From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AA472A0547 for ; Mon, 20 Jun 2022 10:02:35 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 94076427EB; Mon, 20 Jun 2022 10:02:35 +0200 (CEST) Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2043.outbound.protection.outlook.com [40.107.94.43]) by mails.dpdk.org (Postfix) with ESMTP id 3BA9440150; Mon, 20 Jun 2022 10:02:33 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b2OB4JoDAGLoZRpSBC+ydmcZfSKDC023IJBNFNBVKBWhuVvynecD3QF7fLz7n5HcZIbd2fssYvO61aEtD0lDsM7RvzqyX+xeIHaz2+Q1QRK3BVV1DxsqGuIzXleVYfRUKuvBnd4nW186G7bN0rWSyp6futR4Tvn52bDMQRogpuY3AAifFO6HJB/gGa3HwFNSUY7pYoszF2J/63iRmLjHAe2HjFekryyiBpoF0SLfXzoc8HswhOhQHeBE+ukMGTCngtXenU1HfCNbWpDdbNrJNsuJoCCghNNBRp8gZL1/0HQAkawf87N10xodRmNK0U4dL1d5j5OYeYwmfXaq9exqUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m0SL5sqS5UHNZbqi1Fzxa3J+BwFPAl6vJv226L/IiJw=; b=hIBFZUF22j8PZGXirmDgl7J5rrwsCUoIQC17C6udXacElx3ZmNGDSOQCEZvNLUBUKukNpXbSBFkbWNY3K2tkoSu5peOKdS2XVaua8zu9eyl59xz77uXQvFAR4EdfQYU3rccZHyZHD/f3Wq97o8n+PkGzlpx5Vo9VPkBuLg0q7/LjCjMCs542S84wRPSyGL5lPFejfhi2ioccq0JGz2x68VqygJM77M2elZdbaj8CNQRRxQJPryGy/hFwkx1HVfYxJllwxQ3OMzCP6XTn7DHxKPwIBd1h6bET1XewMakFPym5yFe3n1wYcxU6cGnQzu/alJEiv0gb3NFzSwCIIJ6VzA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m0SL5sqS5UHNZbqi1Fzxa3J+BwFPAl6vJv226L/IiJw=; b=l8M8inQpZdGnkDs9E4qVpLRakgTg9ajoPUVnlqbHvFoKVda6Pl5L/+xyTaYXDUVatrX6bhPqvE0lJj96yWahxKw0a//W5aFtebTmn3f+xBah2Mmo1YKzZVk0TT1slK8RvOQYZCIipsELZK1FrQ4uY9kXgQ8EWRAfYBfRbErtwnlXRxRcIXfRoYLAXE4JxKJUr+6dFtDqSubLJzcDazR9riDJn4YVT3Y5F3al8SlhE0JKPh9mhOx4tLnqbL9By3pMCvNgMBt3BKNR0rrQOxLuf+CgojlvnOs7fkMtE+ufOXYgZUl4IvjH9DFdpmM8ySIAa5nD2D0GUZs/JsGGVp+Q1w== Received: from BYAPR12MB3078.namprd12.prod.outlook.com (2603:10b6:a03:a8::31) by BL1PR12MB5756.namprd12.prod.outlook.com (2603:10b6:208:393::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.20; Mon, 20 Jun 2022 08:02:30 +0000 Received: from BYAPR12MB3078.namprd12.prod.outlook.com ([fe80::bd2a:f22f:f435:7b36]) by BYAPR12MB3078.namprd12.prod.outlook.com ([fe80::bd2a:f22f:f435:7b36%5]) with mapi id 15.20.5353.022; Mon, 20 Jun 2022 08:02:30 +0000 From: Raslan Darawsheh To: Yunjian Wang , "dev@dpdk.org" CC: Matan Azrad , Slava Ovsiienko , Michael Baum , "dingxiaoxiong@huawei.com" , "xudingke@huawei.com" , "stable@dpdk.org" Subject: RE: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow of hrxq's rss_key Thread-Topic: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow of hrxq's rss_key Thread-Index: AQHX+HNap4KGu64L90aWct7bC9v7iK1ZBzOg Date: Mon, 20 Jun 2022 08:02:30 +0000 Message-ID: References: <5cd9086411342c7475e3227249d3aa3a3144897d.1640314881.git.wangyunjian@huawei.com> In-Reply-To: <5cd9086411342c7475e3227249d3aa3a3144897d.1640314881.git.wangyunjian@huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e684c6be-87e7-45fd-61f5-08da5293395f x-ms-traffictypediagnostic: BL1PR12MB5756:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: tKk0QkQH6YFHtERUJ7+2SCtIzW+AU4c4gwgljaiP4wVXLLFHDKL4kNrU8mOcB08h2Hea1pxw7N6ESINOenPXhaWfEZVwjMUYg6vQjmAhccaKQzKgXYMicxB0N6vC7N2xdLEYCiolJ1e1xMKBaNPcOuFBwWLg/msjom9p9gOIgfJ9E/sJc6KsHaeXXLEQCbh6aKG4kXCR6ZeIOgJzSE6ste5HwjLuVeZtBIfw+aLgCW7rw35tccotzTbW/H5xrmGsZmJPviPsQv23TQrP6yXueFBnyp+KjY4nB4yH9fSFiY2NKdYI6P3rSGJiY0SK2AL22lfLcfvd+/hORLQuIHfGquEgPATaqEwm0s/f/B0Xj6umsdrU1vN3gYfuZ+EXQbmM8rTdf3DOs/WHe1+qgmGsyXn9pt0g4skoszVZN3kE3YP/SCyIorXYouCzeJhvVB17dq7tn0+L0OwbpUeBUzdwldJn+3dIhhIdkvSTJqvuZnR60JvQg2LyVtZWPxi8PDy4Sca+Lgy+BaGf8wfWihY4rbsnqgdFVJAtL96lrBd7p9I+VwTo4b9LNyFUrXCgEeHw8ucfteUJh40t1wd6M8cDnibLJcodIBFXLve2tgcDBeUnD7S56HArc/fnhLvoiR4DvYF7C+8Q09bppF2hJ+sNIh5UA66/3AiU6UxxMItNzpdoIJSHybzQzqWr6CB3xUc4tCMiUZCH7DavmB1m3tF42w== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR12MB3078.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(9686003)(71200400001)(498600001)(76116006)(64756008)(8936002)(7696005)(2906002)(8676002)(86362001)(53546011)(66446008)(38100700002)(54906003)(66946007)(4326008)(66556008)(66476007)(52536014)(122000001)(6506007)(83380400001)(55016003)(186003)(5660300002)(110136005)(26005)(33656002)(316002)(38070700005); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?TDavEoaOrAwbsjGEThs1cypPn1QQa6QtRCwraEAARcOoK0Ig4PmKYRWV0ZcG?= =?us-ascii?Q?8gRWrWBkfTYQ2QQEffruMBS/pIm79nRGepMTPR/3DD6Qb8Qm7TW6sw0TzDvs?= =?us-ascii?Q?jasc3eEMueF/DdeFvYAX7w5OBCFgUDpNnSFBbBWDOghv3nyZECXU7bOAQv3a?= =?us-ascii?Q?VUqozsdO4ekOwe7/2bQn7tJW8cJh3TwTHzpzyodgRFj0cuIsd45mAPg/Q06T?= =?us-ascii?Q?VQVwQNE18r7sylU8mAb7P1t1S3fVPwG5qgIylc5EdAiZ55FZN+/FjEQVc8XY?= =?us-ascii?Q?WqNeluFIoCbY4jRITC3N4fFIlOVV3I7enV/OMFq/mpI7luBwW9Dm+b2Eg9OX?= =?us-ascii?Q?w+Kl/bfMhcwY365ja0nunNMY0FJMtaxJ4hhBBRP8FFwiRfZlS9469mI7L9iI?= =?us-ascii?Q?xOvN34YoL+NumaFlAT/IGW/uoPzIfhfkY1lVpFybkcBifLbvYo35CegnklZ1?= =?us-ascii?Q?Zq5D50QXXjLkCsUvQIle3sAxQ+CXeNZhsWOQ+BORrGHYqs7kFSt4/m5dpqjx?= =?us-ascii?Q?JAF22LGYqXYnE+J/Trmg72BruKE1Z1V2Y3+t+Iodp1zaOfXtQPXQ7Z/ifWxm?= =?us-ascii?Q?MdDXjhGatym50fjfUnYkSwLzqu5PbtOqNGmiZLHAFqt35xEeVO1ABi/egOt2?= =?us-ascii?Q?wbFHHQ5ep7UHrJyg2l9qe7jnOJE3EYWEyo18eQkB9laDIVgWYI9ChBNgNCM7?= =?us-ascii?Q?RUUBJ0psxe8kvPIbOEiFqzKYn4Bc2+pLfNqyaEWLJBPA+iNOeJPz6rnjJzyM?= =?us-ascii?Q?YnzcOjpLgFqc/CcI2iSqp98WPOoT39cyYJuGR/G4uX6S0lf1D2n2owNVndlZ?= =?us-ascii?Q?wfMDohd5wnYbKtYgpE32lVbeGodl3xp4+ZOneKU+EqybFPufZFrMl8pbiq5Z?= =?us-ascii?Q?wGFor5vfbI1SntYNXMY93pDbN8O23OzrDFpu8xvOy3BUbg/0YmYeQ5wxh2po?= =?us-ascii?Q?gf6QSCmWV7W6yYIvsQoapHNuI9RLW2yYEHczfCF/WcRlfzkeqIXpaGUnwnCQ?= =?us-ascii?Q?K87o632lCC1w199CwIG/x4Ld6pXlITZ5hGm0Rd+DALoIfmsaK7GY/527ktgQ?= =?us-ascii?Q?C+ObnYGFJNCYngWpuTz5rCg54/Pf7ftB3mq6k2QtYr4gYWNj5LilZWlxxECt?= =?us-ascii?Q?sc6n7o7xmNgBhUeh1vJtWJ/McznFFZjnsT13Xu1vaJRGCWX5WMwZL2MM/8P7?= =?us-ascii?Q?z82pmeKWXX3A5jSjZLzS66FKnu4eEo7aA05Id76V7l+mRchKZB3Sb/comkDj?= =?us-ascii?Q?9QFiIdQhWOBZ4Eifx+akfpE5fTORdHiDeKKvrLn2aSJyP9Xgs4pBjTYMIapF?