From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E839AA0C4C for ; Thu, 14 Oct 2021 19:58:49 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D71F741103; Thu, 14 Oct 2021 19:58:49 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mails.dpdk.org (Postfix) with ESMTP id DBF854003C; Thu, 14 Oct 2021 19:58:46 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10137"; a="225213374" X-IronPort-AV: E=Sophos;i="5.85,373,1624345200"; d="scan'208";a="225213374" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Oct 2021 10:48:24 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,373,1624345200"; d="scan'208";a="442926777" Received: from silpixa00400072.ir.intel.com ([10.237.222.213]) by orsmga003.jf.intel.com with ESMTP; 14 Oct 2021 10:48:21 -0700 From: Vladimir Medvedkin To: dev@dpdk.org Cc: yipeng1.wang@intel.com, sameh.gobriel@intel.com, bruce.richardson@intel.com, david.marchand@redhat.com, stable@dpdk.org Date: Thu, 14 Oct 2021 18:48:19 +0100 Message-Id: <1634233699-197151-1-git-send-email-vladimir.medvedkin@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1634153265-193315-1-git-send-email-vladimir.medvedkin@intel.com> References: <1634153265-193315-1-git-send-email-vladimir.medvedkin@intel.com> Subject: [dpdk-stable] [PATCH v3] test/hash: fix buffer overflow X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" This patch fixes buffer overflow reported by ASAN, please reference https://bugs.dpdk.org/show_bug.cgi?id=818 Some tests for the rte_hash table use the rte_jhash_32b() as the hash function. This hash function interprets the length argument in units of 4 bytes. This patch adds a wrapper function around rte_jhash_32b() to reflect API differences regarding the length argument, effectively dividing it by 4. For some tests rte_jhash() is used with keys of length not a multiple of 4 bytes. From the rte_jhash() documentation: If input key is not aligned to four byte boundaries or a multiple of four bytes in length, the memory region just after may be read (but not used in the computation). This patch increases the size of the proto field of the flow_key struct up to uint32_t. Bugzilla ID: 818 Fixes: af75078fece3 ("first public release") Cc: stable@dpdk.org Signed-off-by: Vladimir Medvedkin --- app/test/test_hash.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/app/test/test_hash.c b/app/test/test_hash.c index bd4d0cb..9daf99d 100644 --- a/app/test/test_hash.c +++ b/app/test/test_hash.c @@ -74,13 +74,17 @@ static uint32_t hashtest_key_lens[] = {0, 2, 4, 5, 6, 7, 8, 10, 11, 15, 16, 21, } \ } while (0) -/* 5-tuple key type */ +/* + * 5-tuple key type. + * Should be packed to avoid holes with potentially + * undefined content in the middle. + */ struct flow_key { uint32_t ip_src; uint32_t ip_dst; uint16_t port_src; uint16_t port_dst; - uint8_t proto; + uint32_t proto; } __rte_packed; /* @@ -1607,6 +1611,17 @@ static struct rte_hash_parameters hash_params_ex = { }; /* + * Wrapper function around rte_jhash_32b. + * It is required because rte_jhash_32b() accepts the length + * as size of 4-byte units. + */ +static inline uint32_t +test_jhash_32b(const void *k, uint32_t length, uint32_t initval) +{ + return rte_jhash_32b(k, length >> 2, initval); +} + +/* * add/delete key with jhash2 */ static int @@ -1618,7 +1633,7 @@ test_hash_add_delete_jhash2(void) hash_params_ex.name = "hash_test_jhash2"; hash_params_ex.key_len = 4; - hash_params_ex.hash_func = (rte_hash_function)rte_jhash_32b; + hash_params_ex.hash_func = (rte_hash_function)test_jhash_32b; handle = rte_hash_create(&hash_params_ex); if (handle == NULL) { @@ -1657,7 +1672,7 @@ test_hash_add_delete_2_jhash2(void) hash_params_ex.name = "hash_test_2_jhash2"; hash_params_ex.key_len = 8; - hash_params_ex.hash_func = (rte_hash_function)rte_jhash_32b; + hash_params_ex.hash_func = (rte_hash_function)test_jhash_32b; handle = rte_hash_create(&hash_params_ex); if (handle == NULL) @@ -2180,6 +2195,8 @@ test_hash_rcu_qsbr_sync_mode(uint8_t ext_bkt) static int test_hash(void) { + RTE_BUILD_BUG_ON(sizeof(struct flow_key) % sizeof(uint32_t) != 0); + if (test_add_delete() < 0) return -1; if (test_hash_add_delete_jhash2() < 0) -- 2.7.4