From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F2696A0093; Wed, 9 Mar 2022 16:24:56 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7CB4E40687; Wed, 9 Mar 2022 16:24:56 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 57FE340395 for ; Wed, 9 Mar 2022 16:24:55 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 229BZNLC008443; Wed, 9 Mar 2022 07:24:53 -0800 Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2042.outbound.protection.outlook.com [104.47.66.42]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3epugbrwan-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Mar 2022 07:24:53 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hj0YEnSsLA8Io7SowOPnnEAg+MhcGSiM9x6k9xVxPJ4EqwOsvMEewkUkYw7NQh+4W/fx2oGfRWvGPTZgS/oYKkQzp5eRmIlUyqkWZys3ftgblBbhva6VTeLHzJjBh1wjTKyQlDB+ZeTmnpzbKafewPcMKJf/BUDBdtmAym8jKr3huldL3wZJaaZTrzv6CXuP7Nyx0mo5psy/U+a73phJQ0FBXSv35qHSqKyMVdPJY+ntUxdDxx3r+mF+YL7mBh/yFtY514e5W4lGUqtw8fqkrmecxi1V4bynqZ4LT8lkvG7qKMiK5Ltx9JZgpKtXTGxRYHKvUqG1xYHXDBV5XeoD8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v4U5KrldLYlylUsNr16DOlfIpVObSNHM0VujCKZlFwo=; b=bS8y8ar9BEm3Tz/SwhE+QQVytMNQTdEJf2lADmw2aKfXkzKTPIhRwYU7TQes6zAB4LCi1hORsxWdbCxoktAqqyJrNBA3MBkEhuBdpojTZFDHQhPrhkSwf6Tz2MpCH/Rgb6rFs0TkA9rVMUaKx3CoE2R9rddJvD5rQDUUQ5wnB0cYyOwWLrr9wNk0yY9JdurAdLPmTVgkjUVKBHeATawGeX3hzyIsdS1LhsELuxbVFovW0U9TuFUtAVTO9ztW6R9byuuXIB/Btvqtk1n3NXvdHYtBSQ1ZMZnKUycvMgOh9SY6wGZCcQ7xWcaRNXCPySzR9jbmj2Z/7FmsN5gOksDUeg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v4U5KrldLYlylUsNr16DOlfIpVObSNHM0VujCKZlFwo=; b=oxyxZbVlQ/ieUNwW60khlm5YJWGznHg3ByzBNaIP/AShnRIbwo61tqcGM5Qzc0Olw+VeaUE32+WPb5xM/ZGO/E+wbRHINCtm77Zj742xukl09Iy0/dXnGOAq0T5q51aXAxCvXt1v+C4KWErSgf8jBIrwtJJxGVkBavJz1ftVpWE= Received: from CO6PR18MB3844.namprd18.prod.outlook.com (2603:10b6:5:340::7) by PH0PR18MB4797.namprd18.prod.outlook.com (2603:10b6:510:c5::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.17; Wed, 9 Mar 2022 15:24:25 +0000 Received: from CO6PR18MB3844.namprd18.prod.outlook.com ([fe80::413a:be4:ae2a:2193]) by CO6PR18MB3844.namprd18.prod.outlook.com ([fe80::413a:be4:ae2a:2193%9]) with mapi id 15.20.5038.027; Wed, 9 Mar 2022 15:24:25 +0000 From: Rahul Bhansali To: Thomas Monjalon CC: "dev@dpdk.org" , "david.marchand@redhat.com" , Conor Walsh Subject: RE: [EXT] Re: [PATCH] examples/l3fwd: resolve stack buffer overflow issue Thread-Topic: [EXT] Re: [PATCH] examples/l3fwd: resolve stack buffer overflow issue Thread-Index: AQHYBunK2hiyHbi6wUGnDXDzE8GoyKy1r1IAgAF+/YA= Date: Wed, 9 Mar 2022 15:24:25 +0000 Message-ID: References: <20220111125005.554635-1-rbhansali@marvell.com> <4698000.9Mp67QZiUf@thomas> In-Reply-To: <4698000.9Mp67QZiUf@thomas> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a52ac2b0-8803-470f-af7a-08da01e0e4ff x-ms-traffictypediagnostic: PH0PR18MB4797:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: