From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 83FDF41BDC; Sun, 5 Feb 2023 17:54:34 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 254BA40A89; Sun, 5 Feb 2023 17:54:34 +0100 (CET) Received: from mail-lf1-f51.google.com (mail-lf1-f51.google.com [209.85.167.51]) by mails.dpdk.org (Postfix) with ESMTP id 4790C40A7D for ; Sun, 5 Feb 2023 17:54:33 +0100 (CET) Received: by mail-lf1-f51.google.com with SMTP id w11so14551121lfu.11 for ; Sun, 05 Feb 2023 08:54:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=/4gORpKlOtZp3ePmXEjq37ZwwSq3SCkJxSZWyWLHVT0=; b=LRt8udAxb/9X33RuycjlSq72XYRge1cIHKvwdrdHAGB7x/F7syIDmywEgQqH/2paQU eYVoZZPhlEBSIMDNS8jyADTNkoD8g8hx/feeyFBD8mNeCmqxirgWbld+Gkieo7CBHcOu iYGrVaOELYCn9+EymoSBr2R7Tk8EsiEBGD/bVwiOPciTH2izZDWnOsqlOVC7FQu0pQlV aqp48I5e3zDYBCpzAwMp2aZlxq2A0qyzRN6akbc0+lvUqOiwpL0PW6ji3i+QTipp6k/Z Zr1XbvQv0MnN0uh2WVZq0g10ui44L9HJH5IyYYABM3zj4NDcNo/Wb6sz2PiEy3lI6a+a ew6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=/4gORpKlOtZp3ePmXEjq37ZwwSq3SCkJxSZWyWLHVT0=; b=hIBOtBD3F+hlFexgew6V4aYP49bbPU5M33Jo21ohxEhC2kF9qOWdZJ59C4nNx4seyU 5VFoKLja1wIL/cQkJ4QOz7TS9dZlwB80sLNrvijMqYFGbGNO2MVQk4DognYPhcQPKvNj 2dOZe+HKtIQN0t1sQXTU13lRF4SEKk1zVuzsQzgvP/uRe3WsUVFlyrhyIwh30FhlX2YJ aoUpJTTZ4fd4JbcYdYuH6RkyT2d5lkDegta9c4g4aEmo2SKvlRMNyBi5tF2USABizYRt X/twiabYVL5+z8ub3kZigIlPauEEqpUjdxZYGo/+bJYMzL0f1nJfPwo3cbDCf0z1b/w3 P+aQ== X-Gm-Message-State: AO0yUKVK8+dDs/yVyFtrfiVchzVu1ssIY1WfuYmHkiZSFTXjKJqSjeyR 21fJrn0bezQYxNiVrJfCDa4pzDSulET5bHSITTvr0lB3Yoo= X-Google-Smtp-Source: AK7set/nfroYzM83SmbUUjWizcDtYhG7qHQJR5T2jMZQxX18ILjFXzQ61bot3z3kL7c6iWOAVI/kckHGAXuV6RaZqpE= X-Received: by 2002:a05:6512:220c:b0:4cb:eb9:c98f with SMTP id h12-20020a056512220c00b004cb0eb9c98fmr3268586lfu.31.1675616072406; Sun, 05 Feb 2023 08:54:32 -0800 (PST) MIME-Version: 1.0 From: Isaac Boukris Date: Sun, 5 Feb 2023 18:54:20 +0200 Message-ID: Subject: BUG: AddressSanitizer reports a buffer-overflow on rte_hash_lookup To: dev@dpdk.org Content-Type: multipart/mixed; boundary="000000000000c6e27005f3f6c4a5" X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org --000000000000c6e27005f3f6c4a5 Content-Type: text/plain; charset="UTF-8" Hi, I managed to reproduce it by modifying the helloworld app (see attached). The report seem correct, as in case of 10 byte key the code tries to look at the key as uint32 array and access k[2] which is two bytes over, see: https://github.com/DPDK/dpdk/blob/0bf5832222971a0154c9150d4a7a4b82ecbc9ddb/lib/hash/rte_jhash.h#L118 $ sudo build/helloworld --iova-mode=pa EAL: Detected CPU