From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3D944A0C55; Wed, 13 Oct 2021 21:27:59 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 27E794123A; Wed, 13 Oct 2021 21:27:59 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id C38AD41134; Wed, 13 Oct 2021 21:27:56 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10136"; a="250939547" X-IronPort-AV: E=Sophos;i="5.85,371,1624345200"; d="scan'208";a="250939547" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Oct 2021 12:27:55 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,371,1624345200"; d="scan'208";a="491610865" Received: from silpixa00400072.ir.intel.com ([10.237.222.213]) by orsmga008.jf.intel.com with ESMTP; 13 Oct 2021 12:27:54 -0700 From: Vladimir Medvedkin To: dev@dpdk.org Cc: yipeng1.wang@intel.com, sameh.gobriel@intel.com, bruce.richardson@intel.com, david.marchand@redhat.com, stable@dpdk.org Date: Wed, 13 Oct 2021 20:27:45 +0100 Message-Id: <1634153265-193315-1-git-send-email-vladimir.medvedkin@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1633728526-197782-1-git-send-email-vladimir.medvedkin@intel.com> References: <1633728526-197782-1-git-send-email-vladimir.medvedkin@intel.com> Subject: [dpdk-dev] [PATCH v2] test/hash: fix buffer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch fixes buffer overflow reported by ASAN, please reference https://bugs.dpdk.org/show_bug.cgi?id=818 Some tests for the rte_hash table use the rte_jhash_32b() as the hash function. This hash function interprets the length argument in units of 4 bytes. This patch divides configured key length by 4 in cases when rte_jhash_32b() is used. For some tests rte_jhash() is used with keys of length not a multiple of 4 bytes. From the rte_jhash() documentation: If input key is not aligned to four byte boundaries or a multiple of four bytes in length, the memory region just after may be read (but not used in the computation). This patch increases the size of the proto field of the flow_key struct up to uint32_t and sets the alignment to 4 bytes. Bugzilla ID: 818 Fixes: af75078fece3 ("first public release") Cc: stable@dpdk.org Signed-off-by: Vladimir Medvedkin --- app/test/test_hash.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/test/test_hash.c b/app/test/test_hash.c index bd4d0cb..e3f2d29 100644 --- a/app/test/test_hash.c +++ b/app/test/test_hash.c @@ -80,8 +80,8 @@ struct flow_key { uint32_t ip_dst; uint16_t port_src; uint16_t port_dst; - uint8_t proto; -} __rte_packed; + uint32_t proto; +} __rte_packed __rte_aligned(sizeof(uint32_t)); /* * Hash function that always returns the same value, to easily test what @@ -1617,7 +1617,8 @@ test_hash_add_delete_jhash2(void) int32_t pos1, pos2; hash_params_ex.name = "hash_test_jhash2"; - hash_params_ex.key_len = 4; + /* Set the key_len divided by 4 due to using rte_jhash_32b() */ + hash_params_ex.key_len = 4 / sizeof(uint32_t); hash_params_ex.hash_func = (rte_hash_function)rte_jhash_32b; handle = rte_hash_create(&hash_params_ex); @@ -1656,7 +1657,8 @@ test_hash_add_delete_2_jhash2(void) int32_t pos1, pos2; hash_params_ex.name = "hash_test_2_jhash2"; - hash_params_ex.key_len = 8; + /* Set the key_len divided by 4 due to using rte_jhash_32b() */ + hash_params_ex.key_len = 8 / sizeof(uint32_t); hash_params_ex.hash_func = (rte_hash_function)rte_jhash_32b; handle = rte_hash_create(&hash_params_ex); -- 2.7.4