From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CB46241CBA; Fri, 17 Feb 2023 07:58:00 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 82C0340EE1; Fri, 17 Feb 2023 07:58:00 +0100 (CET) Received: from inbox.dpdk.org (inbox.dpdk.org [95.142.172.178]) by mails.dpdk.org (Postfix) with ESMTP id F3A2040A8B for ; Fri, 17 Feb 2023 07:57:58 +0100 (CET) Received: by inbox.dpdk.org (Postfix, from userid 33) id E521041CBB; Fri, 17 Feb 2023 07:57:58 +0100 (CET) From: bugzilla@dpdk.org To: dev@dpdk.org Subject: [Bug 1162] [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error. Date: Fri, 17 Feb 2023 06:57:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: DPDK X-Bugzilla-Component: ethdev X-Bugzilla-Version: 23.03 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: weiyuanx.li@intel.com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: dev@dpdk.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: multipart/alternative; boundary=16766170780.19dBF88f.3444592 Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org --16766170780.19dBF88f.3444592 Date: Fri, 17 Feb 2023 07:57:58 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All https://bugs.dpdk.org/show_bug.cgi?id=3D1162 Bug ID: 1162 Summary: [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error. Product: DPDK Version: 23.03 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: Normal Component: ethdev Assignee: dev@dpdk.org Reporter: weiyuanx.li@intel.com Target Milestone: --- [Environment] DPDK version: Use make showversion or for a non-released version: git remot= e -v && git show-ref --heads dpdk22.03 8a3ef4b89e6dd0247355fdf3a77ff7ec1db28d8d Other software versions: name/version for QEMU, OVS, etc. Repeat as require= d. OS: Ubuntu 22.04.1 LTS (Jammy Jellyfish)/5.15.0-57-generic Compiler: gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0 Hardware platform: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz NIC hardware: Ethernet Controller XXV710 for 25GbE SFP28 158b. NIC firmware:=20 driver: i40e version: 5.15.0-57-generic firmware-version: 9.10 0x8000d02b 1.3179.0 [Test Setup] Steps to reproduce 1. Use the following command to build DPDK:=20 CC=3Dclang meson -Denable_kmods=3DTrue -Dlibdir=3Dlib --default-library=3D= static -Dbuildtype=3Ddebug -Db_lundef=3Dfalse -Db_sanitize=3Daddress x86_64-native-linuxapp-clang ninja -C x86_64-native-linuxapp-clang/ -j 70 2. Execute the following command in the dpdk directory.=20=20 x86_64-native-linuxapp-clang/app/dpdk-fuzz [Show the output from the previous commands] ~/dpdk# x86_64-native-linuxapp-clang/app/dpdk-fuzz /tmp/fuzz_seed/hash_seed= / -- -ignore_remaining_args=3D1 -l 1 -n 4 --no-pci =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D483867=3D=3DERROR: AddressSanitizer: global-buffer-overflow on address 0x55daec41adb8 at pc 0x55dadb105100 bp 0x7ffc03906630 sp 0x7ffc03906628 READ of size 8 at 0x55daec41adb8 thread T0 #0 0x55dadb1050ff in rte_eth_trace_find_next_of /root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1 #1 0x55dadb2e9d26 in __rte_trace_point_register /root/dpdk/x86_64-native-linuxapp-clang/../lib/eal/common/eal_common_trace.