From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Monjalon <thomas.monjalon@6wind.com>
Subject: Re: [PATCH] lpm: fix freeing of rules_tbl in
	rte_lpm_free_v20
Date: Mon, 02 May 2016 12:34:18 +0200
Message-ID: <2715506.Wi630GEmLA@xps13>
References: <1460468967-9206-1-git-send-email-christian.ehrhardt@canonical.com>
 <570D0EFC.2060107@6wind.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7Bit
Cc: dev@dpdk.org, Olivier MATZ <olivier.matz@6wind.com>,
 bruce.richardson@intel.com
To: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mail-wm0-f47.google.com (mail-wm0-f47.google.com [74.125.82.47])
 by dpdk.org (Postfix) with ESMTP id B86E05688
 for <dev@dpdk.org>; Mon,  2 May 2016 12:34:20 +0200 (CEST)
Received: by mail-wm0-f47.google.com with SMTP id g17so135183522wme.1
 for <dev@dpdk.org>; Mon, 02 May 2016 03:34:20 -0700 (PDT)
In-Reply-To: <570D0EFC.2060107@6wind.com>
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

> > Back then when we fixed the missing free lpm I was to quickly to say yes
> > if it applies not only to the lpm6 but also to all of the lpm code.
> >
> > It turned out to not apply to all of them. In rte_lpm_create_v20 there
> > is an unexpected fused allocation:
> > mem_size = sizeof(*lpm) + (sizeof(lpm->rules_tbl[0]) * max_rules);
> > [...]
> > lpm = (struct rte_lpm_v20 *)rte_zmalloc_socket(mem_name,mem_size,
> >                 RTE_CACHE_LINE_SIZE, socket_id);
> >
> > That causes lpm->rules_tbl not to have an own struct malloc_elem that
> > can be derived via RTE_PTR_SUB(data, MALLOC_ELEM_HEADER_LEN) in
> > malloc_elem_from_data.
> > Due to that the rte_lpm_free_v20 accidentially misderives the elem and
> > assumes it is ELEM_FREE triggering in malloc_elem_free
> > if (!malloc_elem_cookies_ok(elem) || elem->state !=
> >          return -1;
> >
> > While it seems counter-intuitive the way to properly remove rules_tbl in
> > the old fused allocation style of rte_lpm_free_v20 is to not remove it.
> >
> > The newer rte_lpm_free_v1604 is safe because in rte_lpm_create_v1604
> > rules_tbl is a separate allocation.
> >
> > Fixes: d4c18f0a1d5d ("lpm: fix missing free")
> >
> > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
> 
> Acked-by: Olivier Matz <olivier.matz@6wind.com>
> 
> Thanks, I missed it too during the review.

Applied, thanks