During initialization of rte_table_hash_ext and rte_table_hash_lru, a contiguous region of memory is allocated to store meta data, buckets, extended buckets, keys, stack of keys, stack of extended buckets and data entries. The size of each region depends on the hash table configuration.
The address of each region is calculated using offsets relative to the beginning of the memory region. Without this patch, the offsets contain the size of the table meta data (sizeof(struct rte_table_hash)). These addresses are stored in pointers which are used when entries are added or deleted and lookups are performed. Instead of adding these offsets to the address of the beginning of the memory region, they are added to the address of the end of the meta data (= address of the beginning of the memory region + sizeof(struct rte_table_hash)). The resulting addresses are off by sizeof(struct rte_table_hash) bytes. As a consequence, memory past the allocated region can be accessed by the add, delete and lookup operations. This patch corrects the address calculation by not including the size of the meta data in the offsets. Acked-by: Cristian Dumitrescu <cristian.dumitrescu at intel.com> Signed-off-by: Balazs Nemeth <balazs.nemeth at intel.com> --- lib/librte_table/rte_table_hash_ext.c | 5 ++--- lib/librte_table/rte_table_hash_lru.c | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/lib/librte_table/rte_table_hash_ext.c b/lib/librte_table/rte_table_hash_ext.c index fb3e6d2..467f48a 100644 --- a/lib/librte_table/rte_table_hash_ext.c +++ b/lib/librte_table/rte_table_hash_ext.c @@ -170,7 +170,7 @@ rte_table_hash_ext_create(void *params, int socket_id, uint32_t entry_size) struct rte_table_hash_ext_params *p = (struct rte_table_hash_ext_params *) params; struct rte_table_hash *t; - uint32_t total_size, table_meta_sz, table_meta_offset; + uint32_t total_size, table_meta_sz; uint32_t bucket_sz, bucket_ext_sz, key_sz; uint32_t key_stack_sz, bkt_ext_stack_sz, data_sz; uint32_t bucket_offset, bucket_ext_offset, key_offset; @@ -224,8 +224,7 @@ rte_table_hash_ext_create(void *params, int socket_id, uint32_t entry_size) t->data_size_shl = __builtin_ctzl(entry_size); /* Tables */ - table_meta_offset = 0; - bucket_offset = table_meta_offset + table_meta_sz; + bucket_offset = 0; bucket_ext_offset = bucket_offset + bucket_sz; key_offset = bucket_ext_offset + bucket_ext_sz; key_stack_offset = key_offset + key_sz; diff --git a/lib/librte_table/rte_table_hash_lru.c b/lib/librte_table/rte_table_hash_lru.c index bf92e81..f94c0a2 100644 --- a/lib/librte_table/rte_table_hash_lru.c +++ b/lib/librte_table/rte_table_hash_lru.c @@ -147,7 +147,7 @@ rte_table_hash_lru_create(void *params, int socket_id, uint32_t entry_size) struct rte_table_hash_lru_params *p = (struct rte_table_hash_lru_params *) params; struct rte_table_hash *t; - uint32_t total_size, table_meta_sz, table_meta_offset; + uint32_t total_size, table_meta_sz; uint32_t bucket_sz, key_sz, key_stack_sz, data_sz; uint32_t bucket_offset, key_offset, key_stack_offset, data_offset; uint32_t i; @@ -195,8 +195,7 @@ rte_table_hash_lru_create(void *params, int socket_id, uint32_t entry_size) t->data_size_shl = __builtin_ctzl(entry_size); /* Tables */ - table_meta_offset = 0; - bucket_offset = table_meta_offset + table_meta_sz; + bucket_offset = 0; key_offset = bucket_offset + bucket_sz; key_stack_offset = key_offset + key_sz; data_offset = key_stack_offset + key_stack_sz; -- 2.1.0 Intel Corporation NV/SA Kings Square, Veldkant 31 2550 Kontich RPM (Bruxelles) 0415.497.718. Citibank, Brussels, account 570/1031255/09 This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.