From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1F52846A63 for ; Thu, 26 Jun 2025 14:02:58 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1AA76402A8; Thu, 26 Jun 2025 14:02:58 +0200 (CEST) Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2087.outbound.protection.outlook.com [40.107.223.87]) by mails.dpdk.org (Postfix) with ESMTP id 19C2C402A6 for ; Thu, 26 Jun 2025 14:02:56 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Cz3cnOj+hZaUuUtsVSFB9+CL48HHbSqpD9cBwVgv38PSa1Y4g3FEj1m/O0CP11udSWBKamKZpRA1Nf/J1WcCUx2/LlKVUaxf/7ILBMUY2jJeklA9oShXTB94+95/DFFXMwGxbfVkCPldslGcF37iCiTMX89VUFxqiZidG2NsOfJWCpvUducNIS/7wAjywi5BQGLV0HaGxj33flnv2yLVpcCVFFLRSy9okb3fJFf+zmjGUjpR1uqHRwJM1MpdgjlTQLgctr0s3ABYFQH5X+B0+1OGpVI2DjgFN/X++Q7anMOZJDuxZlYgzGpadh+iw5HbBDX4lNE8MFfg/Xlw187dSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VKRgFpOXRWVoYL4BSQbwR5eZzsTisSVc+CeDUK48BWI=; b=BcOemURK+X3MESwWrkIzrdYPb30UqJu0yU3rKeYKUA0ckpqdqfOMciLcOZcEAk4I+oS0yQjkRZvG77D68+GXK0l6oG8YZeGfuhhX3NxQ+53AmLliSzcBQa4+ilTZSmSlvexIqdWUkhvN0/fMRfORxM1bS/3OsbtAioXhcevEi+fwBO0ZXExv4RJ5pID/D3LalrI6rHC6LAcvEOovXDFCU+O8Q0F92vNgTyKLd4y9UR+PXTE4BngklKoeIu2lsdQs6YXLLhWrr52MWijNUH31RDnADSW/RxP92UgoQdey2P6qtXCRZwBidP+scG6o1D7ZFz/5CVl3DyB2CfpJDqobuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=nokia-sbell.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VKRgFpOXRWVoYL4BSQbwR5eZzsTisSVc+CeDUK48BWI=; b=slPCkFTecayFYDvw/MFPcyQQbjHefri35SMrm/lMY8BCkWMEgH+vTN+00g17B/UauHV7pRxxtPQDZ/SC68s/FowiEryf/kUlu2uMFBhcpgrOua50GqpRhFJxHMf7EpSNGgMYgoQlgmwRK2w5ELVsA6qjvHIVTz5mN68esTGi3z5oAvZIMuxU3m2xtzr4FgEZ4Cp9+HgNp8EGYoIcLU567bqulQXnTzrZ5zd2KQj1NRFuZqQbUQmWAtMGrBUAfSVh9jfcZdp2MJnD8V9HpZmUAtxQ+8s+z56deRD05AYLkgzfn0oBLf59mqDSP/9TKVixugGIP/G0fMXzUFxbO2e//Q== Received: from DS7PR05CA0032.namprd05.prod.outlook.com (2603:10b6:8:2f::31) by PH8PR12MB6867.namprd12.prod.outlook.com (2603:10b6:510:1ca::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8835.18; Thu, 26 Jun 2025 12:02:49 +0000 Received: from CY4PEPF0000EE39.namprd03.prod.outlook.com (2603:10b6:8:2f:cafe::76) by DS7PR05CA0032.outlook.office365.com (2603:10b6:8:2f::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8835.22 via Frontend Transport; Thu, 26 Jun 2025 12:02:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CY4PEPF0000EE39.mail.protection.outlook.com (10.167.242.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8880.14 via Frontend Transport; Thu, 26 Jun 2025 12:02:47 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Thu, 26 Jun 2025 05:02:30 -0700 Received: from nvidia.com (10.126.230.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Thu, 26 Jun 2025 05:02:28 -0700 From: Xueming Li To: Yang Ming CC: Xueming Li , Stephen Hemminger , dpdk stable Subject: patch 'eal/linux: improve ASLR check' has been queued to stable release 23.11.5 Date: Thu, 26 Jun 2025 20:00:28 +0800 Message-ID: <20250626120145.27369-9-xuemingl@nvidia.