cmhi
/
f-stack
mirror of https://github.com/F-Stack/f-stack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
f-stack/lib
History
Jianfeng Tan 84456118c7 fix use after free issue in mbuf free 
Two kinds of mbuf are used in f-stack: freebsd mbuf and dpdk mbuf.

freebsd mbufs are metadata used in freebsd stack, and their data
pointers (m_data) point to dpdk mbuf's data (buf_addr). And they have
their own chain, like this:

  bsd_mbuf1 -> bsd_mbuf2 -> bsd_mbuf3
      \            \            \
    dpdk_mbuf1 -> dpdk_mbuf2 -> dpdk_mbuf3

Considering the map relationship,

- m_freem() is corresponding to rte_pktmbuf_free(), is to free the whole
  chain of mbufs.
- m_free() is corresponding to rte_pktmbuf_free_seg(), is to free the
  specified mbuf segment.

The current implementation in f-stack uses rte_pktmbuf_free() for
m_free(). This leads to mbufs, which are still in use, be freed
unexpectedly. For example, if the bsd_mbuf1 is trimed into zero length,
bsd will invoke m_free() to free the specified segment, however, the
whole mbuf chain is freed by calling rte_pktmbuf_free().

  #0 rte_pktmbuf_free (m=0x22006fb480)
  #1 in ff_dpdk_pktmbuf_free (m=0x22006fb480)
  #2 in ff_mbuf_ext_free (m=0x7ffff7f82800, arg1=0x22006fb480, arg2=0x0)
  #3 in mb_free_ext (m=0x7ffff7f82800)
  #4 in m_free (m=0x7ffff7f82800)
  #5 in sbcompress (sb=, m=0x7ffff7f82800, n=)
  #6 in sbappendstream_locked (sb=, m=0x7ffff7f82800, flags=0)

The fix is straightforward. Use the correct API for segment free.

Reported-by: Yong-Hao Zou <yonghaoz1994@gmail.com>
Signed-off-by: Jianfeng Tan <henry.tjf@antgroup.com>
 		2021-03-06 19:04:46 +08:00
..
include Reupgrade DPDK to 18.11. 2019-06-25 19:12:58 +08:00
opt IPv6: FreeBSD stack and f-stack support ipv6. 2019-07-12 20:56:01 +08:00
Makefile Bugfix: support rte_flow_isolate for multi lcore (#562) 2020-11-25 11:31:04 +08:00
ff_api.h User APP can use AF_INET6/PF_INET6 directly whether call ff socket or linux API, such as inet_ntoa/inet_aton. 2020-09-03 01:35:22 +08:00
ff_api.symlist set freebsd mbuf vlan information when the vlan_strip is enable && get ether_type error when the vlan_strip is disabled 2019-07-29 15:27:40 +08:00
ff_compat.c Fix bug: undefined refrence to `fueword`. 2017-10-25 15:16:28 +08:00
ff_config.c 解析file_prefix&pci-whitelist配置 2020-11-17 19:19:19 +08:00
ff_config.h 解析file_prefix&pci-whitelist配置 2020-11-17 19:04:23 +08:00
ff_dpdk_if.c fix use after free issue in mbuf free 2021-03-06 19:04:46 +08:00
ff_dpdk_if.h Support RX/TX offload according to HW's capability 2017-05-06 21:52:25 +08:00
ff_dpdk_kni.c DPDK: upgrade to DPDK 19.11.2(LTS). 2020-06-18 16:55:50 +00:00
ff_dpdk_kni.h IPv6: support multi-processes, deep copy NDP packet and dispatch. 2019-07-17 17:31:47 +08:00
ff_dpdk_pcap.c update ff_dump_packets 2020-01-08 21:23:33 +08:00
ff_dpdk_pcap.h dump packets by core, instead of by ports;without fopen/fclose while dumping 2020-01-08 12:09:40 +08:00
ff_epoll.c Fix #124 2017-12-27 11:28:49 +07:00
ff_epoll.h Misc: add "extern C" in public header files. 2018-01-02 18:22:40 +08:00
ff_errno.h init 2017-04-21 18:43:26 +08:00
ff_event.h Misc: add "extern C" in public header files. 2018-01-02 18:22:40 +08:00
ff_freebsd_init.c Support nginx reload. 2017-08-23 16:54:32 +08:00
ff_glue.c IPv6: FreeBSD stack and f-stack support ipv6. 2019-07-12 20:56:01 +08:00
ff_host_interface.c use 4 spaces instead tab 2019-04-01 15:42:01 +08:00
ff_host_interface.h ff_kern_timeout: optimize the timecounter. 2018-01-19 21:03:20 +08:00
ff_ini_parser.c Fixed #426, F-stack compile error in Red Hat 8.0 with gcc 8.2.1. 2019-10-31 15:58:26 +08:00
ff_ini_parser.h init 2017-04-21 18:43:26 +08:00
ff_init.c Simplify startup arguments and add ff_fdisused. 2017-08-08 22:36:49 +08:00
ff_init_main.c init 2017-04-21 18:43:26 +08:00
ff_kern_condvar.c Add tool: ifconfig. 2017-06-06 16:52:52 +08:00
ff_kern_environment.c init 2017-04-21 18:43:26 +08:00
ff_kern_intr.c init 2017-04-21 18:43:26 +08:00
ff_kern_subr.c Add tool: ngctl. 2017-11-01 17:38:22 +08:00
ff_kern_synch.c FreeBSD misc: add a macro to turn on NETGRAPH option and return error when call sleep 2017-10-27 18:08:44 +08:00
ff_kern_timeout.c kern_timeout: decrease the cpu usage of timer. 2018-05-10 17:53:18 +08:00
ff_lock.c init 2017-04-21 18:43:26 +08:00
ff_memory.c use 4 spaces instead tab 2019-04-01 15:42:01 +08:00
ff_memory.h dump packets by core, instead of by ports;without fopen/fclose while dumping 2020-01-08 12:09:40 +08:00
ff_msg.h Fix bug of `sysctl` in tools/compat/sysctl.c. 2020-11-21 21:27:55 +08:00
ff_ng_base.c Add tool: ngctl. 2017-11-01 17:38:22 +08:00
ff_ngctl.c Add tool: ngctl. 2017-11-01 17:38:22 +08:00
ff_route.c IPv6: FreeBSD stack and f-stack support ipv6. 2019-07-12 20:56:01 +08:00
ff_subr_prf.c init 2017-04-21 18:43:26 +08:00
ff_syscall_wrapper.c User APP can use AF_INET6/PF_INET6 directly whether call ff socket or linux API, such as inet_ntoa/inet_aton. 2020-09-03 01:35:22 +08:00
ff_veth.c fix use after free issue in mbuf free 2021-03-06 19:04:46 +08:00
ff_veth.h fix use after free issue in mbuf free 2021-03-06 19:04:46 +08:00
ff_vfs_ops.c init 2017-04-21 18:43:26 +08:00