lcores: 8 EAL: Detected NUMA nodes: 1 EAL: Detected static linkage of DPDK EAL: Multi-process socket /var/run/dpdk/rte/mp_socket EAL: Selected IOVA mode 'PA' EAL: VFIO support initialized EAL: Using IOMMU type 1 (Type 1) EAL: Ignore mapping IO port bar(3) EAL: Probe PCI driver: net_vmxnet3 (15ad:7b0) device: 0000:0b:00.0 (socket -1) ================================================================= ==21410==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000024fe428 at pc 0x000001293b0b bp 0x7fff126ef2d0 sp 0x7fff126ef2c0 READ of size 4 at 0x0000024fe428 thread T0 #0 0x1293b0a in __rte_jhash_2hashes (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1293b0a) #1 0x12953bf in rte_jhash_2hashes (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x12953bf) #2 0x12954c8 in rte_jhash (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x12954c8) #3 0x1bd7168 in rte_hash_lookup (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1bd7168) #4 0x1295600 in main (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1295600) #5 0x7fe8fffbbd84 in __libc_start_main (/lib64/libc.so.6+0x3ad84) #6 0x129356d in _start (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x129356d) 0x0000024fe42a is located 0 bytes to the right of global variable 'hash_key' defined in 'main.c:34:13' (0x24fe420) of size 10 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/admin/dpdk/share/dpdk/examples/helloworld/build/helloworld-static+0x1293b0a) in __rte_jhash_2hashes --000000000000c6e27005f3f6c4a5 Content-Type: text/x-patch; charset="US-ASCII"; name="Demo-bug-in-rte_hash_lookup.patch" Content-Disposition: attachment; filename="Demo-bug-in-rte_hash_lookup.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_ldrma9fd0 RnJvbSA0NGE3NGFjNTM3ZmJlZTAzMWJlZGRhNzRmYTA1MDk5ZjNmZDNmNTUyIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQ0KRnJvbTogSXNhYWMgQm91a3JpcyA8aWJvdWtyaXNAZ21haWwuY29tPg0K RGF0ZTogU3VuLCA1IEZlYiAyMDIzIDExOjIwOjI5ICswMjAwDQpTdWJqZWN0OiBbUEFUQ0hdIERl bW8gYnVnIGluIHJ0ZV9oYXNoX2xvb2t1cA0KDQotLS0NCiBleGFtcGxlcy9oZWxsb3dvcmxkL01h a2VmaWxlIHwgIDIgKy0NCiBleGFtcGxlcy9oZWxsb3dvcmxkL21haW4uYyAgIHwgMjMgKysrKysr KysrKysrKysrKysrKysrKysNCiAyIGZpbGVzIGNoYW5nZWQsIDI0IGluc2VydGlvbnMoKyksIDEg ZGVsZXRpb24oLSkNCg0KZGlmZiAtLWdpdCBhL2V4YW1wbGVzL2hlbGxvd29ybGQvTWFrZWZpbGUg Yi9leGFtcGxlcy9oZWxsb3dvcmxkL01ha2VmaWxlDQppbmRleCAyYTZhMmYxNTI3Li4xNGU0NGI4 YWE4IDEwMDY0NA0KLS0tIGEvZXhhbXBsZXMvaGVsbG93b3JsZC9NYWtlZmlsZQ0KKysrIGIvZXhh bXBsZXMvaGVsbG93b3JsZC9NYWtlZmlsZQ0KQEAgLTIyLDcgKzIyLDcgQEAgc3RhdGljOiBidWls