From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E8E09A00C3; Tue, 20 Sep 2022 10:05:56 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DCCF340DFB; Tue, 20 Sep 2022 10:05:56 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 7835E4069B for ; Tue, 20 Sep 2022 10:05:55 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28K3s688005599; Tue, 20 Sep 2022 01:05:54 -0700 Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam07lp2049.outbound.protection.outlook.com [104.47.51.49]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3jndrmssax-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 20 Sep 2022 01:05:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e2ziT5H3n8HHv0UxD1Cr2sUMrR9Elx7pUn0jeA9XEIY2n061WN96Z12kWDmGaBDb5o6PXiQjuzOdQ0M+q8OSJCtc/0sFOsQai6sCkswXd8PfUIay+Yx1Meeuv8opmrfCOt/NxCpWVEoPKnUyLiIkAXxqzkUES4TkPrfc7XhJKKhiZr2UOXx8tNyhfrG3QJChSyDoAUm1eSNarcX+0VD8Td6mYv2MKQ0Iy5T60JuAO/CQmzEggWQkb3NyYd3Pjoboa0ASATjQQf3Av2qNjiuNw5keUHvtmlwGHUlcamsWRmikv7elxR+QM+u2JTyYuFH2Q5izHusF9VIrjXd7ttrgcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=toHAvjvwgRWWks1BzoUQSX1pJKeO5OvEZMJDM8ZdtY4=; b=myL2mHMYuWpCZ+OJKsn7kzUQkDm+ST9XUJDxqmyyEaZzM4QGp4nS94hB42DxQZSvA+ezlrlIf4XIWEQWrSJfo84ewmCDm5c45CBCUrE27oeuDYQFJaxovHwR1wUkAr89/QAhyvINlET25ttsv1g704SXzsquvfGlOPxq+fyIWguFrMxxWs8c+PWgp2bW8yWHH/6YrcChVHP74xJ69VyDKzBFtX+6C20sqCdwQC3CTaBXeayiLbuZw/QTJbGwq4DBONkA5Qo/TExP1kovhsjC8jAgFTVXhrP33gfvDrHLmVXJliXU2jGbi/X9J0N6sD2fThrNW0s1RC71E35u3ou4Vw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=toHAvjvwgRWWks1BzoUQSX1pJKeO5OvEZMJDM8ZdtY4=; b=kDBibUEArWvxuW4Ah4BXec/bS7Dr6PccBZgW7bIECH/VNW3ShiojMpo+z4rdoBc51KSyzCz99U52OhykLWteupOJ7P/mf8e6/UFPbh9EOy3l+oL7PFFKFaqZtrhmaehwQsoprV8sYcQkPW+u1U6rUGPBs8pFTNrdqFWBbdPhjsU= Received: from BY3PR18MB4785.namprd18.prod.outlook.com (2603:10b6:a03:3cc::18) by CH0PR18MB4340.namprd18.prod.outlook.com (2603:10b6:610:d3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5632.21; Tue, 20 Sep 2022 08:05:52 +0000 Received: from BY3PR18MB4785.namprd18.prod.outlook.com ([fe80::5980:ad09:975a:4a7b]) by BY3PR18MB4785.namprd18.prod.outlook.com ([fe80::5980:ad09:975a:4a7b%4]) with mapi id 15.20.5632.021; Tue, 20 Sep 2022 08:05:52 +0000 From: Jerin Jacob Kollanukkaran To: Zhirun Yan , "dev@dpdk.org" , Kiran Kumar Kokkilagadda CC: Cunming Liang Subject: RE: [EXT] [PATCH v2] graph: fix out of bounds access when re-allocate node objs Thread-Topic: [EXT] [PATCH v2] graph: fix out of bounds access when re-allocate node objs Thread-Index: AQHYp8fYlYA9QSQntU++a5zC77mTs63oP+bw Date: Tue, 20 Sep 2022 08:05:52 +0000 Message-ID: References: <20220727023924.2066465-1-zhirun.yan@intel.com> <20220804060241.1581110-1-zhirun.yan@intel.com> In-Reply-To: <20220804060241.1581110-1-zhirun.yan@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BY3PR18MB4785:EE_|CH0PR18MB4340:EE_ x-ms-office365-filtering-correlation-id: 9c53b8a1-f538-4f33-bfef-08da9adeefe9 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: