From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4C9F441BDD; Sun, 5 Feb 2023 21:14:42 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D74A540A7D; Sun, 5 Feb 2023 21:14:41 +0100 (CET) Received: from mail-lj1-f172.google.com (mail-lj1-f172.google.com [209.85.208.172]) by mails.dpdk.org (Postfix) with ESMTP id F161E40041 for ; Sun, 5 Feb 2023 21:14:40 +0100 (CET) Received: by mail-lj1-f172.google.com with SMTP id g14so10207694ljh.10 for ; Sun, 05 Feb 2023 12:14:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=p4tzgtEgM//eCPfAK+ZLgdlE6lpKD2Dryxj7+xta6Zs=; b=dcg5yhkXl0Kqk6BACbOGjxtvx/CeuvrnMN5EIP9mgCJ/shY8Z536TffDKm6PjfE5c3 DkATM9oMpssnJwJdNcgc9ZGEPhGSQro7ZPbyK4zM80akizhq8zxfOEARCUPLy8xQSVED C+6AfukG9vJf9pvEvzmGgOsMAwX2KGfv+Y+qVBmaZxWqpAGYKNUMmy/07Kp8OmIZdmF0 jf7NqzJ7GKWuch4FRQgjMReLdtPNyE6FCES/H6KoGbMhYqFc0ajuZQwE1LuTrssizIRc k3WyUnz/NhKMtdMczgGvyahGMfdKbe2wjGYrWzksymlCav1eW4fr5y/6kIT+7mua0FLE 6jOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=p4tzgtEgM//eCPfAK+ZLgdlE6lpKD2Dryxj7+xta6Zs=; b=C1LxDcpoc24AIjGlGxsIHunXkn6w8nFwiMNbUsbPAKXzadkY3SZR4vTH+4/S33DmXz ERuLFSsXM4veBdzx11RvokRk2VL2ilEqhDYAjx26KsqrcmkIwUFXsML9v4BlxLCLQ74Y yJFoNiu3XXXmsIiLNV1DJk9li1uutghotiEVPQ6Fqd74KFn1mWbpsaQ15YTsEd3Svpj/ GJKO8ZLxjR6axdG7xBdhScX70eSoQonOSW5mcqdxqYGRSje0NszG7sTaTUgoULAc3ocS aK906iNLad9st/EHihGqeBmuqMJQsvYROtxvp2fjODU6OacTFp5UKAKrjmz8J872DA8c eU3A== X-Gm-Message-State: AO0yUKU3yXZO27Mz+RbJmQDF66Dt+d1UsHeMQTiPDrrknUnjim+p2jef luGj4LLL/2gZM4oWKxJ6zIlDGhzntdwyw3H76leBRIKigQk= X-Google-Smtp-Source: AK7set93j4yM1cFGdASMFxT+l7zQWrr0iu0Wrez9/FYZPJkoUdXpgAUpFpKwB/hans7DTKt/SpqAQ1qBiUF27vOQEc8= X-Received: by 2002:a2e:320a:0:b0:290:518f:e203 with SMTP id y10-20020a2e320a000000b00290518fe203mr2491085ljy.11.1675628079961; Sun, 05 Feb 2023 12:14:39 -0800 (PST) MIME-Version: 1.0 References: <20230205114921.605de31a@hermes.local> In-Reply-To: <20230205114921.605de31a@hermes.local> From: Isaac Boukris Date: Sun, 5 Feb 2023 22:14:28 +0200 Message-ID: Subject: Re: BUG: AddressSanitizer reports a buffer-overflow on rte_hash_lookup To: Stephen Hemminger Cc: dev@dpdk.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On Sun, Feb 5, 2023 at 9:49 PM Stephen Hemminger wrote: > > On Sun, 5 Feb 2023 18:54:20 +0200 > Isaac Boukris wrote: > > > Hi, > > > > I managed to reproduce it by modifying the helloworld app (see > > attached). The report seem correct, as in case of 10 byte key the code > > tries to look at the key as uint32 array and access k[2] which is two > > bytes over, see: > > https://github.com/DPDK/dpdk/blob/0bf5832222971a0154c9150d4a7a4b82ecbc9ddb/lib/hash/rte_jhash.h#L118 > > > > $ sudo build/helloworld --iova-mode=pa > > EAL: Detected CPU lcores: 8 > > EAL: Detected NUMA nodes: 1 > > EAL: Detected static linkage of DPDK > > EAL: Multi-process socket /var/run/dpdk/rte/mp_socket > > EAL: Selected IOVA mode 'PA' > > EAL: VFIO support initialized > > EAL: Using IOMMU type 1 (Type 1) > > EAL: Ignore mapping IO port bar(3) > > EAL: Probe PCI driver: net_vmxnet3 (15ad:7b0) device: 0000:0b:00.0 (socket -1) > > ================================================================= > > ==21410==ERROR: AddressSanitizer: global-buffer-overflow on address > > 0x0000024fe428 at pc 0x000001293b0b bp 0x7fff126ef2d0 sp > > 0x7fff126ef2c0 > > READ of size 4 at 0x0000024fe428 thread T0 > > #0 0x1293b0a in __rte_jhash_2hashes > > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1293b0a) > > #1 0x12953bf in rte_jhash_2hashes > > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x12953bf) > > #2 0x12954c8 in rte_jhash > > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x12954c8) > > #3 0x1bd7168 in rte_hash_lookup > > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1bd7168) > > #4 0x1295600 in main > > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1295600) > > #5 0x7fe8fffbbd84 in __libc_start_main (/lib64/libc.so.6+0x3ad84) > > #6 0x129356d in _start > > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x129356d) > > > > 0x0000024fe42a is located 0 bytes to the right of global variable > > 'hash_key' defined in 'main.c:34:13' (0x24fe420) of size 10 > > SUMMARY: AddressSanitizer: global-buffer-overflow > > (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1293b0a) > > in __rte_jhash_2hashes > > This code is using the common optimization of doing a full 32 bit access > and masking the result. This will read past the end of the passed input > but ignore the extra bytes. It won't be a problem unless the application > goes out of its way to put a hash key value at the end of a mapped > region. Ack, fwiw it still makes it trickier to use AddressSanitizer in user app.