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250626120145.27369-1-xuemingl@nvidia.com> References: <20250626120145.27369-1-xuemingl@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.230.35] X-ClientProxiedBy: rnnvmail201.nvidia.com (10.129.68.8) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE39:EE_|PH8PR12MB6867:EE_ X-MS-Office365-Filtering-Correlation-Id: 4a75d4af-0055-4cc8-065a-08ddb4a95e0f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|36860700013|1800799024|82310400026|376014|7053199007; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?vD73BXRJZMMgSvLa4U+RDcagOb2lLskfjyqr514XzdsowTjPrUMCVkNGoik8?= =?us-ascii?Q?Sa1lBPP+51Dm/GQknchq9InB4KcDLePYl+TwJw8ROG8ugslF9G8NUo5IY/Oo?= =?us-ascii?Q?8AjGsGPe9gcCCqqHODg2RdP9jIVQalxKhHNWKCltBXkZJ41NBOqHNFL7VZth?= =?us-ascii?Q?yGivW34fBgPUrZvi6O0lGjwR1F568PIit7X71hXJKZYuAccK7kz1RDtpRciN?= =?us-ascii?Q?W4dKkk5dJELp4M9xPbnFTvNL9F8faCtjR25gmzDUEoRyx7eJTVMa+h/jZ9Va?= =?us-ascii?Q?vJJwf3O27z9HWOaiWrTaqXGVW3/Oiz9E/Fgf04P04Llr1/7v2PUGfSL4RkcM?= =?us-ascii?Q?mdrFqxkZqZheV4ao9ZQ0hVKr1Sj3Vf9rKt93h0OzvI494ex0vfIzsuYK4pxT?= =?us-ascii?Q?s9OL4KIVJ8trkUBB/0h1XDMT5KQDvAHNE4LsP5wMfAoOzCjEtXv68HMdOrCA?= =?us-ascii?Q?XK52txF68qT7eYy0jBP/PclV1yrxq1UQW4++lpihY4XlUjIZNWpptIQrPCKN?= =?us-ascii?Q?bqREW0qO2injycSW7ziNM/t0U2Cwqy8yBbh8gpRYbGLVBLvjN8Y8VTeCFmRe?= =?us-ascii?Q?bd8JEO9V/X2SdAV+bp2zQ6QetiDJocLMedQ4BgQhyF8GFGHUGGgvuzYbB32b?= =?us-ascii?Q?KnjNjfCEuGe/Yprj/ABnmsOxiGLFs1v0SdG14RqwlTybYvX3ITD8mFiyNbJ2?= =?us-ascii?Q?wVNGlCZ2RZdN5vX2pMITUqKN8e0nuMWWVdKHiY3ZtjZIfPRScGwKYmDdtbqM?= =?us-ascii?Q?dlPjRqtTD4tGmYmzQjOqSZVcuuf3Ky2gMBzw6tEb2xh9tkzuFGe8NM0K0wp9?= =?us-ascii?Q?6+XwqL5APABa595/NgUlb9Yhe7z/BYeMMKwB6j/lcck6ykxEVop6dbLBF5hs?= =?us-ascii?Q?r4CRF8pCEWyewqO+Ph0nW1mB2nSAXQ4LhQeGixXVZOsuROQSO8kQZkI+QPub?= =?us-ascii?Q?8pj5FnYHpP9tlArekkSoh8OWKH27vRvMjcN//+irvGkzWnVnxssilAs/zs2V?= =?us-ascii?Q?GXIfMvnj9RTeYPKl+lAQHK1dtqC4oKgtHLsn8+UQLPq69F2s2XEZejLdyUg1?= =?us-ascii?Q?Ub9GR0jfvq+xNeHYD1l96XPCaVq6l44debb5ExKNQ2qpDgbuDbEbx3dPwQzf?= =?us-ascii?Q?K7zVKUPMh22MsycQ3N62NvjHahfUfRwEDwbXwliMcbF98dygElgexQl9xblt?= =?us-ascii?Q?5J4kQetUv1xkpFqT7D7p6EfPaW9HvkF4tJtUVZh8HTd2+9jGIXFSCNJ+eQxB?= =?us-ascii?Q?dLMefPnigpIfNlSVzSDyRiqq18yu3wPHrkbmlbhxFkPP1Ihq/qSKLNPb9ZsJ?= =?us-ascii?Q?e+Hzj6Wc2H2TDQuPHJl7EwkENqHUx0BbdHR1FsWX1espfKvrtV3j2GpWwBs2?= =?us-ascii?Q?LPCZcBTGEsFuGaSfOGyOipg1Dit73U8UJuHTo+v9fQrfXWQtYe7vFn5p5P/3?= =?us-ascii?Q?+qQ3lBhNZp1kS/etcdbl4SdtAMKHb7wdjo/9PtINiKJEfekl1f5kSVEpO32W?= =?us-ascii?Q?7x29sJ9m6C+ozC9n1SWFmNcw0AkS761Zx4wvh8GwNXuvnGA9Q4uyOpFDGg?= =?us-ascii?Q?=3D=3D?