From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AC95AA0C41 for ; Tue, 30 Nov 2021 17:41:44 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A6A99410F7; Tue, 30 Nov 2021 17:41:44 +0100 (CET) Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by mails.dpdk.org (Postfix) with ESMTP id 0E4C3411B8 for ; Tue, 30 Nov 2021 17:41:44 +0100 (CET) Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id DBEA84000F for ; Tue, 30 Nov 2021 16:41:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1638290503; bh=zD7lcDW2euv7NyUldPzfv6mkHiX8Gl6jSVjnoPDlcTw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UpwuSreajhtzpsCoIznj2DO3lfKhsAaDttDBVilbpbzgj0SiHDGtvIMp3ZZCSXUJC 7EF+da4DloTCcxNxHc52PT0T+eeZqLK30Lud+m2c+YNMag7dqBvxYI5wMoVbBSz9Sj 2mfwRUFOFt+uf6F9tOtXQsNuZkV33SgTaz6Bdt6HEV6KIDHdOAZ+/x+mgcwvBVpBOA 862XxZYvqaZCi2zBXVukebAht0hCzRkL42Pefbr9bNKGXXc7fCrZZxWUAURZqPyKxR MFVbtkaJlL2D1zeFD75dO+pGuGv5cppNwDKvO9aBuSITHE+1QRq5XDXr8Rk/aCcCbG DXve2Qzqanz2w== Received: by mail-ed1-f72.google.com with SMTP id eg20-20020a056402289400b003eb56fcf6easo17388786edb.20 for ; Tue, 30 Nov 2021 08:41:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zD7lcDW2euv7NyUldPzfv6mkHiX8Gl6jSVjnoPDlcTw=; b=Md3KW/apyprFSNLZi09dR7oIYQipOjvY1AdmwJBN/TCok8bgaCMFbkt9MlQVmzTd8n Gdnw/wxL8VapTH8UK6NX0nqqy4Yx3W1WSDybkN/9oMHnEbNWrcRjS8ss6tkehoNAUv95 iZ+oMTsNi58u8ZWhBvF6iBvKb8LuqVJP+SlQonx7CBYe7eeZjIXcw2tosB1e5naYLFMV ImvI7ErWYvrHCtqk/H064Wv6YlFWmHdbCR11drb6gIoqbjgA0G3zS9DT9CMjQNkcdlxF GCR8YiXf4n7RE2EdaebzAICv9ZxUmclWJM1HpxRwtHhHFZDb5CjHyZ/vj9X7AZih3rCA JKXA== X-Gm-Message-State: AOAM530zCx5T3mH8zd3xrFRLxBBeQ5/jqplqTEG45r2LM6NPwGW6X1ci Qt0D6uEM5KNRH4kCR7fvhgw+vTUvU/cptu35ma/sbHnqcSLIStZxJCeYv7KKl7KX5XMAUrpCrzz AROG18ly33IjunMqRKmDfDCAQ X-Received: by 2002:a17:907:20e8:: with SMTP id rh8mr169528ejb.437.1638290503371; Tue, 30 Nov 2021 08:41:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJwaBdtODNwT/UoZlx8bA1klyvrDJzPgBhTT7WB3kBd1ywLA4Un66v8twnH9JqbofASO08c+gg== X-Received: by 2002:a17:907:20e8:: with SMTP id rh8mr169509ejb.437.1638290503183; Tue, 30 Nov 2021 08:41:43 -0800 (PST) Received: from localhost.localdomain ([2001:67c:1560:8007::aac:c4ad]) by smtp.gmail.com with ESMTPSA id mp9sm9690411ejc.106.2021.11.30.08.41.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Nov 2021 08:41:42 -0800 (PST) From: christian.ehrhardt@canonical.com To: David Marchand Cc: Yan Xia , Maxime Coquelin , dpdk stable Subject: patch 'eal/linux: fix uevent message parsing' has been queued to stable release 19.11.11 Date: Tue, 30 Nov 2021 17:35:13 +0100 Message-Id: <20211130163605.2460997-109-christian.ehrhardt@canonical.com> X-Mailer: git-send-email 2.34.0 In-Reply-To: <20211130163605.2460997-1-christian.ehrhardt@canonical.com> References: <20211130163605.2460997-1-christian.ehrhardt@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 19.11.11 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before December 10th 2021. