from the MSL by construction.
I think RTE_ASSERT() would be sufficient.

Reply via email to