DPDK vRouter: Memory corruption/incorrect memory usage in big tables

Bug #1678704 reported by Anand H. Krishnan on 2017-04-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.2
Fix Committed
Undecided
Anand H. Krishnan
Trunk
Fix Committed
Undecided
Anand H. Krishnan

Bug Description

In vr_btable_attach, for the btable metadata, we allocate memory only for a pointer, while end up using that memory as a structure. One of the customers found this bug and here is their description:

From the customer:

the bug we mentioned during the meeting involves bad allocation size in vRouter Extension.

On Linux, kernel can allocate more memory than requested (a multiple of page size), so a write past allocated buffer will sometimes not crash. That's why this bug was hidden. However, on Windows, kernel allocates exactly the amount requested (the remaining page space can be used in another allocation).

The bug involves wrong calculation of required allocation size. Vr_btable_attach() function uses sizeof(struct vr_btable *) in the calculation (which is always 8 bytes on 64bit systems), but later uses it like it was the whole struct (not a pointer to it). The struct is larger than 8 bytes. This leads to memory corruption after the allocated block.

The correct solution is to simply use sizeof(struct vr_btable).

Review in progress for https://review.opencontrail.org/30045
Submitter: Anand H. Krishnan (<email address hidden>)

Review in progress for https://review.opencontrail.org/30046
Submitter: Anand H. Krishnan (<email address hidden>)

Reviewed: https://review.opencontrail.org/30045
Committed: http://github.org/Juniper/contrail-vrouter/commit/a5fef9e555ec11f33daf18c1f6e773025ad8ef00
Submitter: Zuul (<email address hidden>)
Branch: master

commit a5fef9e555ec11f33daf18c1f6e773025ad8ef00
Author: Anand H. Krishnan <email address hidden>
Date: Mon Apr 3 10:49:08 2017 +0530

Allocate memory for the btable structure

In vr_btable_attach, for the btable metadata, we allocate memory
only for a pointer, while end up using that memory as a structure.
Hence, allocate memory for the whole structrure rather than for
the pointer to the structure.

Change-Id: Iccf2793a6c3bcac06aed9cfe2011e9364e1f9397
Closes-Bug: #1678704

OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/30046
Committed: http://github.org/Juniper/contrail-vrouter/commit/300fd131c40540ed60dd90cebc2c275b891f85f3
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit 300fd131c40540ed60dd90cebc2c275b891f85f3
Author: Anand H. Krishnan <email address hidden>
Date: Mon Apr 3 10:49:08 2017 +0530

Allocate memory for the btable structure

In vr_btable_attach, for the btable metadata, we allocate memory
only for a pointer, while end up using that memory as a structure.
Hence, allocate memory for the whole structrure rather than for
the pointer to the structure.

Change-Id: Iccf2793a6c3bcac06aed9cfe2011e9364e1f9397
Closes-Bug: #1678704

information type: Proprietary → Public
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers