diff --git a/app/test/test_mempool.c b/app/test/test_mempool.c index 2bc3ac0e72..7af708bfd4 100644 --- a/app/test/test_mempool.c +++ b/app/test/test_mempool.c @@ -407,21 +407,25 @@ test_mempool_same_name_twice_creation(void) { struct rte_mempool *mp_tc; - mp_tc = rte_mempool_create("test_mempool_same_name_twice_creation", MEMPOOL_SIZE, + mp_tc = rte_mempool_create("test_mempool_same_name", MEMPOOL_SIZE, MEMPOOL_ELT_SIZE, 0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0); - if (NULL == mp_tc) + if (mp_tc == NULL) { + printf("cannot create mempool\n"); return -1; + } - mp_tc = rte_mempool_create("test_mempool_same_name_twice_creation", MEMPOOL_SIZE, + mp_tc = rte_mempool_create("test_mempool_same_name", MEMPOOL_SIZE, MEMPOOL_ELT_SIZE, 0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, 0); - if (NULL != mp_tc) + if (mp_tc != NULL) { + printf("should not be able to create mempool\n"); return -1; + } return 0; } diff --git a/lib/librte_eal/common/eal_common_memzone.c b/lib/librte_eal/common/eal_common_memzone.c index a8f804c14d..452679ef9e 100644 --- a/lib/librte_eal/common/eal_common_memzone.c +++ b/lib/librte_eal/common/eal_common_memzone.c @@ -126,6 +126,7 @@ static const struct rte_memzone * memzone_reserve_aligned_thread_unsafe(const char *name, size_t len, int socket_id, unsigned flags, unsigned align, unsigned bound) { + struct rte_memzone *mz; struct rte_mem_config *mcfg; size_t requested_len; int socket, i; @@ -148,6 +149,13 @@ memzone_reserve_aligned_thread_unsafe(const char *name, size_t len, return NULL; } + if (strlen(name) >= sizeof(mz->name) - 1) { + RTE_LOG(DEBUG, EAL, "%s(): memzone <%s>: name too long\n", + __func__, name); + rte_errno = EEXIST; + return NULL; + } + /* if alignment is not a power of two */ if (align && !rte_is_power_of_2(align)) { RTE_LOG(ERR, EAL, "%s(): Invalid alignment: %u\n", __func__, @@ -223,7 +231,7 @@ memzone_reserve_aligned_thread_unsafe(const char *name, size_t len, const struct malloc_elem *elem = malloc_elem_from_data(mz_addr); /* fill the zone in config */ - struct rte_memzone *mz = get_next_free_memzone(); + mz = get_next_free_memzone(); if (mz == NULL) { RTE_LOG(ERR, EAL, "%s(): Cannot find free memzone but there is room " diff --git a/lib/librte_mempool/rte_mempool.c b/lib/librte_mempool/rte_mempool.c index df2ae0e681..a694a0bf55 100644 --- a/lib/librte_mempool/rte_mempool.c +++ b/lib/librte_mempool/rte_mempool.c @@ -304,11 +304,14 @@ rte_mempool_xmem_usage(__rte_unused void *vaddr, uint32_t elt_num, static int rte_mempool_ring_create(struct rte_mempool *mp) { - int rg_flags = 0; + int rg_flags = 0, ret; char rg_name[RTE_RING_NAMESIZE]; struct rte_ring *r; - snprintf(rg_name, sizeof(rg_name), RTE_MEMPOOL_MZ_FORMAT, mp->name); + ret = snprintf(rg_name, sizeof(rg_name), + RTE_MEMPOOL_MZ_FORMAT, mp->name); + if (ret < 0 || ret >= (int)sizeof(rg_name)) + return -ENAMETOOLONG; /* ring flags */ if (mp->flags & MEMPOOL_F_SP_PUT) @@ -698,6 +701,7 @@ rte_mempool_create_empty(const char *name, unsigned n, unsigned elt_size, size_t mempool_size; int mz_flags = RTE_MEMZONE_1GB|RTE_MEMZONE_SIZE_HINT_ONLY; struct rte_mempool_objsz objsz; + int ret; /* compilation-time checks */ RTE_BUILD_BUG_ON((sizeof(struct rte_mempool) & @@ -751,7 +755,11 @@ rte_mempool_create_empty(const char *name, unsigned n, unsigned elt_size, mempool_size += private_data_size; mempool_size = RTE_ALIGN_CEIL(mempool_size, RTE_MEMPOOL_ALIGN); - snprintf(mz_name, sizeof(mz_name), RTE_MEMPOOL_MZ_FORMAT, name); + ret = snprintf(mz_name, sizeof(mz_name), RTE_MEMPOOL_MZ_FORMAT, name); + if (ret < 0 || ret >= (int)sizeof(mz_name)) { + rte_errno = ENAMETOOLONG; + goto exit_unlock; + } mz = rte_memzone_reserve(mz_name, mempool_size, socket_id, mz_flags); if (mz == NULL) @@ -760,7 +768,11 @@ rte_mempool_create_empty(const char *name, unsigned n, unsigned elt_size, /* init the mempool structure */ mp = mz->addr; memset(mp, 0, sizeof(*mp)); - snprintf(mp->name, sizeof(mp->name), "%s", name); + ret = snprintf(mp->name, sizeof(mp->name), "%s", name); + if (ret < 0 || ret >= (int)sizeof(mp->name)) { + rte_errno = ENAMETOOLONG; + goto exit_unlock; + } mp->mz = mz; mp->socket_id = socket_id; mp->size = n; diff --git a/lib/librte_ring/rte_ring.c b/lib/librte_ring/rte_ring.c index d80faf3b20..ca0a10826c 100644 --- a/lib/librte_ring/rte_ring.c +++ b/lib/librte_ring/rte_ring.c @@ -122,6 +122,8 @@ int rte_ring_init(struct rte_ring *r, const char *name, unsigned count, unsigned flags) { + int ret; + /* compilation-time checks */ RTE_BUILD_BUG_ON((sizeof(struct rte_ring) & RTE_CACHE_LINE_MASK) != 0); @@ -140,7 +142,9 @@ rte_ring_init(struct rte_ring *r, const char *name, unsigned count, /* init the ring structure */ memset(r, 0, sizeof(*r)); - snprintf(r->name, sizeof(r->name), "%s", name); + ret = snprintf(r->name, sizeof(r->name), "%s", name); + if (ret < 0 || ret >= (int)sizeof(r->name)) + return -ENAMETOOLONG; r->flags = flags; r->prod.watermark = count; r->prod.sp_enqueue = !!(flags & RING_F_SP_ENQ); @@ -165,6 +169,7 @@ rte_ring_create(const char *name, unsigned count, int socket_id, ssize_t ring_size; int mz_flags = 0; struct rte_ring_list* ring_list = NULL; + int ret; ring_list = RTE_TAILQ_CAST(rte_ring_tailq.head, rte_ring_list); @@ -174,6 +179,13 @@ rte_ring_create(const char *name, unsigned count, int socket_id, return NULL; } + ret = snprintf(mz_name, sizeof(mz_name), "%s%s", + RTE_RING_MZ_PREFIX, name); + if (ret < 0 || ret >= (int)sizeof(mz_name)) { + rte_errno = ENAMETOOLONG; + return NULL; + } + te = rte_zmalloc("RING_TAILQ_ENTRY", sizeof(*te), 0); if (te == NULL) { RTE_LOG(ERR, RING, "Cannot reserve memory for tailq\n"); @@ -181,8 +193,6 @@ rte_ring_create(const char *name, unsigned count, int socket_id, return NULL; } - snprintf(mz_name, sizeof(mz_name), "%s%s", RTE_RING_MZ_PREFIX, name); - rte_rwlock_write_lock(RTE_EAL_TAILQ_RWLOCK); /* reserve a memory zone for this ring. If we can't get rte_config or