= =?us-ascii?Q?nxY4RZ4QSKWdK1Z72+F+09EpQVAZnqlSk2q9TnhcsmSnJ7M4w34u8vu7jV+S?= =?us-ascii?Q?3KKFU2av54iNBcRBxT+HGGRR+F0xg7Wndw7ykx5tSuduAvcfzoUwG8MFRYE4?= =?us-ascii?Q?daHO2giPsy6MBmQBo9jJaTQcHGiho28amOCF7SJGSYv6Qs12jn/MuSAonDdt?= =?us-ascii?Q?v5fg3A+Vlm/HsctMraIz/ZD3lCg0ivvpszWJ3lITmxT7jCZqjKP1Dpd0/jAY?= =?us-ascii?Q?lXnbEAiowvGhOJfDHJ2ffNgRX7/ysck0hQTLeNRWoRak2Esx2gEGDTgeuCWy?= =?us-ascii?Q?blOIMptBis7zkTYGnePeFd/6Tw0E6l1Yf72DVnKkwu/D/L/Mpx/9k2RrTsZ6?= =?us-ascii?Q?5jl0bOfDUekT/DJl40YErjssnPuKwNyhZJZpclV7ykXMYpu3qX42BeD0nhwN?= =?us-ascii?Q?2bKg9PK+kQ=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BYAPR12MB3078.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e684c6be-87e7-45fd-61f5-08da5293395f X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2022 08:02:30.1943 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: korAW2F7/40TzK/eOPvVrQgWo6u7W2YuNmW2ipt3HADeC1ia658xGcAlhjurCvessC0jXeAbP/h5K26lg4RK5w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5756 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, > -----Original Message----- > From: Yunjian Wang > Sent: Friday, December 24, 2021 5:06 AM > To: dev@dpdk.org > Cc: Matan Azrad ; Slava Ovsiienko > ; Michael Baum ; > dingxiaoxiong@huawei.com; xudingke@huawei.com; Yunjian Wang > ; stable@dpdk.org > Subject: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow of hr= xq's > rss_key >=20 > The mlx5_drop_action_create function use mlx5_malloc for allocating > 'hrxq', but don't allocate for 'rss_key'. This is wrong and it can > cause buffer overflow. >=20 > Detected with address sanitizer: > 0 (/usr/lib64/libasan.so.4+0x7b8e2) > 1 in mlx5_devx_tir_attr_set ../drivers/net/mlx5/mlx5_devx.c:765 > 2 in mlx5_devx_hrxq_new ../drivers/net/mlx5/mlx5_devx.c:800 > 3 in mlx5_devx_drop_action_create ../drivers/net/mlx5/mlx5_devx.c:1051 > 4 in mlx5_drop_action_create ../drivers/net/mlx5/mlx5_rxq.c:2846 > 5 in mlx5_dev_spawn ../drivers/net/mlx5/linux/mlx5_os.c:1743 > 6 in mlx5_os_pci_probe_pf ../drivers/net/mlx5/linux/mlx5_os.c:2501 > 7 in mlx5_os_pci_probe ../drivers/net/mlx5/linux/mlx5_os.c:2647 > 8 in mlx5_os_net_probe ../drivers/net/mlx5/linux/mlx5_os.c:2722 > 9 in drivers_probe ../drivers/common/mlx5/mlx5_common.c:657 > 10 in mlx5_common_dev_probe > ../drivers/common/mlx5/mlx5_common.c:711 > 11 in mlx5_common_pci_probe > ../drivers/common/mlx5/mlx5_common_pci.c:150 > 12 in rte_pci_probe_one_driver ../drivers/bus/pci/pci_common.c:269 > 13 in pci_probe_all_drivers ../drivers/bus/pci/pci_common.c:353 > 14 in pci_probe ../drivers/bus/pci/pci_common.c:380 > 15 in rte_bus_probe ../lib/eal/common/eal_common_bus.c:72 > 16 in rte_eal_init ../lib/eal/linux/eal.c:1286 > 17 in main ../app/test-pmd/testpmd.c:4112 >=20 > Fixes: 0c762e81da9b ("net/mlx5: share Rx queue drop action code") > Cc: stable@dpdk.org >=20 > Signed-off-by: Yunjian Wang Patch applied to next-net-mlx, Kindest regards, Raslan Darawsheh