Commit 7d24e2a4 authored Jul 05, 2018 by Daniel Verkamp

env_dpdk: fix mem_map translation for sizes >2MB



Add a check to prevent spdk_mem_map_set_translation() or
spdk_mem_map_clear_translation() calls that start within the valid
address range but specify a size that would access parts of the mem map
outside of the valid region.

spdk_mem_map_translate() is safe without any extra checks since it only
accesses the first entry regardless of size, and the MASK_256TB check
catches out-of-range accesses to that entry.

Change-Id: Ie1437e57b5158363bb98a6b42a26fb41a089bbad
Signed-off-by: Daniel Verkamp <daniel.verkamp@intel.com>
Reviewed-on: https://review.gerrithub.io/418106


Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Tested-by: SPDK Automated Test System <sys_sgsw@intel.com>

parent 7ac8b609

lib/env_dpdk/memory.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -360,6 +360,10 @@ spdk_mem_map_get_map_1gb(struct spdk_mem_map *map, uint64_t vfn_2mb)
		uint64_t idx_256tb = MAP_256TB_IDX(vfn_2mb);
		size_t i;

		if (spdk_unlikely(idx_256tb >= SPDK_COUNTOF(map->map_256tb.map))) {
		return NULL;
		}

		map_1gb = map->map_256tb.map[idx_256tb];

		if (!map_1gb) {

test/env/memory/memory_ut.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -193,6 +193,10 @@ test_mem_map_translation(void)
		rc = spdk_mem_map_set_translation(map, 0x1000000000000ULL, VALUE_2MB, 0x5678);
		CU_ASSERT(rc == -EINVAL);

		/* Attempt to set translation starting at a valid address but exceeding the valid range */
		rc = spdk_mem_map_set_translation(map, 0xffffffe00000ULL, VALUE_2MB * 2, 0x123123);
		CU_ASSERT(rc != 0);

		spdk_mem_map_free(&map);
		CU_ASSERT(map == NULL);
		}

Admin message