From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id AC95AA0C41
	for <public@inbox.dpdk.org>; Tue, 30 Nov 2021 17:41:44 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id A6A99410F7;
	Tue, 30 Nov 2021 17:41:44 +0100 (CET)
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
 by mails.dpdk.org (Postfix) with ESMTP id 0E4C3411B8
 for <stable@dpdk.org>; Tue, 30 Nov 2021 17:41:44 +0100 (CET)
Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com
 [209.85.208.72])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id DBEA84000F
 for <stable@dpdk.org>; Tue, 30 Nov 2021 16:41:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1638290503;
 bh=zD7lcDW2euv7NyUldPzfv6mkHiX8Gl6jSVjnoPDlcTw=;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=UpwuSreajhtzpsCoIznj2DO3lfKhsAaDttDBVilbpbzgj0SiHDGtvIMp3ZZCSXUJC
 7EF+da4DloTCcxNxHc52PT0T+eeZqLK30Lud+m2c+YNMag7dqBvxYI5wMoVbBSz9Sj
 2mfwRUFOFt+uf6F9tOtXQsNuZkV33SgTaz6Bdt6HEV6KIDHdOAZ+/x+mgcwvBVpBOA
 862XxZYvqaZCi2zBXVukebAht0hCzRkL42Pefbr9bNKGXXc7fCrZZxWUAURZqPyKxR
 MFVbtkaJlL2D1zeFD75dO+pGuGv5cppNwDKvO9aBuSITHE+1QRq5XDXr8Rk/aCcCbG
 DXve2Qzqanz2w==
Received: by mail-ed1-f72.google.com with SMTP id
 eg20-20020a056402289400b003eb56fcf6easo17388786edb.20
 for <stable@dpdk.org>; Tue, 30 Nov 2021 08:41:43 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=zD7lcDW2euv7NyUldPzfv6mkHiX8Gl6jSVjnoPDlcTw=;
 b=Md3KW/apyprFSNLZi09dR7oIYQipOjvY1AdmwJBN/TCok8bgaCMFbkt9MlQVmzTd8n
 Gdnw/wxL8VapTH8UK6NX0nqqy4Yx3W1WSDybkN/9oMHnEbNWrcRjS8ss6tkehoNAUv95
 iZ+oMTsNi58u8ZWhBvF6iBvKb8LuqVJP+SlQonx7CBYe7eeZjIXcw2tosB1e5naYLFMV
 ImvI7ErWYvrHCtqk/H064Wv6YlFWmHdbCR11drb6gIoqbjgA0G3zS9DT9CMjQNkcdlxF
 GCR8YiXf4n7RE2EdaebzAICv9ZxUmclWJM1HpxRwtHhHFZDb5CjHyZ/vj9X7AZih3rCA
 JKXA==
X-Gm-Message-State: AOAM530zCx5T3mH8zd3xrFRLxBBeQ5/jqplqTEG45r2LM6NPwGW6X1ci
 Qt0D6uEM5KNRH4kCR7fvhgw+vTUvU/cptu35ma/sbHnqcSLIStZxJCeYv7KKl7KX5XMAUrpCrzz
 AROG18ly33IjunMqRKmDfDCAQ
X-Received: by 2002:a17:907:20e8:: with SMTP id
 rh8mr169528ejb.437.1638290503371; 
 Tue, 30 Nov 2021 08:41:43 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwaBdtODNwT/UoZlx8bA1klyvrDJzPgBhTT7WB3kBd1ywLA4Un66v8twnH9JqbofASO08c+gg==
X-Received: by 2002:a17:907:20e8:: with SMTP id
 rh8mr169509ejb.437.1638290503183; 
 Tue, 30 Nov 2021 08:41:43 -0800 (PST)
Received: from localhost.localdomain ([2001:67c:1560:8007::aac:c4ad])
 by smtp.gmail.com with ESMTPSA id mp9sm9690411ejc.106.2021.11.30.08.41.42
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Nov 2021 08:41:42 -0800 (PST)
From: christian.ehrhardt@canonical.com
To: David Marchand <david.marchand@redhat.com>
Cc: Yan Xia <yanx.xia@intel.com>, Maxime Coquelin <maxime.coquelin@redhat.com>,
 dpdk stable <stable@dpdk.org>
Subject: patch 'eal/linux: fix uevent message parsing' has been queued to
 stable release 19.11.11
Date: Tue, 30 Nov 2021 17:35:13 +0100
Message-Id: <20211130163605.2460997-109-christian.ehrhardt@canonical.com>
X-Mailer: git-send-email 2.34.0
In-Reply-To: <20211130163605.2460997-1-christian.ehrhardt@canonical.com>
References: <20211130163605.2460997-1-christian.ehrhardt@canonical.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 19.11.11

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before December 10th 2021. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/13b9c2b5f5cd1fbd4ca52b1d22509cce7381b3c0

Thanks.

