Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 7f5f21e)
svm: fix svm queue overwrite while adding 2 elements 44/40444/2
authorVladislav Grishenko <themiron@yandex-team.ru>
Sat, 13 Mar 2021 15:48:35 +0000 (20:48 +0500)
committerFlorin Coras <florin.coras@gmail.com>
Sun, 3 Mar 2024 18:47:41 +0000 (18:47 +0000)
Adding two elements to the full svm queue passes exact
bounds check, therefore tail gets overwritten w/o any
waiting. Fix it with requiring at lease two free slots.

Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I704ee606c47b523952cb965f848339ae1988cb60

src/svm/queue.c patch | blob | history

diff --git a/src/svm/queue.c b/src/svm/queue.c
index 864d97e..78444d8 100644 (file)
--- a/src/svm/queue.c
+++ b/src/svm/queue.c
@@ -323,14 +323,14 @@ svm_queue_add2 (svm_queue_t * q, u8 * elem, u8 * elem2, int nowait)
   else
     svm_queue_lock (q);
 
-  if (PREDICT_FALSE (q->cursize + 1 == q->maxsize))
+  if (PREDICT_FALSE (q->cursize + 1 >= q->maxsize))
     {
       if (nowait)
        {
          svm_queue_unlock (q);
          return (-2);
        }
-      while (q->cursize + 1 == q->maxsize)
+      while (q->cursize + 1 >= q->maxsize)
        svm_queue_wait_inline (q);
     }
 
Vector Packet Processing