dduiHDdEcUj8OZ7f4s8giXpYjmec6xJXSUNvw0hFISSV1/xea9jobmFilnL2cVgxW8eXWsGQFOW/496VqDv2OdWZ9IMYwB1gWBDauKR28YEXoZ+Ibzg+qQGSF/Ip3Ovuw12ASmvDsQukOpodaKe3GcZqtJ2z2Pf/Iuheys7CW4o60Y+539Z0YMYYDGPmoYoymHBRgxen7H2NlfzQdrG2OEih7G0+EE1al5sFLbBlwEPLTwZ/nFscEK2HYr9yXuJQJdEzi73da/GG5XozRHBK10V8TnEH5HYLDmc5SojQofgaaEVEo1Il3tCLnMy2BhhMAE+KorovX+FZva+BDJEh07UHYHTcC8/2dF5VAwI1AldclVT3n/6nTslx2DRCo01v/NEWMNPX/uBwFqgJTqi05polUgTghOcUh53HvplVQ1kT6Iztogcio3UIX/MKiA/8nrcHyYHKQ/9DiGr9qfnhnDcNpKCWs+RC6iKuSoco5dpcxRzocJzKhd2EuYo86sBPX1pVLp0a6fTFtDn9FJs3/CGccVjq2UaLXhi6U2ydVKKSNJaonWvyZkAjy/wU45djDndhrwn/+pqIGywOyWVtW1aBSfxu6+RtSQX5Dwlp9Dk5ifkjPrA/WyNgfhz21dxgWohIIfGg6gXTpqgoAPn0IXjykdj6QV0EkKST29TgzhsMVbbsam1j/2H2drt2zKU+PvF/L43CJw0OibRQ3fHM88Jp3ucC75VWQaBNGJyjCQ1lKeIc5tDGVYGv5Jg2XsOQIEpB7CLHvhgJkwG8GP8+1A== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY3PR18MB4785.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(346002)(39860400002)(136003)(396003)(376002)(451199015)(2906002)(53546011)(6506007)(9686003)(26005)(8936002)(478600001)(52536014)(5660300002)(86362001)(33656002)(6636002)(71200400001)(38070700005)(7696005)(41300700001)(38100700002)(122000001)(186003)(316002)(8676002)(110136005)(83380400001)(76116006)(66946007)(66476007)(4326008)(66446008)(64756008)(66556008)(55016003); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?vrigPi6h3Fsh/xiceWDK661GyQkp2gDMbC4oTL3pdtbkXtGep9dqCiOfxjyP?= =?us-ascii?Q?7Rj0slt4S3hDn50/nxdxL1838w9xgO5pjcp9LVy7BJiwKC0jiYi43hPDTMKO?= =?us-ascii?Q?HS6Zjj5Mpq4G/LC01vSxy1Fnus/QEDcdN1iM4FneuSzXjz2YCMbUOMF/6vxx?= =?us-ascii?Q?RJkYtezK0dl2rB1fbKN/j+doWJK6Zy4Ke9buHLRLM/AvlPTpEBIHmY0sEErV?= =?us-ascii?Q?pD5NKYmhA6xIdVjQwLE2XIo81CY4q1RIbSbFmu7bkJOo4Fj1LQp/+Dh6fLQ2?= =?us-ascii?Q?4GVmqnf+/n5Obu47zyPQ3fIeUWQbpZHr+KGQRn5JmoYjlJMNt/S+5BgtCQ5y?= =?us-ascii?Q?h3SeUIav65Vf/r3tXYZ7eSMsO19P6HyFaUEF6J5V5eVXo5z0DqqrG/buLzZO?= =?us-ascii?Q?0tv4vLv32PCLb++DQcS8n2NZMWSBPVnmiS3w2tCYBcK5lHGhdAzPgLpkTj5J?= =?us-ascii?Q?fgj8pESv9q/ZjjQ1m7/r6yMcIHETdc8W6hD5OPu9M5quR/TZP+2wPGwJjMhe?= =?us-ascii?Q?+vW7pntcocOw3xsIAnaU7QjQOQKZP/X58Ut/gQPQPm2pXXb63rQO7HKufxY2?= =?us-ascii?Q?rZZz/iG4XUDIC9BMC5MpKb6foToXh1MMTG/pFd3qSugGbXzDJhMKcioCpGao?= =?us-ascii?Q?6ERHymAtRHRQ+FRqX6FZVqOGsLtUX4yxgutvWiB0QIZGXjZ/hNMmZDir609t?= =?us-ascii?Q?BJlfNUKu5O29p4iUN/Gi5jBrOWwkhnmyxp18LJB0mT34s8FxGq9TFIHOAJ/g?= =?us-ascii?Q?Md4Mu5JK1lB9hlpZRCANrJYCYZxeJe0w76th4P/8pRvfQT3/CxRfNlt9Tr0D?= =?us-ascii?Q?iVa2UEy71D5nllOdw05HDY+ozgG2oMau3CFg8zby1H6Dg5wsWzp9hJg32yTP?= =?us-ascii?Q?eGCrsCYelZkPTuEPePko8t05BeNkkdu3uNgrzcG4lTV8rbc5h9yqnMdTz98g?= =?us-ascii?Q?u/8J7iluaaKh2koLrJemaxSP/jqsBJ9+4+RAUZbi40GGTHCT1Q3oCNzUUAXO?= =?us-ascii?Q?JJ/M8O/yDKrxTjk1XXnKCKTGKy+CO0LHA343WHo8acolisPmP3lvmvXMp3tl?= =?us-ascii?Q?aOKY0HxOapXDK8Tj2sifraM1ASYKmZAJTaNdsJIPTH0FOYTv5bafCAnAQIVf?= =?us-ascii?Q?ICA/X3dmeJ1ketriKDNHaTIU1qFg8UpGutRNJyWkLqTkmvJQVVP13dqdk7wA?= =?us-ascii?Q?d81Eyla4vnj6g8Ne7U42dKnnxyrtP1sZGww13fiiLBV6XXUvwSo0pU3LOD0Y?= =?us-ascii?Q?wKItpfkbWfJ3XN+w2CdozfCAsuRDcSMkqj70+EVWYBj7AycH1VzfFUu6Y8Bu?= =?us-ascii?Q?pydpc32Ct94B+TF2StJCshyv/zlj/9BYi3dom7bnRZQs3zDT/bNxMx+lSncj?