pmalloc: u32 pp->index leads to va address overrun

[vpp.git] / src / vppinfra / pmalloc.c

diff --git a/src/vppinfra/pmalloc.c b/src/vppinfra/pmalloc.c
index 46ccd7f..e11d27e 100644 (file)
--- a/src/vppinfra/pmalloc.c
+++ b/src/vppinfra/pmalloc.c
@@ -359,6 +359,7 @@ pmalloc_map_pages (clib_pmalloc_main_t * pm, clib_pmalloc_arena_t * a,
       pp->n_free_blocks = 1 << (pm->def_log2_page_sz - PMALLOC_LOG2_BLOCK_SZ);
       pp->index = pp - pm->pages;
       pp->arena_index = a->index;
+      pp->pa = (uword) va + (1 << pm->def_log2_page_sz) * i;
       vec_add1 (a->page_indices, pp->index);
       a->n_pages++;
     }
@@ -428,7 +429,7 @@ clib_pmalloc_create_shared_arena (clib_pmalloc_main_t * pm, char *name,
       return 0;
     }
 
-  return pm->base + (pp->index << pm->def_log2_page_sz);
+  return pm->base + ((uword) pp->index << pm->def_log2_page_sz);
 }
 
 static inline void *
@@ -687,6 +688,27 @@ format_pmalloc (u8 * s, va_list * va)
   return s;
 }
 
+u8 *
+format_pmalloc_map (u8 * s, va_list * va)
+{
+  clib_pmalloc_main_t *pm = va_arg (*va, clib_pmalloc_main_t *);
+
+  u32 index;
+  s = format (s, "%16s %13s %8s", "virtual-addr", "physical-addr", "size");
+  vec_foreach_index (index, pm->lookup_table)
+  {
+    uword *lookup_val, pa, va;
+    lookup_val = vec_elt_at_index (pm->lookup_table, index);
+    va = pointer_to_uword (pm->base) + (index << pm->lookup_log2_page_sz);
+    pa = va - *lookup_val;
+    s =
+      format (s, "\n %16p %13p %8U", uword_to_pointer (va, u64),
+             uword_to_pointer (pa, u64), format_log2_page_size,
+             pm->lookup_log2_page_sz);
+  }
+  return s;
+}
+
 /*
  * fd.io coding-style-patch-verification: ON
  *