From: Stephen Hemminger <stephen@networkplumber.org>
To: Isaac Boukris <iboukris@gmail.com>
Cc: dev@dpdk.org
Subject: Re: BUG: AddressSanitizer reports a buffer-overflow on rte_hash_lookup
Date: Sun, 5 Feb 2023 11:49:21 -0800 [thread overview]
Message-ID: <20230205114921.605de31a@hermes.local> (raw)
In-Reply-To: <CAC-fF8Qt6ExgN4zM7NeOGTHPvWk5xykWTYzEPKYm3tsYwj7EAg@mail.gmail.com>
On Sun, 5 Feb 2023 18:54:20 +0200
Isaac Boukris <iboukris@gmail.com> wrote:
> Hi,
>
> I managed to reproduce it by modifying the helloworld app (see
> attached). The report seem correct, as in case of 10 byte key the code
> tries to look at the key as uint32 array and access k[2] which is two
> bytes over, see:
> https://github.com/DPDK/dpdk/blob/0bf5832222971a0154c9150d4a7a4b82ecbc9ddb/lib/hash/rte_jhash.h#L118
>
> $ sudo build/helloworld --iova-mode=pa
> EAL: Detected CPU lcores: 8
> EAL: Detected NUMA nodes: 1
> EAL: Detected static linkage of DPDK
> EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
> EAL: Selected IOVA mode 'PA'
> EAL: VFIO support initialized
> EAL: Using IOMMU type 1 (Type 1)
> EAL: Ignore mapping IO port bar(3)
> EAL: Probe PCI driver: net_vmxnet3 (15ad:7b0) device: 0000:0b:00.0 (socket -1)
> =================================================================
> ==21410==ERROR: AddressSanitizer: global-buffer-overflow on address
> 0x0000024fe428 at pc 0x000001293b0b bp 0x7fff126ef2d0 sp
> 0x7fff126ef2c0
> READ of size 4 at 0x0000024fe428 thread T0
> #0 0x1293b0a in __rte_jhash_2hashes
> (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1293b0a)
> #1 0x12953bf in rte_jhash_2hashes
> (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x12953bf)
> #2 0x12954c8 in rte_jhash
> (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x12954c8)
> #3 0x1bd7168 in rte_hash_lookup
> (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1bd7168)
> #4 0x1295600 in main
> (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1295600)
> #5 0x7fe8fffbbd84 in __libc_start_main (/lib64/libc.so.6+0x3ad84)
> #6 0x129356d in _start
> (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x129356d)
>
> 0x0000024fe42a is located 0 bytes to the right of global variable
> 'hash_key' defined in 'main.c:34:13' (0x24fe420) of size 10
> SUMMARY: AddressSanitizer: global-buffer-overflow
> (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1293b0a)
> in __rte_jhash_2hashes
This code is using the common optimization of doing a full 32 bit access
and masking the result. This will read past the end of the passed input
but ignore the extra bytes. It won't be a problem unless the application
goes out of its way to put a hash key value at the end of a mapped
region.
next prev parent reply other threads:[~2023-02-05 19:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-05 16:54 Isaac Boukris
2023-02-05 19:49 ` Stephen Hemminger [this message]
2023-02-05 20:14 ` Isaac Boukris
2023-02-05 21:08 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230205114921.605de31a@hermes.local \
--to=stephen@networkplumber.org \
--cc=dev@dpdk.org \
--cc=iboukris@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).