From: "Etelson, Gregory" <getelson@nvidia.com>
To: Ferruh Yigit <ferruh.yigit@amd.com>
Cc: "Etelson, Gregory" <getelson@nvidia.com>,
"dev@dpdk.org" <dev@dpdk.org>,
Maayan Kashani <mkashani@nvidia.com>,
Raslan Darawsheh <rasland@nvidia.com>,
Ori Kam <orika@nvidia.com>,
Aman Singh <aman.deep.singh@intel.com>,
Yuying Zhang <yuying.zhang@intel.com>
Subject: Re: [PATCH] app/testpmd: fix indirect action list parameters parsing
Date: Fri, 10 Nov 2023 19:41:39 +0200 (IST) [thread overview]
Message-ID: <2ddf95cd-840d-81dc-1fff-99b3dbe59095@nvidia.com> (raw)
In-Reply-To: <95a14c2f-f6ba-4133-b787-99c2feb8739c@amd.com>
Hello Ferruh,
[:snip:]
>> *** stack smashing detected ***: terminated
>>
>> The corruption occurred in `parse_int()` called from
>> `parse_indlst_id2ptr()`.
>>
>> Inside `parse_int()` the arg parameter referenced 8 bytes of memory
>> while the target buffer was 4 bytes allocated on caller optimized stack:
>>
>> (gdb) p *arg
>> $1 = { ... size = 8, ...}
>>
>
> Thanks Gregory, I can see the problem now.
>
[: Thumbs up :]
[:snip:]
> BUT back to the root cause of the problem,
> `parse_int()` tries to be generic and it support different size of
> variables [1], but it fails on this.
>
> `parse_int()` gets 'size' as argument, but it doesn't use parameter
> value, instead overwrites it with 'size = arg->size;' and uses this
> value, in this case when context provides larger variable size than what
> `parse_int()` gets as parameter, the problem you observed occurs.
>
> What do you think to use 'size' from parameter list, as it is intended,
> instead of using 'arg->size'?
> Or perhaps use 'buf' and 'size' from parameter if they are valid, else
> get the from context/arg [2]?
> I think this solves your problem, can you please verify it?
>
> btw, 'buf' usage is a little more complex, since `parse_int()` checks
> for "ctx->object != NULL" to continue, I can't really be sure about
> intention there, but please check usage in `parse_port()`, it looks like
> when 'buf' provided expectation is to get parsed value in the 'buf'.
>
>
>
>
> [1]
> switch (size) {
> case sizeof(uint8_t):
> ...
> case sizeof(uint16_t):
> ...
> ...
> case sizeof(uint64_t):
> ...
>
>
> [2]
> diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c
> index 0d521159e97d..cd123c69265e 100644
> --- a/app/test-pmd/cmdline_flow.c
> +++ b/app/test-pmd/cmdline_flow.c
> @@ -10805,8 +10805,10 @@ parse_int(struct context *ctx, const struct
> token *token,
> goto error;
> return len;
> }
> - buf = (uint8_t *)ctx->object + arg->offset;
> - size = arg->size;
> + if (buf == NULL || size == 0) {
> + buf = (uint8_t *)ctx->object + arg->offset;
> + size = arg->size;
> + }
> if (u > RTE_LEN2MASK(size * CHAR_BIT, uint64_t))
> return -1;
> objmask:
>
About the fault root cause.
There were 2 uncoupled resources in that case: static token size and
variable size passed to parse_int().
parse_int() caller must provide a buffer large enough for token size.
Otherwise parse_int() will corrupt memory outside the input buffer.
In the generic solution parse_int() caller allocates target buffer using
existing knowledge about input token size.
Testpmd add_port() imitates the ARGS_ENTRY() macro that extrapolates
target buffer size from RTE structure member.
Current testpmd cannot use that approach directly because indirect action
references internal testpmd ID.
Testpmd indirect ID has no defined type or token that leads to indirect ID
parser.
As a solution, testpmd can provide centralized parser function for all
indirect IDs. The function will parse ID value and use the token as the
key to indirect database search:
diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c
index ce71818705..7fb3b61d37 100644
--- a/app/test-pmd/cmdline_flow.c
+++ b/app/test-pmd/cmdline_flow.c
+typedef uint32_t indirect_id_t;
+
+static int
+parse_indirect_index(struct context *ctx, const struct token *token,
+ const char *str, unsigned int len,
+ void *buf, unsigned int size)
+{
+ indirect_id_t id;
+
+ ctx->object = &id;
+ parse_int(ctx, token, str, len, ctx->object, sizeof(id));
+
+ switch (ctx->curr) {
+ case INDIRECT_ACTION_ID2PTR:
+ /**/
+ break;
+ case INDIRECT_LIST_ACTION_ID2PTR_HANDLE:
+ /**/
+ break;
+ case INDIRECT_LIST_ACTION_ID2PTR_CONF:
+ /**/
+ break;
+ default:
+ /**/
+ }
+
+
+}
+
Regards,
Gregory
next prev parent reply other threads:[~2023-11-10 17:41 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-08 16:34 Gregory Etelson
2023-11-09 16:16 ` Ferruh Yigit
2023-11-09 18:22 ` Etelson, Gregory
2023-11-09 19:03 ` Ferruh Yigit
2023-11-09 19:57 ` Etelson, Gregory
2023-11-10 14:51 ` Ferruh Yigit
2023-11-10 17:41 ` Etelson, Gregory [this message]
2023-11-10 20:15 ` Ferruh Yigit
2023-11-10 21:22 ` Etelson, Gregory
2023-11-09 18:36 ` [PATCH v2] " Gregory Etelson
2023-11-09 19:41 ` Stephen Hemminger
2023-11-09 20:01 ` Bruce Richardson
2023-11-10 7:04 ` [PATCH v3] app/testpmd: fix indirect action list ID size Gregory Etelson
2023-11-10 23:40 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2ddf95cd-840d-81dc-1fff-99b3dbe59095@nvidia.com \
--to=getelson@nvidia.com \
--cc=aman.deep.singh@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@amd.com \
--cc=mkashani@nvidia.com \
--cc=orika@nvidia.com \
--cc=rasland@nvidia.com \
--cc=yuying.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).