summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKingwel Xie <kingwel.xie@ericsson.com>2018-11-10 02:56:00 -0500
committerKingwel Xie <kingwel.xie@ericsson.com>2018-11-10 02:56:00 -0500
commit5efaeee40c9e7790e57bcf90642f66a15c111334 (patch)
tree6e6dfbfffcb7aa3f7850fa294cce4a0da5d48ac1
parentdfb5f2aff3675b3d70ba024dfd367c688ea1def6 (diff)
pmalloc: u32 pp->index leads to va address overrun
when pagesize is 1G, this pm->base + (pp->index << pm->def_log2_page_sz) would very soon overrun if creating multiple mempools add a (uword) to it Change-Id: If769b99d344cc3f547418a242a7497d044071615 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
-rw-r--r--src/vppinfra/pmalloc.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/vppinfra/pmalloc.c b/src/vppinfra/pmalloc.c
index 62b4f60c2eb..e11d27ef77b 100644
--- a/src/vppinfra/pmalloc.c
+++ b/src/vppinfra/pmalloc.c
@@ -359,6 +359,7 @@ pmalloc_map_pages (clib_pmalloc_main_t * pm, clib_pmalloc_arena_t * a,
pp->n_free_blocks = 1 << (pm->def_log2_page_sz - PMALLOC_LOG2_BLOCK_SZ);
pp->index = pp - pm->pages;
pp->arena_index = a->index;
+ pp->pa = (uword) va + (1 << pm->def_log2_page_sz) * i;
vec_add1 (a->page_indices, pp->index);
a->n_pages++;
}
@@ -428,7 +429,7 @@ clib_pmalloc_create_shared_arena (clib_pmalloc_main_t * pm, char *name,
return 0;
}
- return pm->base + (pp->index << pm->def_log2_page_sz);
+ return pm->base + ((uword) pp->index << pm->def_log2_page_sz);
}
static inline void *