qGfUg37BW35SbZkOU/OVAsdYj5H8eOmKNEX3tnvLelYh+Yg1zhf7RvtzDHNB7MnOzL6WxdXMqre4XR+KHaCU035NrngH6OLUb3a0Iv3otAkrca6F0tmpZPx96pFlsNc3MuuxhS9s7Ywj3LfTm4HbJjxYQpitCRy+21OzyG50m4ewPgXV08FwR7Oy1kxqekutlJjpGh9B/ztmpQLxlYcXx+MRp2Yea4ytLsQfx//CiiBqzaOsP5/0Id4Zku1fg2oIleNkPEc9zZXC9DWTNqz2TpCjHfnY6GDIGyI6l/cLeAEc7pSXg0+xux1j0vJCn66iN/Nk1G/2vx/55nc+F/0HHziefvyDNBsCoSK9e73+IIcA+HQ6X6B6kBpA000/qlZ7VhQskPZVxbhHmpa1lDAnTuWd9vI005TK2RxD7FaUKF5Jlie2r4xObEeD2trim0VbZrikSVNIPcBncAeoacFJVenC0OlBxZKjTC6oWNrPmzB4xk8sWtkFV5qbMQt5VvntZCkvFV6T1/KG6ZsCE7r61Fdaoxg8bWyPqXZHDJNXh/AqO7r08d0VeNLxP0sWWeefAEBjF/6pEd2Wj48vHnBf1cWS5w1gDhDqqCU9xBjtFzcePqx1Ilkj3E5g3GpZAbwRWBRhIYmm8XGYwAC2Azs3CIfVvIjO3ZRkiav00jpbO2pfTjQ5LyKbA8WlqFyvXgl7103jNZA3eDHEAtpHftSW5nYPkA8v8FPe2wUKsrMgwKkryYGPeDMlHFBYq7JKlD7N31k4C+ns9o1PT+D71N/VFSTwIaw/ZqZC9sMge8mWl4A= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR18MB3844.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(52536014)(8676002)(966005)(316002)(71200400001)(122000001)(33656002)(66946007)(86362001)(66476007)(64756008)(66446008)(66556008)(186003)(26005)(8936002)(9686003)(76116006)(5660300002)(508600001)(55016003)(4326008)(7696005)(55236004)(6506007)(38100700002)(38070700005)(54906003)(6916009)(83380400001)(53546011)(2906002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?/d51uVQNYwYqoFZSXe4Tl/3omC0OMNCVdOIFJyohF8K647bCDBGzPfDioz6n?= =?us-ascii?Q?gWCQoDTSZAMb2+YNd08CIMFKUDa9MSL45PZMnOk785e6hYeej/LsmmXTGDH5?= =?us-ascii?Q?zMcKp62i9wfNIVdDJJJMzg9M5ex16d36xC00BfqDGZH93JOpPqG5yydjeXiS?= =?us-ascii?Q?g6snFKSqPhECl7nKk/6uuq+ncUJB6UXGlzV33qZH4zeJuHFAU8LJ+NOFGej+?= =?us-ascii?Q?b/MqQMuVPJZ8h1r4St6cW9a+ZOhfDIR6z4OxW+FT+MT+y7FMvXDwlP/2xazb?= =?us-ascii?Q?SXe82Ah9ORQYj6zoukyRWvXFd/7OZPyZwK2nkVRaWRw/Kl/+h3+JieYZJvqH?= =?us-ascii?Q?xrR7WjssoKJoG5ln7dVAPYi0VMLtv3VrVib1D0bBF55CCDudj0LU9POODj97?= =?us-ascii?Q?tX/Y1kuA72PmkpNW64qca/fqzuOuD3CYE42O/2JwZxtCsN4s/b9vMR5MZ2qm?= =?us-ascii?Q?dbfLppPEJJDcqVenBtrmatMzh5vRFi2d//H6AQ9AWphz7vev4t+0EUw/MoTN?= =?us-ascii?Q?FT6aFiRwdDu9f2hyz/GHVDFfhVS2FGCYEwWapHvaN+QYMgwL4dGZ4hP8xe6G?= =?us-ascii?Q?mUb8SWXE7gpv0mXiE5JEAjiCojIvDj28Ae3nspVYEMVItKyhkcMqPsrS3mbN?= =?us-ascii?Q?d71uvoWEEoJKQQjFzszUm5IcGqGFKN18qNph2B9K+tgV7Q46zXawKUQwdky0?= =?us-ascii?Q?yyoAw5sdqNmX9DSCCNlh4fNL8qy7KntJ1lRqZDnsh8A/EJZvtd1IlwIqzSl4?= =?us-ascii?Q?TLlogMrFexSG4sIBpMam/I0A3cgJ08XuVIFTJUlfU21Lzcj0Z4yTD3Zt+nLD?= =?us-ascii?Q?z1iDjTLSeAYypf5UXyTx5QRDlGqn1sTxVuHvtBNPS4gV0nibvzOvTUxCmuru?= =?us-ascii?Q?Spd/Qpg7j3iEx1vene3a0j3d/WfRSX9MEz9hCqn+my+en9DR6uQ46PsHU9rL?= =?us-ascii?Q?5gcGG+Wz7Gg7Hoo0B71g9mohGePXDheKGagcwXwW0lkaeDB0FQUtfESJ0Gs9?= =?us-ascii?Q?bPcdvNSDUQrK44hTCUOO3yMhCVd+kgvFAtEBSnTvRisDCaQzbAIrY+CYz1xy?= =?us-ascii?Q?JFSL5imnXLn9i/AnztT4qj8V5Ju2etmrE/Ms0iyDSqXWN02QoPgU1URiuiJs?= =?us-ascii?Q?kvgRFN6Xi7c1mkEpCWnjGcwuc4xvxKL1kFd5LY0LDBDnyP+zkx5xIsEyZ+t8?= =?us-ascii?Q?mbhaJLmvzVFJVlxKP6A4LVTWEwL3jUBB8j9jzgmcsvi4efrvEOb7hCPDEAjO?= =?us-ascii?Q?pzoj+f/tjhp9gTYGnunLZwREmsG1MW8pCifyOHKaZdu+utHA8wlDymml3K09?= =?us-ascii?Q?eKg8RaBTTAV3GeWyCOr4VcWguIa3Pk7UxPVJWEYHmhTCOAokXUBH+tJbvyrk?= =?us-ascii?Q?2jMNx7Z+SOpDwA72fXNPjfzrs/FaKgplVEwliJDZeZAeTn4ejY75lMIB0voC?= =?us-ascii?Q?Em3KUTL/aDgM06ddT2TSsDyafcDELBmcsBavR4FmuY6501QkeCfFcmaaLLma?= =?us-ascii?Q?a0OI206e4Kb06dO8KxrHPR6EC/itwnxe8VycWk4pzscMGDlNkwsbh6jOfXKe?= =?us-ascii?Q?z1sAbbNSdanTJilepN1541jxKlV4cItUG0BtFnV3zeh1RmPj+PayqeoPGbgf?= =?us-ascii?Q?vQfZit1cK3JFdrP8gtIuwPA=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO6PR18MB3844.