pmalloc: u32 pp->index leads to va address overrun

when pagesize is 1G, this pm->base + (pp->index << pm->def_log2_page_sz) would very soon overrun if creating multiple mempools
add a (uword) to it

Change-Id: If769b99d344cc3f547418a242a7497d044071615
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>

diff --git a/src/vppinfra/pmalloc.c b/src/vppinfra/pmalloc.c
index 62b4f60..e11d27e 100644 (file)
--- a/src/vppinfra/pmalloc.c
+++ b/src/vppinfra/pmalloc.c
@@ -359,6 +359,7 @@ pmalloc_map_pages (clib_pmalloc_main_t * pm, clib_pmalloc_arena_t * a,
       pp->n_free_blocks = 1 << (pm->def_log2_page_sz - PMALLOC_LOG2_BLOCK_SZ);
       pp->index = pp - pm->pages;
       pp->arena_index = a->index;
+      pp->pa = (uword) va + (1 << pm->def_log2_page_sz) * i;
       vec_add1 (a->page_indices, pp->index);
       a->n_pages++;
     }
@@ -428,7 +429,7 @@ clib_pmalloc_create_shared_arena (clib_pmalloc_main_t * pm, char *name,
       return 0;
     }
 
-  return pm->base + (pp->index << pm->def_log2_page_sz);
+  return pm->base + ((uword) pp->index << pm->def_log2_page_sz);
 }
 
 static inline void *