* [dpdk-dev] [PATCH] eal/linux: fix uevent message parsing
@ 2021-11-02 18:40 David Marchand
2021-11-02 18:43 ` David Marchand
2021-11-04 13:59 ` Maxime Coquelin
0 siblings, 2 replies; 5+ messages in thread
From: David Marchand @ 2021-11-02 18:40 UTC (permalink / raw)
To: dev; +Cc: yux.jiang
Caught with ASan:
==9727==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7f0daa2fc0d0 at pc 0x7f0daeefacb2 bp 0x7f0daa2fadd0 sp 0x7f0daa2fa578
READ of size 1 at 0x7f0daa2fc0d0 thread T1
#0 0x7f0daeefacb1 (/lib64/libasan.so.5+0xbacb1)
#1 0x115eba1 in dev_uev_parse ../lib/eal/linux/eal_dev.c:167
#2 0x115f281 in dev_uev_handler ../lib/eal/linux/eal_dev.c:248
#3 0x1169b91 in eal_intr_process_interrupts
../lib/eal/linux/eal_interrupts.c:1026
#4 0x116a3a2 in eal_intr_handle_interrupts
../lib/eal/linux/eal_interrupts.c:1100
#5 0x116a7f0 in eal_intr_thread_main
../lib/eal/linux/eal_interrupts.c:1172
#6 0x112640a in ctrl_thread_init
../lib/eal/common/eal_common_thread.c:202
#7 0x7f0dade27159 in start_thread (/lib64/libpthread.so.0+0x8159)
#8 0x7f0dadb58f72 in clone (/lib64/libc.so.6+0xfcf72)
Address 0x7f0daa2fc0d0 is located in stack of thread T1 at offset 4192
in frame
#0 0x115f0c9 in dev_uev_handler ../lib/eal/linux/eal_dev.c:226
This frame has 2 object(s):
[32, 48) 'uevent'
[96, 4192) 'buf' <== Memory access at offset 4192 overflows this
variable
HINT: this may be a false positive if your program uses some custom
stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
Thread T1 created by T0 here:
#0 0x7f0daee92ea3 in __interceptor_pthread_create
(/lib64/libasan.so.5+0x52ea3)
#1 0x1126542 in rte_ctrl_thread_create
../lib/eal/common/eal_common_thread.c:228
#2 0x116a8b5 in rte_eal_intr_init
../lib/eal/linux/eal_interrupts.c:1200
#3 0x1159dd1 in rte_eal_init ../lib/eal/linux/eal.c:1044
#4 0x7a22f8 in main ../app/test-pmd/testpmd.c:4105
#5 0x7f0dada7f802 in __libc_start_main (/lib64/libc.so.6+0x23802)
Signed-off-by: David Marchand <david.marchand@redhat.com>
---
lib/eal/linux/eal_dev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/eal/linux/eal_dev.c b/lib/eal/linux/eal_dev.c
index 925cdba553..1fd00a482b 100644
--- a/lib/eal/linux/eal_dev.c
+++ b/lib/eal/linux/eal_dev.c
@@ -160,6 +160,9 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
break;
buf++;
}
+ if (i >= length)
+ break;
+
/**
* check device uevent from kernel side, no need to check
* uevent from udev.