ZC8kKEFQUCktc3RhdGljDQogICAgICAgIGxuIC1zZiAkKEFQUCktc3RhdGljIGJ1aWxkLyQoQVBQ KQ0KDQogUENfRklMRSA6PSAkKHNoZWxsICQoUEtHQ09ORikgLS1wYXRoIGxpYmRwZGsgMj4vZGV2 L251bGwpDQotQ0ZMQUdTICs9IC1PMyAkKHNoZWxsICQoUEtHQ09ORikgLS1jZmxhZ3MgbGliZHBk aykNCitDRkxBR1MgKz0gLU8wIC1mc2FuaXRpemU9YWRkcmVzcyAkKHNoZWxsICQoUEtHQ09ORikg LS1jZmxhZ3MgbGliZHBkaykNCiBMREZMQUdTX1NIQVJFRCA9ICQoc2hlbGwgJChQS0dDT05GKSAt LWxpYnMgbGliZHBkaykNCiBMREZMQUdTX1NUQVRJQyA9ICQoc2hlbGwgJChQS0dDT05GKSAtLXN0 YXRpYyAtLWxpYnMgbGliZHBkaykNCg0KZGlmZiAtLWdpdCBhL2V4YW1wbGVzL2hlbGxvd29ybGQv bWFpbi5jIGIvZXhhbXBsZXMvaGVsbG93b3JsZC9tYWluLmMNCmluZGV4IGFmNTA5MTM4ZGEuLjc0 NjBmYmRmZWEgMTAwNjQ0DQotLS0gYS9leGFtcGxlcy9oZWxsb3dvcmxkL21haW4uYw0KKysrIGIv ZXhhbXBsZXMvaGVsbG93b3JsZC9tYWluLmMNCkBAIC0xNSw2ICsxNSwxMSBAQA0KICNpbmNsdWRl IDxydGVfbGNvcmUuaD4NCiAjaW5jbHVkZSA8cnRlX2RlYnVnLmg+DQoNCisjaW5jbHVkZSA8YXNz ZXJ0Lmg+DQorI2luY2x1ZGUgPHJ0ZV9oYXNoLmg+DQorI2luY2x1ZGUgPHJ0ZV9mYmtfaGFzaC5o Pg0KKyNpbmNsdWRlIDxydGVfamhhc2guaD4NCisNCiAvKiBMYXVuY2ggYSBmdW5jdGlvbiBvbiBs Y29yZS4gODwgKi8NCiBzdGF0aWMgaW50DQogbGNvcmVfaGVsbG8oX19ydGVfdW51c2VkIHZvaWQg KmFyZykNCkBAIC0yNiwxOCArMzEsMzYgQEAgbGNvcmVfaGVsbG8oX19ydGVfdW51c2VkIHZvaWQg KmFyZykNCiB9DQogLyogPjggRW5kIG9mIGxhdW5jaGluZyBmdW5jdGlvbiBvbiBsY29yZS4gKi8N Cg0KK3N0YXRpYyBjaGFyIGhhc2hfa2V5WzEwXSA9ICIiOw0KKw0KK3N0YXRpYyBzdHJ1Y3QgcnRl X2hhc2hfcGFyYW1ldGVycyBoX3BhcmFtcyA9IHsNCisgICAgICAgLmVudHJpZXMgPSA2NCwNCisg ICAgICAgLmtleV9sZW4gPSBzaXplb2YoaGFzaF9rZXkpLA0KKyAgICAgICAuaGFzaF9mdW5jID0g cnRlX2poYXNoLA0KKyAgICAgICAuaGFzaF9mdW5jX2luaXRfdmFsID0gMCwNCisgICAgICAgLnNv Y2tldF9pZCA9IDAsDQorfTsNCisNCiAvKiBJbml0aWFsaXphdGlvbiBvZiBFbnZpcm9ubWVudCBB YnN0cmFjdGlvbiBMYXllciAoRUFMKS4gODwgKi8NCiBpbnQNCiBtYWluKGludCBhcmdjLCBjaGFy ICoqYXJndikNCiB7DQogICAgICAgIGludCByZXQ7DQogICAgICAgIHVuc2lnbmVkIGxjb3JlX2lk Ow0KKyAgICAgICBzdHJ1Y3QgcnRlX2hhc2ggKmhhbmRsZTsNCisgICAgICAgaW50IHBvczsNCg0K ICAgICAgICByZXQgPSBydGVfZWFsX2luaXQoYXJnYywgYXJndik7DQogICAgICAgIGlmIChyZXQg PCAwKQ0KICAgICAgICAgICAgICAgIHJ0ZV9wYW5pYygiQ2Fubm90IGluaXQgRUFMXG4iKTsNCiAg ICAgICAgLyogPjggRW5kIG9mIGluaXRpYWxpemF0aW9uIG9mIEVudmlyb25tZW50IEFic3RyYWN0 aW9uIExheWVyICovDQoNCisgICAgICAgaGFuZGxlID0gcnRlX2hhc2hfY3JlYXRlKCZoX3BhcmFt cyk7DQorICAgICAgIGFzc2VydChoYW5kbGUgIT0gTlVMTCk7DQorDQorICAgICAgIHBvcyA9IHJ0 ZV9oYXNoX2xvb2t1cChoYW5kbGUsICZoYXNoX2tleSk7DQorICAgICAgIGFzc2VydChwb3MgPT0g LUVOT0VOVCk7DQorDQogICAgICAgIC8qIExhdW5jaGVzIHRoZSBmdW5jdGlvbiBvbiBlYWNoIGxj b3JlLiA4PCAqLw0KICAgICAgICBSVEVfTENPUkVfRk9SRUFDSF9XT1JLRVIobGNvcmVfaWQpIHsN CiAgICAgICAgICAgICAgICAvKiBTaW1wbGVyIGVxdWl2YWxlbnQuIDg8ICovDQotLQ0KMi4zMS4x --000000000000c6e27005f3f6c4a5--