From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <dev-bounces@dpdk.org> Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8305B41BDD; Sun, 5 Feb 2023 20:49:26 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0E17340A7D; Sun, 5 Feb 2023 20:49:26 +0100 (CET) Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by mails.dpdk.org (Postfix) with ESMTP id 2B35F40041 for <dev@dpdk.org>; Sun, 5 Feb 2023 20:49:24 +0100 (CET) Received: by mail-pj1-f51.google.com with SMTP id rm7-20020a17090b3ec700b0022c05558d22so9369841pjb.5 for <dev@dpdk.org>; Sun, 05 Feb 2023 11:49:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=n3g2D7GhSDqba1QBHul1myc0j/qCtfwmqGlgk1I/xfo=; b=5k9EaenhAXPX0GrFToFIPlDR79ifPcde/8gg6BJc/LKA9KmseLjJd+XqauzLGzqtnm Dh0PTfCbDschDIqSESTQIbHr4/IPmglxJjjCb1Z8u0WMWHx9AxDu3ZObTFdScT1B6KmC 2Rthqjy9WAnMlWVXZ4ppRuVbHLp8PFNVrm7hieKjChe2LrT6U7+wBsFtH92MmwsCGV7w Kxsin6s1+mIwrX4GdxbetwMaVcCAO2F6i+mv/iLxz69uBCejf4wtwEWzx7ENmrvwuH/i eUANmfZyeY+1cUWPFPjfr8o5Eah98oIEhiExgTjQ2rd+YxRyj1jOMBylNfku1nKFa0Ew 5cbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n3g2D7GhSDqba1QBHul1myc0j/qCtfwmqGlgk1I/xfo=; b=10L5rypFzx6a7Ze3igzpLdGrGx2oP3jdxhheWaq/DHZp9dP9zsiL7mInFRO0ntxz87 9GcejxbjnD1A5AwtglURDN1hgKRfseqy/WmQLPFLtyuboVQZ7PS9I2+xJ4XDVEvtk5JT Idf5rxhdDUiKW/7KjKq2MeKCicJYrGdTYxhMHTtGVth6FbmMQupU3q41SP4z7nAs0UrD LgY0wmAyUiZEh2+BO6PCoKaQNfBuc/nIFXrgM3zkeIWptYzlT5QOp9JV+7wRXG8sAzY4 pV0ewt8vOeyJLIpGJIbnZRutkVRDyKGDQgf/lTB9ONDMOvGNgJa4749BNQ+ERMVbL5BC 2FkQ== X-Gm-Message-State: AO0yUKXSbT5VKy/fyMUPB8nlNFJhHHZ1WEa8bVy73dh4iFy2IWPn/as5 MBuneY28/WoY8MpZLdV6BHhgZQ== X-Google-Smtp-Source: AK7set9PIALNRx29lhQ8i8cILKFjBLwM9Fp7espOjba/aQQwp89vM7B3CdKhx01ivQBvTbwPvdtfpA== X-Received: by 2002:a17:902:c611:b0:196:5839:b374 with SMTP id r17-20020a170902c61100b001965839b374mr13224110plr.9.1675626563139; Sun, 05 Feb 2023 11:49:23 -0800 (PST) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id jc5-20020a17090325c500b00194afb5a3ebsm1502629plb.21.2023.02.05.11.49.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Feb 2023 11:49:22 -0800 (PST) Date: Sun, 5 Feb 2023 11:49:21 -0800 From: Stephen Hemminger <stephen@networkplumber.org> To: Isaac Boukris <iboukris@gmail.com> Cc: dev@dpdk.org Subject: Re: BUG: AddressSanitizer reports a buffer-overflow on rte_hash_lookup Message-ID: <20230205114921.605de31a@hermes.local> In-Reply-To: <CAC-fF8Qt6ExgN4zM7NeOGTHPvWk5xykWTYzEPKYm3tsYwj7EAg@mail.gmail.com> References: <CAC-fF8Qt6ExgN4zM7NeOGTHPvWk5xykWTYzEPKYm3tsYwj7EAg@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org On Sun, 5 Feb 2023 18:54:20 +0200 Isaac Boukris <iboukris@gmail.com> wrote: > Hi, > > I managed to reproduce it by modifying the helloworld app (see > attached). The report seem correct, as in case of 10 byte key the code > tries to look at the key as uint32 array and access k[2] which is two > bytes over, see: > https://github.com/DPDK/dpdk/blob/0bf5832222971a0154c9150d4a7a4b82ecbc9ddb/lib/hash/rte_jhash.h#L118 > > $ sudo build/helloworld --iova-mode=pa > EAL: Detected CPU lcores: 8 > EAL: Detected NUMA nodes: 1 > EAL: Detected static linkage of DPDK > EAL: Multi-process socket /var/run/dpdk/rte/mp_socket > EAL: Selected IOVA mode 'PA' > EAL: VFIO support initialized > EAL: Using IOMMU type 1 (Type 1) > EAL: Ignore mapping IO port bar(3) > EAL: Probe PCI driver: net_vmxnet3 (15ad:7b0) device: 0000:0b:00.0 (socket -1) > ================================================================= > ==21410==ERROR: AddressSanitizer: global-buffer-overflow on address > 0x0000024fe428 at pc 0x000001293b0b bp 0x7fff126ef2d0 sp > 0x7fff126ef2c0 > READ of size 4 at 0x0000024fe428 thread T0 > #0 0x1293b0a in __rte_jhash_2hashes > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1293b0a) > #1 0x12953bf in rte_jhash_2hashes > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x12953bf) > #2 0x12954c8 in rte_jhash > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x12954c8) > #3 0x1bd7168 in rte_hash_lookup > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1bd7168) > #4 0x1295600 in main > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1295600) > #5 0x7fe8fffbbd84 in __libc_start_main (/lib64/libc.so.6+0x3ad84) > #6 0x129356d in _start > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x129356d) > > 0x0000024fe42a is located 0 bytes to the right of global variable > 'hash_key' defined in 'main.c:34:13' (0x24fe420) of size 10 > SUMMARY: AddressSanitizer: global-buffer-overflow > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1293b0a) > in __rte_jhash_2hashes This code is using the common optimization of doing a full 32 bit access and masking the result. This will read past the end of the passed input but ignore the extra bytes. It won't be a problem unless the application goes out of its way to put a hash key value at the end of a mapped region.