From: christian.ehrhardt@canonical.com
To: Rahul Bhansali <rbhansali@marvell.com>
Cc: Conor Walsh <conor.walsh@intel.com>,
Konstantin Ananyev <konstantin.ananyev@intel.com>,
dpdk stable <stable@dpdk.org>
Subject: patch 'examples/l3fwd: fix buffer overflow in Tx' has been queued to stable release 19.11.12
Date: Thu, 17 Mar 2022 15:17:42 +0100 [thread overview]
Message-ID: <20220317141747.1955930-4-christian.ehrhardt@canonical.com> (raw)
In-Reply-To: <20220317141747.1955930-1-christian.ehrhardt@canonical.com>
Hi,
FYI, your patch has been queued to stable release 19.11.12
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/19/22. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue
This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/d3847ac2c5d194e9bcae34f613796332c38ec511
Thanks.
Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
From d3847ac2c5d194e9bcae34f613796332c38ec511 Mon Sep 17 00:00:00 2001
From: Rahul Bhansali <rbhansali@marvell.com>
Date: Tue, 11 Jan 2022 18:20:05 +0530
Subject: [PATCH] examples/l3fwd: fix buffer overflow in Tx
[ upstream commit 0490d69d58d9d75c37e780966c837a062658f528 ]
This patch fixes the stack buffer overflow error reported
from AddressSanitizer.
Function send_packetsx4() tries to access out of bound data
from rte_mbuf and fill it into TX buffer even in the case
where no pending packets (len = 0).
Performance impact:- No
ASAN error report:-
==819==ERROR: AddressSanitizer: stack-buffer-overflow on address
0xffffe2c0dcf0 at pc 0x0000005e791c bp 0xffffe2c0d7e0 sp 0xffffe2c0d800
READ of size 8 at 0xffffe2c0dcf0 thread T0
#0 0x5e7918 in send_packetsx4 ../examples/l3fwd/l3fwd_common.h:251
#1 0x5e7918 in send_packets_multi ../examples/l3fwd/l3fwd_neon.h:226
Fixes: 96ff445371e0 ("examples/l3fwd: reorganise and optimize LPM code path")
Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>
Reviewed-by: Conor Walsh <conor.walsh@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
examples/l3fwd/l3fwd_common.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/examples/l3fwd/l3fwd_common.h b/examples/l3fwd/l3fwd_common.h
index 7d83ff641a..de77711f88 100644
--- a/examples/l3fwd/l3fwd_common.h
+++ b/examples/l3fwd/l3fwd_common.h
@@ -236,6 +236,9 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[],
/* copy rest of the packets into the TX buffer. */
len = num - n;
+ if (len == 0)
+ goto exit;
+
j = 0;
switch (len % FWDSTEP) {
while (j < len) {
@@ -258,6 +261,7 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[],
}
}
+exit:
qconf->tx_mbufs[port].len = len;
}
--
2.35.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2022-03-17 14:33:42.139334109 +0100
+++ 0004-examples-l3fwd-fix-buffer-overflow-in-Tx.patch 2022-03-17 14:33:41.872623036 +0100
@@ -1 +1 @@
-From 0490d69d58d9d75c37e780966c837a062658f528 Mon Sep 17 00:00:00 2001
+From d3847ac2c5d194e9bcae34f613796332c38ec511 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 0490d69d58d9d75c37e780966c837a062658f528 ]
+
@@ -21 +22,0 @@
-Cc: stable@dpdk.org
@@ -31 +32 @@
-index cbaab79f5b..8e4c27218f 100644
+index 7d83ff641a..de77711f88 100644
next prev parent reply other threads:[~2022-03-17 14:17 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-17 14:17 patch 'vhost: fix queue number check when setting inflight FD' " christian.ehrhardt
2022-03-17 14:17 ` patch 'vhost: fix FD leak with inflight messages' " christian.ehrhardt
2022-03-17 14:17 ` patch 'app/testpmd: fix show RSS RETA on Windows' " christian.ehrhardt
2022-03-17 14:17 ` christian.ehrhardt [this message]
2022-03-17 14:17 ` patch 'eal/freebsd: add missing C++ include guards' " christian.ehrhardt
2022-03-17 14:17 ` patch 'compressdev: fix missing space in log macro' " christian.ehrhardt
2022-03-17 14:17 ` patch 'cryptodev: fix clang C++ include' " christian.ehrhardt
2022-03-17 14:17 ` patch 'raw/ifpga: fix build with optimization' " christian.ehrhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220317141747.1955930-4-christian.ehrhardt@canonical.com \
--to=christian.ehrhardt@canonical.com \
--cc=conor.walsh@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=rbhansali@marvell.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).