env_dpdk: fix mem_map translation for sizes >2MB

Add a check to prevent spdk_mem_map_set_translation() or
spdk_mem_map_clear_translation() calls that start within the valid
address range but specify a size that would access parts of the mem map
outside of the valid region.

spdk_mem_map_translate() is safe without any extra checks since it only
accesses the first entry regardless of size, and the MASK_256TB check
catches out-of-range accesses to that entry.

Change-Id: Ie1437e57b5158363bb98a6b42a26fb41a089bbad
Signed-off-by: Daniel Verkamp <daniel.verkamp@intel.com>
Reviewed-on: https://review.gerrithub.io/418106
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Tested-by: SPDK Automated Test System <sys_sgsw@intel.com>

lib/env_dpdk/memory.c

@@ -360,6 +360,10 @@ spdk_mem_map_get_map_1gb(struct spdk_mem_map *map, uint64_t vfn_2mb)
 	uint64_t idx_256tb = MAP_256TB_IDX(vfn_2mb);
 	size_t i;
 
+	if (spdk_unlikely(idx_256tb >= SPDK_COUNTOF(map->map_256tb.map))) {
+		return NULL;
+	}
+
 	map_1gb = map->map_256tb.map[idx_256tb];
 
 	if (!map_1gb) {

test/env/memory/memory_ut.c

@@ -193,6 +193,10 @@ test_mem_map_translation(void)
 	rc = spdk_mem_map_set_translation(map, 0x1000000000000ULL, VALUE_2MB, 0x5678);
 	CU_ASSERT(rc == -EINVAL);
 
+	/* Attempt to set translation starting at a valid address but exceeding the valid range */
+	rc = spdk_mem_map_set_translation(map, 0xffffffe00000ULL, VALUE_2MB * 2, 0x123123);
+	CU_ASSERT(rc != 0);
+
 	spdk_mem_map_free(&map);
 	CU_ASSERT(map == NULL);
 }