= X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230040)(36860700013)(1800799024)(82310400026)(376014)(7053199007); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jun 2025 12:02:47.5887 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4a75d4af-0055-4cc8-065a-08ddb4a95e0f X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE39.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6867 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 23.11.5 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 06/28/25. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging This queued commit can be viewed at: https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=333ef2e9f6a2074586d44620d08c4019cfc6e2ef Thanks. Xueming Li --- >From 333ef2e9f6a2074586d44620d08c4019cfc6e2ef Mon Sep 17 00:00:00 2001 From: Yang Ming Date: Thu, 13 Mar 2025 14:19:03 +0800 Subject: [PATCH] eal/linux: improve ASLR check Cc: Xueming Li [ upstream commit dcf9f9363aa9b4163d241caf8b26a84ca0c0006b ] This change ensures that the current process is checked for being run with 'setarch' before verifying the value of '/proc/sys/kernel/randomize_va_space'. The '-R' or '--addr-no-randomize' parameter of the 'setarch' command is used to disable the randomization of the virtual address space. Fixes: af75078fece3 ("first public release") Signed-off-by: Yang Ming Acked-by: Stephen Hemminger --- lib/eal/linux/eal_memory.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lib/eal/linux/eal_memory.c b/lib/eal/linux/eal_memory.c index 077f77d406..ffdb836b7e 100644 --- a/lib/eal/linux/eal_memory.c +++ b/lib/eal/linux/eal_memory.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -200,6 +201,17 @@ static int aslr_enabled(void) { char c; + + /* + * Check whether the current process is executed with the command line + * "setarch ... --addr-no-randomize ..." or "setarch ... -R ..." + * This complements the sysfs check to ensure comprehensive ASLR status detection. + * This check is necessary to support the functionality of the "setarch" command, + * which can disable ASLR by setting the ADDR_NO_RANDOMIZE personality flag. + */ + if ((personality(0xffffffff) & ADDR_NO_RANDOMIZE) == ADDR_NO_RANDOMIZE) + return 0; + int retval, fd = open(RANDOMIZE_VA_SPACE_FILE, O_RDONLY); if (fd < 0) return -errno; -- 2.34.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2025-06-26 19:59:18.081520215 +0800 +++ 0008-eal-linux-improve-ASLR-check.patch 2025-06-26 19:59:17.186418052 +0800 @@ -1 +1 @@ -From dcf9f9363aa9b4163d241caf8b26a84ca0c0006b Mon Sep 17 00:00:00 2001 +From 333ef2e9f6a2074586d44620d08c4019cfc6e2ef Mon Sep 17 00:00:00 2001 @@ -4,0 +5,3 @@ +Cc: Xueming Li + +[ upstream commit dcf9f9363aa9b4163d241caf8b26a84ca0c0006b ] @@ -13 +15,0 @@ -Cc: stable@dpdk.org @@ -22 +24 @@ -index 8c896379fe..7f03bb517b 100644 +index 077f77d406..ffdb836b7e 100644 @@ -33 +35 @@ -@@ -203,6 +204,17 @@ static int +@@ -200,6 +201,17 @@ static int