= c:477:2 #2 0x55dadb104fed in rte_eth_trace_find_next_of_init /root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace_points.c= :52:1 #3 0x7f2f75a3deba in call_init csu/../csu/libc-start.c:145:3 #4 0x7f2f75a3deba in __libc_start_main csu/../csu/libc-start.c:379:5 #5 0x55dada308b84 in _start (/root/dpdk/x86_64-native-linuxapp-clang/app/dpdk-fuzz+0x872b84) (BuildId: 5671e4355ef645c73952e41f5b7b4c1f86ae12bc) 0x55daec41adb8 is located 40 bytes to the left of global variable '__rte_eth_trace_find_next_sibling_name' defined in '../lib/ethdev/ethdev_trace_points.c:55:1' (0x55daec41ade0) of size 29 '__rte_eth_trace_find_next_sibling_name' is ascii string 'lib.ethdev.find_next_sibling' 0x55daec41adb8 is located 0 bytes to the right of global variable '__rte_eth_trace_find_next_of_name' defined in '../lib/ethdev/ethdev_trace_points.c:52:1' (0x55daec41ada0) of size 24 '__rte_eth_trace_find_next_of_name' is ascii string 'lib.ethdev.find_next= _of' SUMMARY: AddressSanitizer: global-buffer-overflow /root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1 = in rte_eth_trace_find_next_of Shadow bytes around the buggy address: 0x0abbdd87b560: 00 00 01 f9 f9 f9 f9 f9 00 00 f9 f9 00 00 01 f9 0x0abbdd87b570: f9 f9 f9 f9 00 00 04 f9 f9 f9 f9 f9 00 00 04 f9 0x0abbdd87b580: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 00 00 00 05 0x0abbdd87b590: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 01 0x0abbdd87b5a0: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 00 05 f9 =3D>0x0abbdd87b5b0: f9 f9 f9 f9 00 00 00[f9]f9 f9 f9 f9 00 00 00 05 0x0abbdd87b5c0: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 06 0x0abbdd87b5d0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9 0x0abbdd87b5e0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 00 f9 0x0abbdd87b5f0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9 0x0abbdd87b600: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 07 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb =3D=3D483867=3D=3DABORTING [Expected Result] Launch dpdk-fuzz successfully. [Regression] Is this issue a regression: (Y/N) Y ~/dpdk# git bisect good 6679cf21d6083710bef2e5a4e4a7b42eee5be3aa is the first bad commit commit 6679cf21d6083710bef2e5a4e4a7b42eee5be3aa Author: Ankur Dwivedi Date: Wed Feb 8 22:42:11 2023 +0530 ethdev: add trace points Adds trace points for ethdev functions. The rte_ethdev_trace.h is removed. The file ethdev_trace.h is added as an internal header. ethdev_trace.h contains internal slow path and fast path tracepoints. The public fast path tracepoints are present in rte_ethdev_trace_fp.h header. Signed-off-by: Ankur Dwivedi Acked-by: Sunil Kumar Kori Reviewed-by: Ferruh Yigit lib/ethdev/ethdev_private.c | 7 + lib/ethdev/ethdev_trace.h | 1512 ++++++++++++++++++++++++++++++++++= ++++ lib/ethdev/ethdev_trace_points.c | 447 ++++++++++- lib/ethdev/meson.build | 2 +- lib/ethdev/rte_ethdev.c | 872 ++++++++++++++++++---- lib/ethdev/rte_ethdev_cman.c | 29 +- lib/ethdev/rte_ethdev_trace.h | 95 --- lib/ethdev/rte_ethdev_trace_fp.h | 36 + 8 files changed, 2761 insertions(+), 239 deletions(-) create mode 100644 lib/ethdev/ethdev_trace.h delete mode 100644 lib/ethdev/rte_ethdev_trace.h --=20 You are receiving this mail because: You are the assignee for the bug.= --16766170780.19dBF88f.3444592 Date: Fri, 17 Feb 2023 07:57:58 +0100 MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All
Bug ID 1162
Summary [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as glo= bal-buffer-overflow error.
Product DPDK
Version 23.03
Hardware All
OS All
Status UNCONFIRMED
Severity normal
Priority Normal
Component ethdev
Assignee dev@dpdk.org
Reporter weiyuanx.li@intel.com
Target Milestone --- 