--
2.23.0
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [dpdk-dev] [PATCH] eal/linux: fix uevent message parsing
2021-11-02 18:40 [dpdk-dev] [PATCH] eal/linux: fix uevent message parsing David Marchand
@ 2021-11-02 18:43 ` David Marchand
2021-11-03 9:47 ` David Marchand
2021-11-04 13:59 ` Maxime Coquelin
1 sibling, 1 reply; 5+ messages in thread
From: David Marchand @ 2021-11-02 18:43 UTC (permalink / raw)
To: dev; +Cc: Yu Jiang
On Tue, Nov 2, 2021 at 7:41 PM David Marchand <david.marchand@redhat.com> wrote:
>
> Caught with ASan:
> ==9727==ERROR: AddressSanitizer: stack-buffer-overflow on address
> 0x7f0daa2fc0d0 at pc 0x7f0daeefacb2 bp 0x7f0daa2fadd0 sp 0x7f0daa2fa578
> READ of size 1 at 0x7f0daa2fc0d0 thread T1
> #0 0x7f0daeefacb1 (/lib64/libasan.so.5+0xbacb1)
> #1 0x115eba1 in dev_uev_parse ../lib/eal/linux/eal_dev.c:167
> #2 0x115f281 in dev_uev_handler ../lib/eal/linux/eal_dev.c:248
> #3 0x1169b91 in eal_intr_process_interrupts
> ../lib/eal/linux/eal_interrupts.c:1026
> #4 0x116a3a2 in eal_intr_handle_interrupts
> ../lib/eal/linux/eal_interrupts.c:1100
> #5 0x116a7f0 in eal_intr_thread_main
> ../lib/eal/linux/eal_interrupts.c:1172
> #6 0x112640a in ctrl_thread_init
> ../lib/eal/common/eal_common_thread.c:202
> #7 0x7f0dade27159 in start_thread (/lib64/libpthread.so.0+0x8159)
> #8 0x7f0dadb58f72 in clone (/lib64/libc.so.6+0xfcf72)
>
> Address 0x7f0daa2fc0d0 is located in stack of thread T1 at offset 4192
> in frame
> #0 0x115f0c9 in dev_uev_handler ../lib/eal/linux/eal_dev.c:226
>
> This frame has 2 object(s):
> [32, 48) 'uevent'
> [96, 4192) 'buf' <== Memory access at offset 4192 overflows this
> variable
> HINT: this may be a false positive if your program uses some custom
> stack unwind mechanism or swapcontext
> (longjmp and C++ exceptions *are* supported)
> Thread T1 created by T0 here:
> #0 0x7f0daee92ea3 in __interceptor_pthread_create
> (/lib64/libasan.so.5+0x52ea3)
> #1 0x1126542 in rte_ctrl_thread_create
> ../lib/eal/common/eal_common_thread.c:228
> #2 0x116a8b5 in rte_eal_intr_init
> ../lib/eal/linux/eal_interrupts.c:1200
> #3 0x1159dd1 in rte_eal_init ../lib/eal/linux/eal.c:1044
> #4 0x7a22f8 in main ../app/test-pmd/testpmd.c:4105
> #5 0x7f0dada7f802 in __libc_start_main (/lib64/libc.so.6+0x23802)
I sent the wrong patch, fixes ref is missing:
Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
Cc: stable@dpdk.org
>
> Signed-off-by: David Marchand <david.marchand@redhat.com>
--
David Marchand
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [dpdk-dev] [PATCH] eal/linux: fix uevent message parsing
2021-11-02 18:43 ` David Marchand
@ 2021-11-03 9:47 ` David Marchand
0 siblings, 0 replies; 5+ messages in thread
From: David Marchand @ 2021-11-03 9:47 UTC (permalink / raw)
To: dev; +Cc: Yu Jiang, Zhihong Peng, Xueqin Lin
On Tue, Nov 2, 2021 at 7:43 PM David Marchand <david.marchand@redhat.com> wrote:
> > Caught with ASan:
> > ==9727==ERROR: AddressSanitizer: stack-buffer-overflow on address
> > 0x7f0daa2fc0d0 at pc 0x7f0daeefacb2 bp 0x7f0daa2fadd0 sp 0x7f0daa2fa578
> > READ of size 1 at 0x7f0daa2fc0d0 thread T1
> > #0 0x7f0daeefacb1 (/lib64/libasan.so.5+0xbacb1)
> > #1 0x115eba1 in dev_uev_parse ../lib/eal/linux/eal_dev.c:167
> > #2 0x115f281 in dev_uev_handler ../lib/eal/linux/eal_dev.c:248
> > #3 0x1169b91 in eal_intr_process_interrupts
> > ../lib/eal/linux/eal_interrupts.c:1026
> > #4 0x116a3a2 in eal_intr_handle_interrupts
> > ../lib/eal/linux/eal_interrupts.c:1100
> > #5 0x116a7f0 in eal_intr_thread_main
> > ../lib/eal/linux/eal_interrupts.c:1172
> > #6 0x112640a in ctrl_thread_init
> > ../lib/eal/common/eal_common_thread.c:202
> > #7 0x7f0dade27159 in start_thread (/lib64/libpthread.so.0+0x8159)
> > #8 0x7f0dadb58f72 in clone (/lib64/libc.so.6+0xfcf72)
> >
> > Address 0x7f0daa2fc0d0 is located in stack of thread T1 at offset 4192
