During initialization of rte_table_hash_ext and rte_table_hash_lru, a
contiguous region of memory is allocated to store meta data, buckets,
extended buckets, keys, stack of keys, stack of extended buckets and
data entries. The size of each region depends on the hash table
configuration.

The address of each region is calculated using offsets relative to the
beginning of the memory region. Without this patch, the offsets
contain the size of the table meta data (sizeof(struct
rte_table_hash)). These addresses are stored in pointers which are
used when entries are added or deleted and lookups are performed.

Instead of adding these offsets to the address of the beginning of the
memory region, they are added to the address of the end of the meta
data (= address of the beginning of the memory region + sizeof(struct
rte_table_hash)). The resulting addresses are off by sizeof(struct
rte_table_hash) bytes. As a consequence, memory past the allocated
region can be accessed by the add, delete and lookup operations.

This patch corrects the address calculation by not including the size
of the meta data in the offsets.

Acked-by: Cristian Dumitrescu <cristian.dumitrescu at intel.com>
Signed-off-by: Balazs Nemeth <balazs.nemeth at intel.com>
---
 lib/librte_table/rte_table_hash_ext.c | 5 ++---
 lib/librte_table/rte_table_hash_lru.c | 5 ++---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/lib/librte_table/rte_table_hash_ext.c 
b/lib/librte_table/rte_table_hash_ext.c
index fb3e6d2..467f48a 100644
--- a/lib/librte_table/rte_table_hash_ext.c
+++ b/lib/librte_table/rte_table_hash_ext.c
@@ -170,7 +170,7 @@ rte_table_hash_ext_create(void *params, int socket_id, 
uint32_t entry_size)
        struct rte_table_hash_ext_params *p =
                (struct rte_table_hash_ext_params *) params;
        struct rte_table_hash *t;
-       uint32_t total_size, table_meta_sz, table_meta_offset;
+       uint32_t total_size, table_meta_sz;
        uint32_t bucket_sz, bucket_ext_sz, key_sz;
        uint32_t key_stack_sz, bkt_ext_stack_sz, data_sz;
        uint32_t bucket_offset, bucket_ext_offset, key_offset;
@@ -224,8 +224,7 @@ rte_table_hash_ext_create(void *params, int socket_id, 
uint32_t entry_size)
        t->data_size_shl = __builtin_ctzl(entry_size);

        /* Tables */
-       table_meta_offset = 0;
-       bucket_offset = table_meta_offset + table_meta_sz;
+       bucket_offset = 0;
        bucket_ext_offset = bucket_offset + bucket_sz;
        key_offset = bucket_ext_offset + bucket_ext_sz;
        key_stack_offset = key_offset + key_sz;
diff --git a/lib/librte_table/rte_table_hash_lru.c 
b/lib/librte_table/rte_table_hash_lru.c
index bf92e81..f94c0a2 100644
--- a/lib/librte_table/rte_table_hash_lru.c
+++ b/lib/librte_table/rte_table_hash_lru.c
@@ -147,7 +147,7 @@ rte_table_hash_lru_create(void *params, int socket_id, 
uint32_t entry_size)
        struct rte_table_hash_lru_params *p =
                (struct rte_table_hash_lru_params *) params;
        struct rte_table_hash *t;
-       uint32_t total_size, table_meta_sz, table_meta_offset;
+       uint32_t total_size, table_meta_sz;
        uint32_t bucket_sz, key_sz, key_stack_sz, data_sz;
        uint32_t bucket_offset, key_offset, key_stack_offset, data_offset;
        uint32_t i;
@@ -195,8 +195,7 @@ rte_table_hash_lru_create(void *params, int socket_id, 
uint32_t entry_size)
        t->data_size_shl = __builtin_ctzl(entry_size);

        /* Tables */
-       table_meta_offset = 0;
-       bucket_offset = table_meta_offset + table_meta_sz;
+       bucket_offset = 0;
        key_offset = bucket_offset + bucket_sz;
        key_stack_offset = key_offset + key_sz;
        data_offset = key_stack_offset + key_stack_sz;
--
2.1.0
Intel Corporation NV/SA
Kings Square, Veldkant 31
2550 Kontich
RPM (Bruxelles) 0415.497.718. 
Citibank, Brussels, account 570/1031255/09

This e-mail and any attachments may contain confidential material for the sole 
use of the intended recipient(s). Any review or distribution by others is 
strictly prohibited. If you are not the intended recipient, please contact the 
sender and delete all copies.

Reply via email to