From a713254d689deee1718bb515c3961bf4ed435504 Mon Sep 17 00:00:00 2001 From: Andrew Yourtchenko Date: Wed, 19 Sep 2018 15:50:55 +0200 Subject: bihash template: reinstate the check for the available memory in the arena ffb14b9554afa1e58c3657e0c91dda3135008274 has changed the semantics of alloc_arena_next to become an offset off alloc_arena, but in the available memory check in BV (alloc_aligned) it still treats it as a virtual address, resulting in the check always succeeding, thus over a prolonged period bihash arena allocator potentially overwriting whatever is following the arena. Change-Id: I18882c5f340ca767a389e15cca2696a0a97ef015 Signed-off-by: Andrew Yourtchenko --- src/vppinfra/bihash_template.c | 2 +- src/vppinfra/bihash_template.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/vppinfra') diff --git a/src/vppinfra/bihash_template.c b/src/vppinfra/bihash_template.c index 882f81cc14b..2571c47e64c 100644 --- a/src/vppinfra/bihash_template.c +++ b/src/vppinfra/bihash_template.c @@ -26,7 +26,7 @@ static inline void *BV (alloc_aligned) (BVT (clib_bihash) * h, uword nbytes) rv = alloc_arena_next (h); alloc_arena_next (h) += nbytes; - if (rv >= (alloc_arena (h) + alloc_arena_size (h))) + if (rv >= alloc_arena_size (h)) os_out_of_memory (); return (void *) (uword) (rv + alloc_arena (h)); diff --git a/src/vppinfra/bihash_template.h b/src/vppinfra/bihash_template.h index 6ce3da77e7f..98dcf14673f 100644 --- a/src/vppinfra/bihash_template.h +++ b/src/vppinfra/bihash_template.h @@ -95,9 +95,9 @@ STATIC_ASSERT_SIZEOF (BVT (clib_bihash_bucket), sizeof (u64)); typedef CLIB_PACKED (struct { /* * Backing store allocation. Since bihash manages its own - * freelists, we simple dole out memory at alloc_arena_next. + * freelists, we simple dole out memory starting from alloc_arena[alloc_arena_next]. */ - u64 alloc_arena_next; /* Next VA to allocate, definitely NOT a constant */ + u64 alloc_arena_next; /* Next offset from alloc_arena to allocate, definitely NOT a constant */ u64 alloc_arena_size; /* Size of the arena */ /* Two SVM pointers stored as 8-byte integers */ u64 alloc_lock_as_u64; -- cgit 1.2.3-korg