Christian Ehrhardt <christian.ehrhardt@canonical.com>

---
>From 13b9c2b5f5cd1fbd4ca52b1d22509cce7381b3c0 Mon Sep 17 00:00:00 2001
From: David Marchand <david.marchand@redhat.com>
Date: Tue, 2 Nov 2021 19:40:20 +0100
Subject: [PATCH] eal/linux: fix uevent message parsing

[ upstream commit 4847122aab5ced55b3c656e8ee425e90c6eb5904 ]

Caught with ASan:
==9727==ERROR: AddressSanitizer: stack-buffer-overflow on address
  0x7f0daa2fc0d0 at pc 0x7f0daeefacb2 bp 0x7f0daa2fadd0 sp 0x7f0daa2fa578
READ of size 1 at 0x7f0daa2fc0d0 thread T1
    #0 0x7f0daeefacb1  (/lib64/libasan.so.5+0xbacb1)
    #1 0x115eba1 in dev_uev_parse ../lib/eal/linux/eal_dev.c:167
    #2 0x115f281 in dev_uev_handler ../lib/eal/linux/eal_dev.c:248
    #3 0x1169b91 in eal_intr_process_interrupts
  ../lib/eal/linux/eal_interrupts.c:1026
    #4 0x116a3a2 in eal_intr_handle_interrupts
  ../lib/eal/linux/eal_interrupts.c:1100
    #5 0x116a7f0 in eal_intr_thread_main
  ../lib/eal/linux/eal_interrupts.c:1172
    #6 0x112640a in ctrl_thread_init
  ../lib/eal/common/eal_common_thread.c:202
    #7 0x7f0dade27159 in start_thread (/lib64/libpthread.so.0+0x8159)
    #8 0x7f0dadb58f72 in clone (/lib64/libc.so.6+0xfcf72)

Address 0x7f0daa2fc0d0 is located in stack of thread T1 at offset 4192
  in frame
    #0 0x115f0c9 in dev_uev_handler ../lib/eal/linux/eal_dev.c:226

  This frame has 2 object(s):
    [32, 48) 'uevent'
    [96, 4192) 'buf' <== Memory access at offset 4192 overflows this
  variable
HINT: this may be a false positive if your program uses some custom
  stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
Thread T1 created by T0 here:
    #0 0x7f0daee92ea3 in __interceptor_pthread_create
  (/lib64/libasan.so.5+0x52ea3)
    #1 0x1126542 in rte_ctrl_thread_create
  ../lib/eal/common/eal_common_thread.c:228
    #2 0x116a8b5 in rte_eal_intr_init
  ../lib/eal/linux/eal_interrupts.c:1200
    #3 0x1159dd1 in rte_eal_init ../lib/eal/linux/eal.c:1044
    #4 0x7a22f8 in main ../app/test-pmd/testpmd.c:4105
    #5 0x7f0dada7f802 in __libc_start_main (/lib64/libc.so.6+0x23802)

Bugzilla ID: 792
Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")

Signed-off-by: David Marchand <david.marchand@redhat.com>
Tested-by: Yan Xia <yanx.xia@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
 lib/librte_eal/linux/eal/eal_dev.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/librte_eal/linux/eal/eal_dev.c b/lib/librte_eal/linux/eal/eal_dev.c
index 803979ff46..4248f8db5a 100644
--- a/lib/librte_eal/linux/eal/eal_dev.c
+++ b/lib/librte_eal/linux/eal/eal_dev.c
@@ -151,6 +151,9 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
 				break;
 			buf++;
 		}
+		if (i >= length)
+			break;
+
 		/**
 		 * check device uevent from kernel side, no need to check
 		 * uevent from udev.
-- 
2.34.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-11-30 16:50:12.144919839 +0100
+++ 0109-eal-linux-fix-uevent-message-parsing.patch	2021-11-30 16:50:05.914874440 +0100
@@ -1 +1 @@
-From 4847122aab5ced55b3c656e8ee425e90c6eb5904 Mon Sep 17 00:00:00 2001
+From 13b9c2b5f5cd1fbd4ca52b1d22509cce7381b3c0 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 4847122aab5ced55b3c656e8ee425e90c6eb5904 ]
+
@@ -48 +49,0 @@
-Cc: stable@dpdk.org
@@ -54 +55 @@
- lib/eal/linux/eal_dev.c | 3 +++
+ lib/librte_eal/linux/eal/eal_dev.c | 3 +++
@@ -57,5 +58,5 @@
-diff --git a/lib/eal/linux/eal_dev.c b/lib/eal/linux/eal_dev.c
-index 06820a3666..6aaeffb4e9 100644
---- a/lib/eal/linux/eal_dev.c
-+++ b/lib/eal/linux/eal_dev.c
-@@ -160,6 +160,9 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
+diff --git a/lib/librte_eal/linux/eal/eal_dev.c b/lib/librte_eal/linux/eal/eal_dev.c
+index 803979ff46..4248f8db5a 100644
+--- a/lib/librte_eal/linux/eal/eal_dev.c
++++ b/lib/librte_eal/linux/eal/eal_dev.c
+@@ -151,6 +151,9 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)