Vector lookup uses gather instructions which loads data in 4byte chunks.
This could lead to out of bounds access at the end of the tbl24 in case
of 1 or 2 byte entries if e.g. lookup is attempted for 255.255.255.255
in IPv4 case.
This patch fixes potential out of bound access by gather instruction
allocating an extra 4 byte in the end of the tbl24.
Fixes: 7dc7868b200d ("fib: add DIR24-8 dataplane algorithm")
Fixes: c3e12e0f0354 ("fib: add dataplane algorithm for IPv6")
Cc: sta...@dpdk.org
Signed-off-by: Vladimir Medvedkin <vladimir.medved...@intel.com>
---
lib/fib/dir24_8.c | 4 ++--
lib/fib/trie.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/fib/dir24_8.c b/lib/fib/dir24_8.c
index c739e92304..07c324743b 100644
--- a/lib/fib/dir24_8.c
+++ b/lib/fib/dir24_8.c
@@ -526,8 +526,8 @@ dir24_8_create(const char *name, int socket_id, struct
rte_fib_conf *fib_conf)
snprintf(mem_name, sizeof(mem_name), "DP_%s", name);
dp = rte_zmalloc_socket(name, sizeof(struct dir24_8_tbl) +
- DIR24_8_TBL24_NUM_ENT * (1 << nh_sz), RTE_CACHE_LINE_SIZE,
- socket_id);
+ DIR24_8_TBL24_NUM_ENT * (1 << nh_sz) + sizeof(uint32_t),
+ RTE_CACHE_LINE_SIZE, socket_id);
if (dp == NULL) {
rte_errno = ENOMEM;
return NULL;
diff --git a/lib/fib/trie.c b/lib/fib/trie.c
index 09470e7287..265135c57d 100644
--- a/lib/fib/trie.c
+++ b/lib/fib/trie.c
@@ -645,8 +645,8 @@ trie_create(const char *name, int socket_id,
snprintf(mem_name, sizeof(mem_name), "DP_%s", name);
dp = rte_zmalloc_socket(name, sizeof(struct rte_trie_tbl) +
- TRIE_TBL24_NUM_ENT * (1 << nh_sz), RTE_CACHE_LINE_SIZE,
- socket_id);
+ TRIE_TBL24_NUM_ENT * (1 << nh_sz) + sizeof(uint32_t),
+ RTE_CACHE_LINE_SIZE, socket_id);
if (dp == NULL) {
rte_errno = ENOMEM;
return dp;
--
2.34.1