> > in frame
> > #0 0x115f0c9 in dev_uev_handler ../lib/eal/linux/eal_dev.c:226
> >
> > This frame has 2 object(s):
> > [32, 48) 'uevent'
> > [96, 4192) 'buf' <== Memory access at offset 4192 overflows this
> > variable
> > HINT: this may be a false positive if your program uses some custom
> > stack unwind mechanism or swapcontext
> > (longjmp and C++ exceptions *are* supported)
> > Thread T1 created by T0 here:
> > #0 0x7f0daee92ea3 in __interceptor_pthread_create
> > (/lib64/libasan.so.5+0x52ea3)
> > #1 0x1126542 in rte_ctrl_thread_create
> > ../lib/eal/common/eal_common_thread.c:228
> > #2 0x116a8b5 in rte_eal_intr_init
> > ../lib/eal/linux/eal_interrupts.c:1200
> > #3 0x1159dd1 in rte_eal_init ../lib/eal/linux/eal.c:1044
> > #4 0x7a22f8 in main ../app/test-pmd/testpmd.c:4105
> > #5 0x7f0dada7f802 in __libc_start_main (/lib64/libc.so.6+0x23802)
>
> I sent the wrong patch, fixes ref is missing:
Zhihong had opened a bz:
Bugzilla ID: 792
> Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
> Cc: stable@dpdk.org
--
David Marchand
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [dpdk-dev] [PATCH] eal/linux: fix uevent message parsing
2021-11-02 18:40 [dpdk-dev] [PATCH] eal/linux: fix uevent message parsing David Marchand
2021-11-02 18:43 ` David Marchand
@ 2021-11-04 13:59 ` Maxime Coquelin
2021-11-04 14:20 ` David Marchand
1 sibling, 1 reply; 5+ messages in thread
From: Maxime Coquelin @ 2021-11-04 13:59 UTC (permalink / raw)
To: David Marchand, dev; +Cc: yux.jiang
On 11/2/21 19:40, David Marchand wrote:
> Caught with ASan:
> ==9727==ERROR: AddressSanitizer: stack-buffer-overflow on address
> 0x7f0daa2fc0d0 at pc 0x7f0daeefacb2 bp 0x7f0daa2fadd0 sp 0x7f0daa2fa578
> READ of size 1 at 0x7f0daa2fc0d0 thread T1
> #0 0x7f0daeefacb1 (/lib64/libasan.so.5+0xbacb1)
> #1 0x115eba1 in dev_uev_parse ../lib/eal/linux/eal_dev.c:167
> #2 0x115f281 in dev_uev_handler ../lib/eal/linux/eal_dev.c:248
> #3 0x1169b91 in eal_intr_process_interrupts
> ../lib/eal/linux/eal_interrupts.c:1026
> #4 0x116a3a2 in eal_intr_handle_interrupts
> ../lib/eal/linux/eal_interrupts.c:1100
> #5 0x116a7f0 in eal_intr_thread_main
> ../lib/eal/linux/eal_interrupts.c:1172
> #6 0x112640a in ctrl_thread_init
> ../lib/eal/common/eal_common_thread.c:202
> #7 0x7f0dade27159 in start_thread (/lib64/libpthread.so.0+0x8159)
> #8 0x7f0dadb58f72 in clone (/lib64/libc.so.6+0xfcf72)
>
> Address 0x7f0daa2fc0d0 is located in stack of thread T1 at offset 4192
> in frame
> #0 0x115f0c9 in dev_uev_handler ../lib/eal/linux/eal_dev.c:226
>
> This frame has 2 object(s):
> [32, 48) 'uevent'
> [96, 4192) 'buf' <== Memory access at offset 4192 overflows this
> variable
> HINT: this may be a false positive if your program uses some custom
> stack unwind mechanism or swapcontext
> (longjmp and C++ exceptions *are* supported)
> Thread T1 created by T0 here:
> #0 0x7f0daee92ea3 in __interceptor_pthread_create
> (/lib64/libasan.so.5+0x52ea3)
> #1 0x1126542 in rte_ctrl_thread_create
> ../lib/eal/common/eal_common_thread.c:228
> #2 0x116a8b5 in rte_eal_intr_init
> ../lib/eal/linux/eal_interrupts.c:1200
> #3 0x1159dd1 in rte_eal_init ../lib/eal/linux/eal.c:1044
> #4 0x7a22f8 in main ../app/test-pmd/testpmd.c:4105
> #5 0x7f0dada7f802 in __libc_start_main (/lib64/libc.so.6+0x23802)
>
> Signed-off-by: David Marchand <david.marchand@redhat.com>
> ---
> lib/eal/linux/eal_dev.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/lib/eal/linux/eal_dev.c b/lib/eal/linux/eal_dev.c
> index 925cdba553..1fd00a482b 100644
> --- a/lib/eal/linux/eal_dev.c
> +++ b/lib/eal/linux/eal_dev.c
> @@ -160,6 +160,9 @@ dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
> break;
> buf++;
> }
> + if (i >= length)
> + break;
> +
> /**
> * check device uevent from kernel side, no need to check
> * uevent from udev.
