RE: [PATCH] mbuf: fix mbuf operations history recording

Wed, 29 Apr 2026 09:36:16 -0700 

> This addresses two bugs in mbuf operations history recording.
> 
> 1. With mbuf operations history recording enabled, when allocating mbufs
> from a mempool failed, the array of fetched mbuf pointers was not set, but
> it was dereferenced for mbuf operations history recording anyway, which
> would trigger a segmentation fault or cause undefined behavior.
> 
> This was fixed by changing how the return value from the mempool
> allocation is checked, so the function returns early on failure, and only
> proceeds on success.
> 
> 2. When allocating a bulk of mbufs using rte_pktmbuf_alloc_bulk(), two
> mbuf library allocation operations were recorded on the mbuf, because the
> function calls rte_mbuf_raw_alloc_bulk() for allocation, and both
> functions record a mbuf library allocation operation.
> 
> This was fixed by not recording a mbuf library allocation operation in
> rte_pktmbuf_alloc_bulk().
> 
> Fixes: d265a24a32a4 ("mbuf: record mbuf operations history")
> Cc: [email protected]
> 
> Signed-off-by: Morten Brørup <[email protected]>
> ---
>  lib/mbuf/rte_mbuf.h | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/lib/mbuf/rte_mbuf.h b/lib/mbuf/rte_mbuf.h
> index e7c3bbadd4..60ec8158cd 100644
> --- a/lib/mbuf/rte_mbuf.h
> +++ b/lib/mbuf/rte_mbuf.h
> @@ -663,14 +663,14 @@ static __rte_always_inline int
>  rte_mbuf_raw_alloc_bulk(struct rte_mempool *mp, struct rte_mbuf **mbufs,
> unsigned int count)
>  {
>       int rc = rte_mempool_get_bulk(mp, (void **)mbufs, count);
> -     if (likely(rc == 0)) {
> -             for (unsigned int idx = 0; idx < count; idx++)
> -                     __rte_mbuf_raw_sanity_check_mp(mbufs[idx], mp);
> -     }
> +     if (unlikely(rc))
> +             return rc;
> +     for (unsigned int idx = 0; idx < count; idx++)
> +             __rte_mbuf_raw_sanity_check_mp(mbufs[idx], mp);
> 
>       rte_mbuf_history_mark_bulk(mbufs, count,
> RTE_MBUF_HISTORY_OP_LIB_ALLOC);
> 
> -     return rc;
> +     return 0;
>  }
> 
>  /**
> @@ -1068,8 +1068,6 @@ static inline int rte_pktmbuf_alloc_bulk(struct
> rte_mempool *pool,
>       if (unlikely(rc))
>               return rc;
> 
> -     rte_mbuf_history_mark_bulk(mbufs, count,
> RTE_MBUF_HISTORY_OP_LIB_ALLOC);
> -
>       rte_mbuf_raw_reset_bulk(pool, mbufs, count);
> 
>       return 0;
> --

Acked-by: Konstantin Ananyev <[email protected]>

> 2.43.0

Reply via email to