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a52ac2b0-8803-470f-af7a-08da01e0e4ff X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2022 15:24:25.1516 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Sqyywe8WqUaVWGrKBMRFovDVwpniYAeZJ1UTD60NQGgmkRUCvT2PS0Wap9XONP9/Efb3OmgLXGg8eXpoAXi8mQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR18MB4797 X-Proofpoint-ORIG-GUID: dd7EXSJNftICeBaxfacTkoDjPbDfk44Z X-Proofpoint-GUID: dd7EXSJNftICeBaxfacTkoDjPbDfk44Z X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-09_06,2022-03-09_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hi Thomas, > -----Original Message----- > From: Thomas Monjalon > Sent: Tuesday, March 8, 2022 4:51 PM > To: Rahul Bhansali > Cc: dev@dpdk.org; david.marchand@redhat.com; Conor Walsh > > Subject: [EXT] Re: [PATCH] examples/l3fwd: resolve stack buffer overflow = issue >=20 > External Email >=20 > ---------------------------------------------------------------------- > 11/01/2022 13:50, Rahul Bhansali: > > This patch fixes the stack buffer overflow error reported from > > AddressSanitizer. > > Function send_packetsx4() tries to access out of bound data from > > rte_mbuf and fill it into TX buffer even in the case where no pending > > packets (len =3D 0). > > Performance impact:- No > > > > ASAN error report:- > > =3D=3D819=3D=3DERROR: AddressSanitizer: stack-buffer-overflow on addres= s > > 0xffffe2c0dcf0 at pc 0x0000005e791c bp 0xffffe2c0d7e0 sp > > 0xffffe2c0d800 READ of size 8 at 0xffffe2c0dcf0 thread T0 > > #0 0x5e7918 in send_packetsx4 ../examples/l3fwd/l3fwd_common.h:251 > > #1 0x5e7918 in send_packets_multi ../examples/l3fwd/l3fwd_neon.h:226 >=20 > This code comes from below commit, so these tags are missing: > Fixes: 96ff445371e0 ("examples/l3fwd: reorganise and optimize LPM code > path") > Cc: stable@dpdk.org >=20 > > Signed-off-by: Rahul Bhansali > > --- > > examples/l3fwd/l3fwd_common.h | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/examples/l3fwd/l3fwd_common.h > > b/examples/l3fwd/l3fwd_common.h index 7d83ff641a..de77711f88 100644 > > --- a/examples/l3fwd/l3fwd_common.h > > +++ b/examples/l3fwd/l3fwd_common.h > > @@ -236,6 +236,9 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t > > port, struct rte_mbuf *m[], > > > > /* copy rest of the packets into the TX buffer. */ > > len =3D num - n; > > + if (len =3D=3D 0) > > + goto exit; > > + >=20 > I don't understand how it can fix something. > There is already "while (j < len)" with j and len being 0, the loop shou= ld not be > effective in this case. This Switch will execute Case statement first even before considering the w= hile condition or anything else before case statement. While condition will= be executed only after all switch cases are executed. Hence in case of len =3D 0 and n > 28, it is throwing stack buffer overflow= error. Below is sample code to simulate the while loop behavior inside switch. Che= cked it for both x86 and arm64. https://godbolt.org/z/4Kecqbsde=20 >=20 > > j =3D 0; > > switch (len % FWDSTEP) { > > while (j < len) { > > @@ -258,6 +261,7 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t > port, struct rte_mbuf *m[], > > } > > } > > > > +exit: > > qconf->tx_mbufs[port].len =3D len; > > } >=20 >=20