From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A7CB3A00C2; Tue, 8 Mar 2022 12:21:00 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 700B24068E; Tue, 8 Mar 2022 12:21:00 +0100 (CET) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by mails.dpdk.org (Postfix) with ESMTP id EEFBB4068B for ; Tue, 8 Mar 2022 12:20:58 +0100 (CET) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 611CA5C0090; Tue, 8 Mar 2022 06:20:57 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Tue, 08 Mar 2022 06:20:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; bh=F/I7LTgJRazWaj LlcwpbjxInp/BZwyo9cd3MPIe6Ezo=; b=gneGEJimb0t/AOdKgrV65cFhTT1sMK bF+5c3ujbxMX4ZOPkvy1ZMMK7Dp7ylfdomwlvJmbWv5ZP8lFfNoXZh0UnqLP6IBG 3lCQrAnAur1/ghc7Hz6//fMqcFZwowYu03yhFPk7yW/F9pMie4HbxxP9MrUjcTI1 L9QuM7dneKlwI3LSrgk/ZA1NE3ezalEuBkc0cQW/dhjtY7tVYEXcUCte/afJeRBa Yho54v+JQIfalBRsaB8O7phYBlduQ7HOVX3I9XK9sKfQPXeSndCqRH7xR/J8v6Ww sa/Zfl0yYvXRv9zPrJOHiah4Mzlyc1PrAppXr6haVnDpC/RqXdFR4dTw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=F/I7LTgJRazWajLlcwpbjxInp/BZwyo9cd3MPIe6E zo=; b=J43kI9yr209Wxky8bTMNFtRj8ay7uAEXQYby1DXja9nJsRmUDEstAd2v3 NLJomMSFO+m64aE33PE00V/USoOr+xZI+LkfdrnyAbk3pWYY4gyqgOZ2pKjN7+2V 6/09HtBEVUcZGbkeDg5711dXfccRPslX19kaO6x83YbjaT+N7/fPtqXRy0iMqxPU UiEmHxb7SS80kmG1BzhAMC7IR17Lr44xTFMYPhzD7E8F7JcfYHAEIznEpv3AAxgG k+kSJmdR4np7Z6UtPiwW9V0rg80t5+sXJV7aose9djuMf9F5e6/ggcZkPRiuv6Sl 6Uiics4lBjUYEraxZlCTiy1tW1RGQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudduiedgvdejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkfgjfhgggfgtsehtufertddttddvnecuhfhrohhmpefvhhhomhgr shcuofhonhhjrghlohhnuceothhhohhmrghssehmohhnjhgrlhhonhdrnhgvtheqnecugg ftrfgrthhtvghrnhepudeggfdvfeduffdtfeeglefghfeukefgfffhueejtdetuedtjeeu ieeivdffgeehnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepthhhohhmrghssehmohhnjhgrlhhonhdrnhgvth X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 8 Mar 2022 06:20:56 -0500 (EST) From: Thomas Monjalon To: Rahul Bhansali Cc: dev@dpdk.org, david.marchand@redhat.com, Conor Walsh Subject: Re: [PATCH] examples/l3fwd: resolve stack buffer overflow issue Date: Tue, 08 Mar 2022 12:20:54 +0100 Message-ID: <4698000.9Mp67QZiUf@thomas> In-Reply-To: <20220111125005.554635-1-rbhansali@marvell.com> References: <20220111125005.554635-1-rbhansali@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org 11/01/2022 13:50, Rahul Bhansali: > This patch fixes the stack buffer overflow error reported > from AddressSanitizer. > Function send_packetsx4() tries to access out of bound data > from rte_mbuf and fill it into TX buffer even in the case > where no pending packets (len = 0). > Performance impact:- No > > ASAN error report:- > ==819==ERROR: AddressSanitizer: stack-buffer-overflow on address > 0xffffe2c0dcf0 at pc 0x0000005e791c bp 0xffffe2c0d7e0 sp 0xffffe2c0d800 > READ of size 8 at 0xffffe2c0dcf0 thread T0 > #0 0x5e7918 in send_packetsx4 ../examples/l3fwd/l3fwd_common.h:251 > #1 0x5e7918 in send_packets_multi ../examples/l3fwd/l3fwd_neon.h:226 This code comes from below commit, so these tags are missing: Fixes: 96ff445371e0 ("examples/l3fwd: reorganise and optimize LPM code path") Cc: stable@dpdk.org > Signed-off-by: Rahul Bhansali > --- > examples/l3fwd/l3fwd_common.h | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/examples/l3fwd/l3fwd_common.h b/examples/l3fwd/l3fwd_common.h > index 7d83ff641a..de77711f88 100644 > --- a/examples/l3fwd/l3fwd_common.h > +++ b/examples/l3fwd/l3fwd_common.h > @@ -236,6 +236,9 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[], > > /* copy rest of the packets into the TX buffer. */ > len = num - n; > + if (len == 0) > + goto exit; > + I don't understand how it can fix something. There is already "while (j < len)" with j and len being 0, the loop should not be effective in this case. > j = 0; > switch (len % FWDSTEP) { > while (j < len) { > @@ -258,6 +261,7 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[], > } > } > > +exit: > qconf->tx_mbufs[port].len = len; > }