From eb5a08e91d3d7d0f9fc97aeedcbcc02b7a8b753a Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Sat, 13 Mar 2021 20:48:35 +0500 Subject: svm: fix svm queue overwrite while adding 2 elements Adding two elements to the full svm queue passes exact bounds check, therefore tail gets overwritten w/o any waiting. Fix it with requiring at lease two free slots. Type: fix Signed-off-by: Vladislav Grishenko Change-Id: I704ee606c47b523952cb965f848339ae1988cb60 --- src/svm/queue.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/svm/queue.c b/src/svm/queue.c index 864d97e3de4..78444d8ede4 100644 --- a/src/svm/queue.c +++ b/src/svm/queue.c @@ -323,14 +323,14 @@ svm_queue_add2 (svm_queue_t * q, u8 * elem, u8 * elem2, int nowait) else svm_queue_lock (q); - if (PREDICT_FALSE (q->cursize + 1 == q->maxsize)) + if (PREDICT_FALSE (q->cursize + 1 >= q->maxsize)) { if (nowait) { svm_queue_unlock (q); return (-2); } - while (q->cursize + 1 == q->maxsize) + while (q->cursize + 1 >= q->maxsize) svm_queue_wait_inline (q); } -- cgit 1.2.3-korg