From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 52178A0093 for ; Thu, 17 Mar 2022 15:17:57 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4974E41150; Thu, 17 Mar 2022 15:17:57 +0100 (CET) Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by mails.dpdk.org (Postfix) with ESMTP id DF985410EC for ; Thu, 17 Mar 2022 15:17:55 +0100 (CET) Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 70E5B3F1E5 for ; Thu, 17 Mar 2022 14:17:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1647526675; bh=q1yL6xuAG5RdXJLjRGr9g+6tGpqIXx3o9NympHqDedU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=jHUxo9RBtjSga5W9nBILAf5nCHzPLEbiwNSc5nheJFFGCE77lf0QRhmceTM/8SnuR YM/bTQS8rkeQITSP9ZNYmeVmwQc5ebjheWMeVViUMb0vspSpTBjj6YfHANfs293qT5 nscz2c7o6bbU/7fY8dE3xMYdHZ71NogI9VQdewIl4LMwO7SGJIugcZ5dViOYkeykxG XlknXIv+EcuocXrByg75SXmn+3givmdF3encTiYu2HrR2ejoCef0zK46yoY5BA9lfG Yrm3WOg50XKFejlXHCRtrSBTxKW6m065HFLV7DO45KmzXUiYkOyg2othi9OXcVRS6W o26Y/IHMqnW5A== Received: by mail-ed1-f69.google.com with SMTP id w15-20020a50c44f000000b00418f00014f8so2082500edf.18 for ; Thu, 17 Mar 2022 07:17:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=q1yL6xuAG5RdXJLjRGr9g+6tGpqIXx3o9NympHqDedU=; b=cIj6njYi2PUMT2EtCdvpygqaKrrUnhiILlwWN3XvD4B/trr9clQrsHdnHr9tUhBwoE IaeuCm1VTJBp5mXcd/l7GG4M7/l38W6V6Es7Jpa1u5EnU7g4CgPpVNObgLlY+mUa0HA3 gAgHZnVFq823bIS2+rG7kIAttFHuDa4WPwAkIJfDGAjpRtb5KoZ/Z96qj0Mk1sWdodHv pV9vlMtL38NeOhYD0qq6TnHl2stpWG+Wrj14Wuy1dC9Bc0SDO6S9wYoFBz8KYHFjAE3A QU/Z377o3A7n4yOLqFeWH/5qQQHBOkF+bUhi2tTLdCZAL6AwZHUGZPSSjjhDnfWT4cMy WJnA== X-Gm-Message-State: AOAM533hTdxL8k/ThRfJjt4vFlhAU5HS/7xcAnZ9k1g9VV9JW0IDVJsb p5dyChJXLlJ6nHcoo8v/bFocC7YazWqULY2KuDTEZyHLf5HGH55Pts0oF8pJq5JcIIcvHk4H5FA brnA38LNALoSdQ5NFYtOHRAew X-Received: by 2002:aa7:c948:0:b0:413:2bed:e82e with SMTP id h8-20020aa7c948000000b004132bede82emr4689116edt.394.1647526674790; Thu, 17 Mar 2022 07:17:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyUPKSH65x9pzD6KV0YnzoZSJShb3zbUrKU11ObmVKLa6pt+u40I3+P2xDEp20OcWo/0TZpPw== X-Received: by 2002:aa7:c948:0:b0:413:2bed:e82e with SMTP id h8-20020aa7c948000000b004132bede82emr4689099edt.394.1647526674589; Thu, 17 Mar 2022 07:17:54 -0700 (PDT) Received: from localhost.localdomain (068-133-067-156.ip-addr.inexio.net. [156.67.133.68]) by smtp.gmail.com with ESMTPSA id h22-20020a1709062dd600b006dac66b8076sm2382541eji.95.2022.03.17.07.17.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Mar 2022 07:17:53 -0700 (PDT) From: christian.ehrhardt@canonical.com To: Rahul Bhansali Cc: Conor Walsh , Konstantin Ananyev , dpdk stable Subject: patch 'examples/l3fwd: fix buffer overflow in Tx' has been queued to stable release 19.11.12 Date: Thu, 17 Mar 2022 15:17:42 +0100 Message-Id: <20220317141747.1955930-4-christian.ehrhardt@canonical.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220317141747.1955930-1-christian.ehrhardt@canonical.com> References: <20220317141747.1955930-1-christian.ehrhardt@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 19.11.12 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 03/19/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/cpaelzer/dpdk-stable-queue This queued commit can be viewed at: https://github.com/cpaelzer/dpdk-stable-queue/commit/d3847ac2c5d194e9bcae34f613796332c38ec511 Thanks. Christian Ehrhardt --- >From d3847ac2c5d194e9bcae34f613796332c38ec511 Mon Sep 17 00:00:00 2001 From: Rahul Bhansali Date: Tue, 11 Jan 2022 18:20:05 +0530 Subject: [PATCH] examples/l3fwd: fix buffer overflow in Tx [ upstream commit 0490d69d58d9d75c37e780966c837a062658f528 ] This patch fixes the stack buffer overflow error reported from AddressSanitizer. Function send_packetsx4() tries to access out of bound data from rte_mbuf and fill it into TX buffer even in the case where no pending packets (len = 0). Performance impact:- No ASAN error report:- ==819==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xffffe2c0dcf0 at pc 0x0000005e791c bp 0xffffe2c0d7e0 sp 0xffffe2c0d800 READ of size 8 at 0xffffe2c0dcf0 thread T0 #0 0x5e7918 in send_packetsx4 ../examples/l3fwd/l3fwd_common.h:251 #1 0x5e7918 in send_packets_multi ../examples/l3fwd/l3fwd_neon.h:226 Fixes: 96ff445371e0 ("examples/l3fwd: reorganise and optimize LPM code path") Signed-off-by: Rahul Bhansali Reviewed-by: Conor Walsh Acked-by: Konstantin Ananyev --- examples/l3fwd/l3fwd_common.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/examples/l3fwd/l3fwd_common.h b/examples/l3fwd/l3fwd_common.h index 7d83ff641a..de77711f88 100644 --- a/examples/l3fwd/l3fwd_common.h +++ b/examples/l3fwd/l3fwd_common.h @@ -236,6 +236,9 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[], /* copy rest of the packets into the TX buffer. */ len = num - n; + if (len == 0) + goto exit; + j = 0; switch (len % FWDSTEP) { while (j < len) { @@ -258,6 +261,7 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[], } } +exit: qconf->tx_mbufs[port].len = len; } -- 2.35.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-03-17 14:33:42.139334109 +0100 +++ 0004-examples-l3fwd-fix-buffer-overflow-in-Tx.patch 2022-03-17 14:33:41.872623036 +0100 @@ -1 +1 @@ -From 0490d69d58d9d75c37e780966c837a062658f528 Mon Sep 17 00:00:00 2001 +From d3847ac2c5d194e9bcae34f613796332c38ec511 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 0490d69d58d9d75c37e780966c837a062658f528 ] + @@ -21 +22,0 @@ -Cc: stable@dpdk.org @@ -31 +32 @@ -index cbaab79f5b..8e4c27218f 100644 +index 7d83ff641a..de77711f88 100644