From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id B087341E28;
	Tue, 14 Mar 2023 12:48:09 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 8BED740F18;
	Tue, 14 Mar 2023 12:48:09 +0100 (CET)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by mails.dpdk.org (Postfix) with ESMTP id D183340A7E
 for <dev@dpdk.org>; Tue, 14 Mar 2023 12:48:08 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1678794488;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=xserwGXugM8ery4BU4tIMfStbE0dPAKRLL2CMmLIg9c=;
 b=g47J3msYrXEzyjoZRDqebp8FW9wo3aM0tYGamEzTYbvU6wqzg8eIDXGao+x1rpFMjpGoAA
 9zlc4LIDvA3mejly8rNVrZeYXe69L98v2eOeT/evNoIYbxlHBHTZTcHCnrgT8lIagbT1rF
 IhweIlq5gJPgd+NxExObT43DRSU7H80=
Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com
 [209.85.214.198]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-91-ChZl7rDyOfyI6Y1Te6ds9Q-1; Tue, 14 Mar 2023 07:48:07 -0400
X-MC-Unique: ChZl7rDyOfyI6Y1Te6ds9Q-1
Received: by mail-pl1-f198.google.com with SMTP id
 a18-20020a170902ecd200b001a06dbe7d4cso548939plh.6
 for <dev@dpdk.org>; Tue, 14 Mar 2023 04:48:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1678794486;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=xserwGXugM8ery4BU4tIMfStbE0dPAKRLL2CMmLIg9c=;
 b=3/06UqlK0MzkNB8ChuVI6e3aGyFgUcmz6XSH66mMSlZK+gi6r1PFoHlAE4B5XUjqet
 88KXfa3IqmQGe1NJNFFUQjjYtqoCWjpZKexOPWulqwkMaPtMocpNWCGhrFwLVm1osfqt
 DG8q6Uc7LKiLCWPVt3GaAVH/uec2/qD4/ciQBDJwfT2H0Gym5nbRgQPBV29DShwKYbYw
 M86u13darOKfl/iOWTvF+MXUp8Lzev8b5Z1l9aCFdhijhWAJFENpfFyOamU6KBbFIraH
 Lr3yoDtDKrEh/B+IkX0zbN/tFfSFWj163M/FN/w1xw8ND6f0m29INUE8e6U6y1Yzce2i
 1dYg==
X-Gm-Message-State: AO0yUKXYj5AX3YeiK0v8Gmm6nVb5L0lLmkCDDlwqAGgkDk+l4Z1Osc+7
 qxeb47O4W6yyiwxxPVWZq8XYBbQpJOPMhSvmDRVdtWhgFkw0jkKCeoJ23NxCZFGc2Xjrm8Ruo80
 NACKuEXScjms3KsNzYA4=
X-Received: by 2002:a65:6156:0:b0:50b:189d:bfd with SMTP id
 o22-20020a656156000000b0050b189d0bfdmr2093329pgv.11.1678794486234; 
 Tue, 14 Mar 2023 04:48:06 -0700 (PDT)
X-Google-Smtp-Source: AK7set+2QHwuulaRqNXthWSELYhx/Ycp6u+2JBHbtIs/XaXeRKThb9frJJoCzD1tdcKtBnKWtz8XfBW7wyC2wa56/0M=
X-Received: by 2002:a65:6156:0:b0:50b:189d:bfd with SMTP id
 o22-20020a656156000000b0050b189d0bfdmr2093325pgv.11.1678794485903; Tue, 14
 Mar 2023 04:48:05 -0700 (PDT)
MIME-Version: 1.0
References: <1677782682-27200-1-git-send-email-roretzla@linux.microsoft.com>
 <1678750267-3829-1-git-send-email-roretzla@linux.microsoft.com>
In-Reply-To: <1678750267-3829-1-git-send-email-roretzla@linux.microsoft.com>
From: David Marchand <david.marchand@redhat.com>
Date: Tue, 14 Mar 2023 12:47:54 +0100
Message-ID: <CAJFAV8zWJ0vMMzxpQ00a9EzhZ_yJjtJFkYhmx1CKFCRScZS-Hw@mail.gmail.com>
Subject: Re: [PATCH v2 0/2] fix race in rte_thread_create failure path
To: Tyler Retzlaff <roretzla@linux.microsoft.com>
Cc: dev@dpdk.org, thomas@monjalon.net
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