>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Thanks,
Maxime
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [dpdk-dev] [PATCH] eal/linux: fix uevent message parsing
2021-11-04 13:59 ` Maxime Coquelin
@ 2021-11-04 14:20 ` David Marchand
0 siblings, 0 replies; 5+ messages in thread
From: David Marchand @ 2021-11-04 14:20 UTC (permalink / raw)
To: David Marchand; +Cc: dev, Yu Jiang, Maxime Coquelin, Yan Xia, Zhihong Peng
On Thu, Nov 4, 2021 at 3:00 PM Maxime Coquelin
<maxime.coquelin@redhat.com> wrote:
> On 11/2/21 19:40, David Marchand wrote:
> > Caught with ASan:
> > ==9727==ERROR: AddressSanitizer: stack-buffer-overflow on address
> > 0x7f0daa2fc0d0 at pc 0x7f0daeefacb2 bp 0x7f0daa2fadd0 sp 0x7f0daa2fa578
> > READ of size 1 at 0x7f0daa2fc0d0 thread T1
> > #0 0x7f0daeefacb1 (/lib64/libasan.so.5+0xbacb1)
> > #1 0x115eba1 in dev_uev_parse ../lib/eal/linux/eal_dev.c:167
> > #2 0x115f281 in dev_uev_handler ../lib/eal/linux/eal_dev.c:248
> > #3 0x1169b91 in eal_intr_process_interrupts
> > ../lib/eal/linux/eal_interrupts.c:1026
> > #4 0x116a3a2 in eal_intr_handle_interrupts
> > ../lib/eal/linux/eal_interrupts.c:1100
> > #5 0x116a7f0 in eal_intr_thread_main
> > ../lib/eal/linux/eal_interrupts.c:1172
> > #6 0x112640a in ctrl_thread_init
> > ../lib/eal/common/eal_common_thread.c:202
> > #7 0x7f0dade27159 in start_thread (/lib64/libpthread.so.0+0x8159)
> > #8 0x7f0dadb58f72 in clone (/lib64/libc.so.6+0xfcf72)
> >
> > Address 0x7f0daa2fc0d0 is located in stack of thread T1 at offset 4192
> > in frame
> > #0 0x115f0c9 in dev_uev_handler ../lib/eal/linux/eal_dev.c:226
> >
> > This frame has 2 object(s):
> > [32, 48) 'uevent'
> > [96, 4192) 'buf' <== Memory access at offset 4192 overflows this
> > variable
> > HINT: this may be a false positive if your program uses some custom
> > stack unwind mechanism or swapcontext
> > (longjmp and C++ exceptions *are* supported)
> > Thread T1 created by T0 here:
> > #0 0x7f0daee92ea3 in __interceptor_pthread_create
> > (/lib64/libasan.so.5+0x52ea3)
> > #1 0x1126542 in rte_ctrl_thread_create
> > ../lib/eal/common/eal_common_thread.c:228
> > #2 0x116a8b5 in rte_eal_intr_init
> > ../lib/eal/linux/eal_interrupts.c:1200
> > #3 0x1159dd1 in rte_eal_init ../lib/eal/linux/eal.c:1044
> > #4 0x7a22f8 in main ../app/test-pmd/testpmd.c:4105
> > #5 0x7f0dada7f802 in __libc_start_main (/lib64/libc.so.6+0x23802)
> >
Bugzilla ID: 792
Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
Cc: stable@dpdk.org
> > Signed-off-by: David Marchand <david.marchand@redhat.com>
Tested-by: Yan Xia <yanx.xia@intel.com>
> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Applied, thanks.
--
David Marchand
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-11-04 14:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-02 18:40 [dpdk-dev] [PATCH] eal/linux: fix uevent message parsing David Marchand
2021-11-02 18:43 ` David Marchand
2021-11-03 9:47 ` David Marchand
2021-11-04 13:59 ` Maxime Coquelin
2021-11-04 14:20 ` David Marchand
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).