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/cpaelzer/dpdk-stable-queue This queued commit can be viewed at: https://github.com/cpaelzer/dpdk-stable-queue/commit/13b9c2b5f5cd1fbd4ca52b1d22509cce7381b3c0 Thanks. Christian Ehrhardt --- >From 13b9c2b5f5cd1fbd4ca52b1d22509cce7381b3c0 Mon Sep 17 00:00:00 2001 From: David Marchand Date: Tue, 2 Nov 2021 19:40:20 +0100 Subject: [PATCH] eal/linux: fix uevent message parsing [ upstream commit 4847122aab5ced55b3c656e8ee425e90c6eb5904 ] Caught with ASan: ==9727==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f0daa2fc0d0 at pc 0x7f0daeefacb2 bp 0x7f0daa2fadd0 sp 0x7f0daa2fa578 READ of size 1 at 0x7f0daa2fc0d0 thread T1 #0 0x7f0daeefacb1 (/lib64/libasan.so.5+0xbacb1) #1 0x115eba1 in dev_uev_parse ../lib/eal/linux/eal_dev.c:167 #2 0x115f281 in dev_uev_handler ../lib/eal/linux/eal_dev.c:248 #3 0x1169b91 in eal_intr_process_interrupts ../lib/eal/linux/eal_interrupts.c:1026 #4 0x116a3a2 in eal_intr_handle_interrupts ../lib/eal/linux/eal_interrupts.c:1100 #5 0x116a7f0 in eal_intr_thread_main ../lib/eal/linux/eal_interrupts.c:1172 #6 0x112640a in ctrl_thread_init ../lib/eal/common/eal_common_thread.c:202 #7 0x7f0dade27159 in start_thread (/lib64/libpthread.so.0+0x8159) #8 0x7f0dadb58f72 in clone (/lib64/libc.so.6+0xfcf72) Address 0x7f0daa2fc0d0 is located in stack of thread T1 at offset 4192 in frame #0 0x115f0c9 in dev_uev_handler ../lib/eal/linux/eal_dev.c:226 This frame has 2 object(s): [32, 48) 'uevent' [96, 4192) 'buf' <== Memory access at offset 4192 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) Thread T1 created by T0 here: #0 0x7f0daee92ea3 in __interceptor_pthread_create (/lib64/libasan.so.5+0x52ea3) #1 0x1126542 in rte_ctrl_thread_create ../lib/eal/common/eal_common_thread.c:228 #2 0x116a8b5 in rte_eal_intr_init ../lib/eal/linux/eal_interrupts.c:1200 #3 0x1159dd1 in rte_eal_init ../lib/eal/linux/eal.c:1044 #4 0x7a22f8 in main ../app/test-pmd/testpmd.c:4105 #5 0x7f0dada7f802 in __libc_start_main (/lib64/libc.so.6+0x23802) Bugzilla ID: 792 Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process") Signed-off-by: David Marchand Tested-by: Yan Xia Reviewed-by: Maxime Coquelin --- lib/librte_eal/linux/eal/eal_dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/librte_eal/linux/eal/eal_dev.c b/lib/librte_eal/linux/eal/eal_dev.c index 803979ff46..4248f8db5a 100644 --- a/lib/librte_eal/linux/eal/eal_dev.c +++ b/lib/librte_eal/linux/eal/eal_dev.c @@ -151,6 +151,9 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length) break; buf++; } + if (i >= length) + break; + /** * check device uevent from kernel side, no need to check * uevent from udev. -- 2.34.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2021-11-30 16:50:12.144919839 +0100 +++ 0109-eal-linux-fix-uevent-message-parsing.patch 2021-11-30 16:50:05.914874440 +0100 @@ -1 +1 @@ -From 4847122aab5ced55b3c656e8ee425e90c6eb5904 Mon Sep 17 00:00:00 2001 +From 13b9c2b5f5cd1fbd4ca52b1d22509cce7381b3c0 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 4847122aab5ced55b3c656e8ee425e90c6eb5904 ] + @@ -48 +49,0 @@ -Cc: stable@dpdk.org @@ -54 +55 @@ - lib/eal/linux/eal_dev.c | 3 +++ + lib/librte_eal/linux/eal/eal_dev.c | 3 +++ @@ -57,5 +58,5 @@ -diff --git a/lib/eal/linux/eal_dev.c b/lib/eal/linux/eal_dev.c -index 06820a3666..6aaeffb4e9 100644 ---- a/lib/eal/linux/eal_dev.c -+++ b/lib/eal/linux/eal_dev.c -@@ -160,6 +160,9 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length) +diff --git a/lib/librte_eal/linux/eal/eal_dev.c b/lib/librte_eal/linux/eal/eal_dev.c +index 803979ff46..4248f8db5a 100644 +--- a/lib/librte_eal/linux/eal/eal_dev.c ++++ b/lib/librte_eal/linux/eal/eal_dev.c +@@ -151,6 +151,9 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)