On Tue, Mar 14, 2023 at 12:31=E2=80=AFAM Tyler Retzlaff
<roretzla@linux.microsoft.com> wrote:
>
> v2:
>   * new approach over v1 of the patch to avoid using pthread np API that
>     is not available on Alpine Linux.
>   * to conform to rte_thread_create parameter const qualification include
>     an additional patch to const qualify rte_thread_set_affinity cpusetp
>     parameter.
>
> Tyler Retzlaff (2):
>   eal: make cpusetp to rte thread set affinity const
>   eal: fix failure path race setting new thread affinity
>
>  lib/eal/common/eal_common_thread.c |  6 ++---
>  lib/eal/include/rte_thread.h       |  2 +-
>  lib/eal/unix/rte_thread.c          | 52 ++++++++++++++++++++++++++++++--=
------
>  3 files changed, 46 insertions(+), 14 deletions(-)

ASan flagged some use after free.
See logs https://github.com/ovsrobot/dpdk/suites/11537702259/artifacts/5970=
32673

24/90 DPDK:fast-tests / lcores_autotest       FAIL     1.72 s (exit status =
1)

--- command ---
00:24:14 DPDK_TEST=3D'lcores_autotest'
/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test
--file-prefix=3Dlcores_autotest
--- stdout ---
RTE>>lcores_autotest
--- stderr ---
EAL: Detected CPU lcores: 2
EAL: Detected NUMA nodes: 1
EAL: Detected shared linkage of DPDK
EAL: Multi-process socket /var/run/dpdk/lcores_autotest/mp_socket
EAL: Selected IOVA mode 'PA'
EAL: VFIO support initialized
APP: HPET is not enabled, using TSC as default timer
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D70246=3D=3DERROR: AddressSanitizer: heap-use-after-free on address
0x60300000d044 at pc 0x7f6c9c49e1cf bp 0x7ffdbf1b3670 sp
0x7ffdbf1b3668
READ of size 4 at 0x60300000d044 thread T0
    #0 0x7f6c9c49e1ce in rte_thread_create
/home/runner/work/dpdk/dpdk/build/../lib/eal/unix/rte_thread.c:196:3
    #1 0x957e16 in test_non_eal_lcores
/home/runner/work/dpdk/dpdk/build/../app/test/test_lcores.c:81:7
    #2 0x957e16 in test_lcores
/home/runner/work/dpdk/dpdk/build/../app/test/test_lcores.c:400:6
    #3 0x4dcbc0 in cmd_autotest_parsed
/home/runner/work/dpdk/dpdk/build/../app/test/commands.c:68:10
    #4 0x7f6c9c0d3a88 in __cmdline_parse
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:294:3
    #5 0x7f6c9c0d3a88 in cmdline_parse
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:302:9
    #6 0x7f6c9c0d0907 in cmdline_valid_buffer
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:24:8
    #7 0x7f6c9c0d91c4 in rdline_char_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_rdline.c:444:5
    #8 0x7f6c9c0d0cd8 in cmdline_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:146:9
    #9 0x510205 in main
/home/runner/work/dpdk/dpdk/build/../app/test/test.c:208:15
    #10 0x7f6c9a92d082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #11 0x432e4d in _start
(/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x432e4d)