= =?us-ascii?Q?Nfq0AsCSISMf0V1GjQ58ns06+Ouf9ARRTXE3fGy12J7KRdgAspmTVcIaF5o/?= =?us-ascii?Q?3pGAi6P51E9t8jy84Qft3zdph9qXYQD0PVcNwffKqbucLTQyGz9+vaYnlIXM?= =?us-ascii?Q?JS1D8CjuD/jks/1qIB6dYPaAiHaQwQbgVGStfVjiY4QfdlV69rYzuQu69YmP?= =?us-ascii?Q?Jd0hIs7ES4Q+A2bh1l8B95/OBFLAuTAeYuCi9VXa?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY3PR18MB4785.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9c53b8a1-f538-4f33-bfef-08da9adeefe9 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2022 08:05:52.4368 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TrsYgR0A81osp0utDGOP2QcyFKMHwr2ZlfuSaQJcHjSDZMCNEmfZo3PH36OmkUvY2Jql6FEA2vzrdRWoNmQ4gA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR18MB4340 X-Proofpoint-GUID: h3o87tGPiBE2jX0olFdnWnREbaP5RMO0 X-Proofpoint-ORIG-GUID: h3o87tGPiBE2jX0olFdnWnREbaP5RMO0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-20_02,2022-09-16_01,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > -----Original Message----- > From: Zhirun Yan > Sent: Thursday, August 4, 2022 11:33 AM > To: dev@dpdk.org; Jerin Jacob Kollanukkaran ; Kiran > Kumar Kokkilagadda > Cc: Zhirun Yan ; Cunming Liang > > Subject: [EXT] [PATCH v2] graph: fix out of bounds access when re-allocat= e > node objs >=20 > External Email >=20 > ---------------------------------------------------------------------- > For __rte_node_enqueue_prologue(), If the number of objs is more than the > node->size * 2, the extra objs will write out of bounds memory. > It should use __rte_node_stream_alloc_size() to request enough memory. >=20 > And for rte_node_next_stream_put(), it will re-allocate a small size, whe= n the > node free space is small and new objs is less than the current > node->size. Some objs pointers behind new size may be lost. And it will > cause memory leak. It should request enough size of memory, containing th= e > original objs and new objs at least. >=20 > Fixes: 40d4f51403ec ("graph: implement fastpath routines") >=20 > Signed-off-by: Zhirun Yan > Signed-off-by: Cunming Liang Acked-by: Jerin Jacob > --- > lib/graph/rte_graph_worker.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/lib/graph/rte_graph_worker.h b/lib/graph/rte_graph_worker.h = index > 0c0b9c095a..6dc7461659 100644 > --- a/lib/graph/rte_graph_worker.h > +++ b/lib/graph/rte_graph_worker.h > @@ -224,7 +224,7 @@ __rte_node_enqueue_prologue(struct rte_graph > *graph, struct rte_node *node, > __rte_node_enqueue_tail_update(graph, node); >=20 > if (unlikely(node->size < (idx + space))) > - __rte_node_stream_alloc(graph, node); > + __rte_node_stream_alloc_size(graph, node, node->size + > space); > } >=20 > /** > @@ -432,7 +432,7 @@ rte_node_next_stream_get(struct rte_graph *graph, > struct rte_node *node, > uint16_t free_space =3D node->size - idx; >=20 > if (unlikely(free_space < nb_objs)) > - __rte_node_stream_alloc_size(graph, node, nb_objs); > + __rte_node_stream_alloc_size(graph, node, node->size + > nb_objs); >=20 > return &node->objs[idx]; > } > -- > 2.25.1