RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-18 12:52:44 +01:00
Code Releases Activity

gnrc_pktbuf_static: fix alignment issue / leaks

Browse Source 
This fixes an alignment issue I encountered in the static version of
the packet buffer.

The bug is caused by a race-condition where a certain order of
operations leads to a chunk being released according to the
byte-alignment of the platform, but overlapping potential space for
a future `_unused_t` struct e.g. (x mark allocated regions):

                    Future leak of size sizeof(_unused_t)       Time
                    v                                            |
    +------------+-----+--------------------+                    |
    |xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|                    +
    +------------+-----+--------------------+                    |
                                                                 |
    +------------+--+--+--------------------+                    |
    |               |xxxxxxxxxxxxxxxxxxxxxxx|                    +
    +------------+--+--+--------------------+                    |
                                                                 |
    +-----+------+--+--+--------------------+                    |
    |xxxxx|         |xxxxxxxxxxxxxxxxxxxxxxx|                    +
    +-----+------+--+--+--------------------+                    |
                                                                 |
    +-----+------+-----+---------+----------+                    |
    |xxxxx|                      |xxxxxxxxxx|                    +
    +-----+------+-----+---------+----------+                    |
                                                                 |
    +-----+------+-----+--------------------+                    |
    |xxxxx|      |xxxxxxxxxxxxxxxxxxxxxxxxxx|                    +
    +-----+------+-----+--------------------+                    |
                                                                 |
    +------------+-----+--------------------+                    |
    |xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|                    +
    +------------+-----+--------------------+                    |
                                                                 |
    +------------+-----+--------------------+                    |
    |xxxxxxxxxxxxxxxxxx|                    |                    +
    +------------+-----+--------------------+                    |
                                                                 |
    +------------+-----+--------------------+                    |
    |            |xxxxx|                    |                    +
    +------------+-----+--------------------+                    |
                                                                 v

Sadly, I wasn't able to create a reproducable unittest that show-cases
this corner-case, since I don't understand the order of operations that
cause this one 100%, but the bug is reproducable (but also not
reliably) by sending large (i.e. fragmented) packets to a 6Lo-enabled
host from more than 1 host simultaneously (use `gnrc_pktbuf_cmd` to
check).

By making the size of `_unused_t` the only condition for alignment,
this bug is fixed.
This commit is contained in:
Martine Lenders 2018-06-27 15:06:50 +02:00
parent 0689f69ddd
commit 8a75d8d189
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/net/gnrc/pktbuf_static/gnrc_pktbuf_static.c
View File

@ -33,7 +33,7 @@
#define ENABLE_DEBUG (0)
#include "debug.h"
#define _ALIGNMENT_MASK (sizeof(void *) - 1)
#define _ALIGNMENT_MASK (sizeof(_unused_t) - 1)
typedef struct _unused {
struct _unused *next;