[Environment]

DPDK version: Use make showversion or for a non-released version: git remot=
e -v
&& git show-ref --heads
dpdk22.03 8a3ef4b89e6dd0247355fdf3a77ff7ec1db28d8d
Other software versions: name/version for QEMU, OVS, etc. Repeat as require=
d.
OS: Ubuntu 22.04.1 LTS (Jammy Jellyfish)/5.15.0-57-generic
Compiler: gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0

Hardware platform: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
NIC hardware: Ethernet Controller XXV710 for 25GbE SFP28 158b.
NIC firmware:=20
driver: i40e
version: 5.15.0-57-generic
firmware-version:  9.10 0x8000d02b 1.3179.0

[Test Setup]
Steps to reproduce
1. Use the following command to build DPDK:=20
CC=3Dclang meson -Denable_kmods=3DTrue -Dlibdir=3Dlib  --default-library=3D=
static
-Dbuildtype=3Ddebug -Db_lundef=3Dfalse -Db_sanitize=3Daddress
x86_64-native-linuxapp-clang
ninja -C x86_64-native-linuxapp-clang/ -j 70

2. Execute the following command in the dpdk directory.=20=20
x86_64-native-linuxapp-clang/app/dpdk-fuzz

[Show the output from the previous commands]
~/dpdk# x86_64-native-linuxapp-clang/app/dpdk-fuzz /tmp/fuzz_seed/hash_seed=
/ --
-ignore_remaining_args=3D1 -l 1 -n 4 --no-pci
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D483867=3D=3DERROR: AddressSanitizer: global-buffer-overflow on address
0x55daec41adb8 at pc 0x55dadb105100 bp 0x7ffc03906630 sp 0x7ffc03906628
READ of size 8 at 0x55daec41adb8 thread T0
    #0 0x55dadb1050ff in rte_eth_trace_find_next_of
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1
    #1 0x55dadb2e9d26 in __rte_trace_point_register
/root/dpdk/x86_64-native-linuxapp-clang/../lib/eal/common/eal_common_trace.=
c:477:2
    #2 0x55dadb104fed in rte_eth_trace_find_next_of_init
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace_points.c=
:52:1
    #3 0x7f2f75a3deba in call_init csu/../csu/libc-start.c:145:3
    #4 0x7f2f75a3deba in __libc_start_main csu/../csu/libc-start.c:379:5
    #5 0x55dada308b84 in _start
(/root/dpdk/x86_64-native-linuxapp-clang/app/dpdk-fuzz+0x872b84) (BuildId:
5671e4355ef645c73952e41f5b7b4c1f86ae12bc)

0x55daec41adb8 is located 40 bytes to the left of global variable
'__rte_eth_trace_find_next_sibling_name' defined in
'../lib/ethdev/ethdev_trace_points.c:55:1' (0x55daec41ade0) of size 29
  '__rte_eth_trace_find_next_sibling_name' is ascii string
'lib.ethdev.find_next_sibling'
0x55daec41adb8 is located 0 bytes to the right of global variable
'__rte_eth_trace_find_next_of_name' defined in
'../lib/ethdev/ethdev_trace_points.c:52:1' (0x55daec41ada0) of size 24
  '__rte_eth_trace_find_next_of_name' is ascii string 'lib.ethdev.find_next=
_of'
SUMMARY: AddressSanitizer: global-buffer-overflow
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1 =
in
rte_eth_trace_find_next_of
Shadow bytes around the buggy address:
  0x0abbdd87b560: 00 00 01 f9 f9 f9 f9 f9 00 00 f9 f9 00 00 01 f9
  0x0abbdd87b570: f9 f9 f9 f9 00 00 04 f9 f9 f9 f9 f9 00 00 04 f9
  0x0abbdd87b580: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 00 00 00 05
  0x0abbdd87b590: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 01
  0x0abbdd87b5a0: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 00 05 f9
=3D>0x0abbdd87b5b0: f9 f9 f9 f9 00 00 00[f9]f9 f9 f9 f9 00 00 00 05
  0x0abbdd87b5c0: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 06
  0x0abbdd87b5d0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9
  0x0abbdd87b5e0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 00 f9
  0x0abbdd87b5f0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9
  0x0abbdd87b600: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 07 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
=3D=3D483867=3D=3DABORTING

[Expected Result]
Launch dpdk-fuzz successfully.

[Regression]
Is this issue a regression: (Y/N) Y
~/dpdk# git bisect good
6679cf21d6083710bef2e5a4e4a7b42eee5be3aa is the first bad commit
commit 6679cf21d6083710bef2e5a4e4a7b42eee5be3aa
Author: Ankur Dwivedi <adwiv=
edi@marvell.com>
Date:   Wed Feb 8 22:42:11 2023 +0530

    ethdev: add trace points

    Adds trace points for ethdev functions.

    The rte_ethdev_trace.h is removed. The file ethdev_trace.h is added as
    an internal header. ethdev_trace.h contains internal slow path and
    fast path tracepoints. The public fast path tracepoints are present in
    rte_ethdev_trace_fp.h header.

    Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
    Acked-by: Sunil Kumar Kori <skori@marvell.com>
    Reviewed-by: Ferruh Yigit <ferruh.yigit@amd.com>

 lib/ethdev/ethdev_private.c      |    7 +
 lib/ethdev/ethdev_trace.h        | 1512 ++++++++++++++++++++++++++++++++++=
++++
 lib/ethdev/ethdev_trace_points.c |  447 ++++++++++-
 lib/ethdev/meson.build           |    2 +-
 lib/ethdev/rte_ethdev.c          |  872 ++++++++++++++++++----
 lib/ethdev/rte_ethdev_cman.c     |   29 +-
 lib/ethdev/rte_ethdev_trace.h    |   95 ---
 lib/ethdev/rte_ethdev_trace_fp.h |   36 +
 8 files changed, 2761 insertions(+), 239 deletions(-)
 create mode 100644 lib/ethdev/ethdev_trace.h
 delete mode 100644 lib/ethdev/rte_ethdev_trace.h

You are receiving this mail because:
  • You are the assignee for the bug.
=20=20=20=20=20=20=20=20=20=20
= --16766170780.19dBF88f.3444592--