0x60300000d044 is located 20 bytes inside of 32-byte region
[0x60300000d030,0x60300000d050)
freed by thread T6 here:
    #0 0x4acc3d in free
(/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x4acc3d)
    #1 0x7f6c9c49de64 in thread_func_wrapper
/home/runner/work/dpdk/dpdk/build/../lib/eal/unix/rte_thread.c:111:2
    #2 0x7f6c9ab28608 in start_thread
/build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8

previously allocated by thread T0 here:
    #0 0x4ad032 in calloc
(/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x4ad032)
    #1 0x7f6c9c49e021 in rte_thread_create
/home/runner/work/dpdk/dpdk/build/../lib/eal/unix/rte_thread.c:131:8
    #2 0x957e16 in test_non_eal_lcores
/home/runner/work/dpdk/dpdk/build/../app/test/test_lcores.c:81:7
    #3 0x957e16 in test_lcores
/home/runner/work/dpdk/dpdk/build/../app/test/test_lcores.c:400:6
    #4 0x4dcbc0 in cmd_autotest_parsed
/home/runner/work/dpdk/dpdk/build/../app/test/commands.c:68:10
    #5 0x7f6c9c0d3a88 in __cmdline_parse
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:294:3
    #6 0x7f6c9c0d3a88 in cmdline_parse
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:302:9
    #7 0x7f6c9c0d0907 in cmdline_valid_buffer
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:24:8
    #8 0x7f6c9c0d91c4 in rdline_char_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_rdline.c:444:5
    #9 0x7f6c9c0d0cd8 in cmdline_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:146:9
    #10 0x510205 in main
/home/runner/work/dpdk/dpdk/build/../app/test/test.c:208:15
    #11 0x7f6c9a92d082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16

Thread T6 created by T0 here:
    #0 0x4978ea in pthread_create
(/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x4978ea)
    #1 0x7f6c9c49e117 in rte_thread_create
/home/runner/work/dpdk/dpdk/build/../lib/eal/unix/rte_thread.c:187:8
    #2 0x957e16 in test_non_eal_lcores
/home/runner/work/dpdk/dpdk/build/../app/test/test_lcores.c:81:7
    #3 0x957e16 in test_lcores
/home/runner/work/dpdk/dpdk/build/../app/test/test_lcores.c:400:6
    #4 0x4dcbc0 in cmd_autotest_parsed
/home/runner/work/dpdk/dpdk/build/../app/test/commands.c:68:10
    #5 0x7f6c9c0d3a88 in __cmdline_parse
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:294:3
    #6 0x7f6c9c0d3a88 in cmdline_parse
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:302:9
    #7 0x7f6c9c0d0907 in cmdline_valid_buffer
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:24:8
    #8 0x7f6c9c0d91c4 in rdline_char_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_rdline.c:444:5
    #9 0x7f6c9c0d0cd8 in cmdline_in
/home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:146:9
    #10 0x510205 in main
/home/runner/work/dpdk/dpdk/build/../app/test/test.c:208:15
    #11 0x7f6c9a92d082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: heap-use-after-free
/home/runner/work/dpdk/dpdk/build/../lib/eal/unix/rte_thread.c:196:3
in rte_thread_create
Shadow bytes around the buggy address:
  0x0c067fff99b0: fa fa 00 00 01 fa fa fa 00 00 00 00 fa fa 00 00
  0x0c067fff99c0: 00 00 fa fa 00 00 00 fa fa fa 00 00 00 06 fa fa
  0x0c067fff99d0: fd fd fd fa fa fa fd fd fd fa fa fa 00 00 00 07
  0x0c067fff99e0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
  0x0c067fff99f0: fd fd fa fa 00 00 00 07 fa fa 00 00 01 fa fa fa
=3D>0x0c067fff9a00: 00 00 04 fa fa fa fd fd[fd]fd fa fa fa fa fa fa
  0x0c067fff9a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9a20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9a40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9a50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
=3D=3D70246=3D=3DABORTING
-------


--=20
David Marchand