From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A01C5A034F; Mon, 11 Oct 2021 13:03:44 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2653440E50; Mon, 11 Oct 2021 13:03:44 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mails.dpdk.org (Postfix) with ESMTP id 369B94003C for ; Mon, 11 Oct 2021 13:03:42 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1633950221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FDkMwcgk87Y75+I2epWGMMlvJBJAMpBSAUOQ+u8HU7s=; b=cldbl7ECy6asUACXAjn1x45E1seDOxH4y81zblUe6m20v9g9ybFuKEzJ/YfnJ84SWgdeiR fRHdzdJ7mK1CYsFn0aemqRxKBd5rp0rVlDnUedN8WXJ7RRNBMA5BdYAarQbf7wIYDc07fQ xgb0DgVDWcZlRo+RZERfAxVs3ue8LuY= Received: from mail-lf1-f71.google.com (mail-lf1-f71.google.com [209.85.167.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-411-h6d_Qu5RMCqEzfR4sA9KQw-1; Mon, 11 Oct 2021 07:03:34 -0400 X-MC-Unique: h6d_Qu5RMCqEzfR4sA9KQw-1 Received: by mail-lf1-f71.google.com with SMTP id x33-20020a0565123fa100b003fcfd99073dso12509126lfa.6 for ; Mon, 11 Oct 2021 04:03:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FDkMwcgk87Y75+I2epWGMMlvJBJAMpBSAUOQ+u8HU7s=; b=B1dCi8+aMvcF8XCulaiC6c5cEusPD20fxfZxHQIsPNBFJZcXKPPpVxzkvgwJOForU+ ++fxNXJvQD5rM69nx9qJLmeva2SJrAhwqdGhD9+gR6zYgSPEUOmejUnOdnavYdVnsEf8 f6iZE7hxr7hAwZh8TUBi+/+X+S3blP4mhOaVSvmSO9/3wRdyBxchTjCneczXXf6L126Y LbADcUApO1+AIW458hHw7QPDn/imoHbzJdwua0IEqZUAaJX/MaZxKisARHzYjsY7fwHy vJcy8OsuZoS+ERfDz3x36lxNsud1XDtqs0FS1oo4s0U4WefvI2aTQskm4infSsALxzyk ZRbw== X-Gm-Message-State: AOAM531M66E7H3U1FT+tCM/9vw5G9LLZXkYQB02hjDTPI/UxgKKtSr+Z 0NjlaWQMxP1GUHir+OOfnYd1JiBAawLPse19d7dX5QOYV4IeimToN+8kDqnK+pJgvZhrTQ3UpTL Jicjum8TWaCyiJMwWsXI= X-Received: by 2002:a2e:91d4:: with SMTP id u20mr21805574ljg.81.1633950212291; Mon, 11 Oct 2021 04:03:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwbFXmB7OUP3nQSAT37qvFvZttl63j1dJ4v7B5i2ca1J0frHWL0vGjASTAnNH/3nnd81FpYTZR0UuHOmnPtUec= X-Received: by 2002:a2e:91d4:: with SMTP id u20mr21805539ljg.81.1633950211979; Mon, 11 Oct 2021 04:03:31 -0700 (PDT) MIME-Version: 1.0 References: <1633728526-197782-1-git-send-email-vladimir.medvedkin@intel.com> In-Reply-To: <1633728526-197782-1-git-send-email-vladimir.medvedkin@intel.com> From: David Marchand Date: Mon, 11 Oct 2021 13:03:20 +0200 Message-ID: To: Vladimir Medvedkin Cc: dev , "Wang, Yipeng1" , "Gobriel, Sameh" , Bruce Richardson , dpdk stable Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dmarchan@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Subject: Re: [dpdk-dev] [PATCH] test/hash: fix buffer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Fri, Oct 8, 2021 at 11:28 PM Vladimir Medvedkin wrote: > > This patch fixes buffer overflow reported by ASAN, > please reference https://bugs.dpdk.org/show_bug.cgi?id=818 > > Some tests for the rte_hash table use the rte_jhash_32b() as > the hash function. This hash function interprets the length > argument in units of 4 bytes. > > This patch divides configured key length by 4 in cases when > rte_jhash_32b() is used. > > Bugzilla ID: 818 > Fixes: af75078fece3 ("first public release") > Cc: stable@dpdk.org > With patch applied, ASan reports another issue. Did you test your fix with ASan? >From GHA, with https://patchwork.dpdk.org/project/dpdk/patch/20211002162432.4348-4-david.marchand@redhat.com/ applied: 30/94 DPDK:fast-tests / hash_autotest FAIL 0.87 s (exit status 1) --- command --- DPDK_TEST='hash_autotest' /home/runner/work/dpdk/dpdk/build/app/test/dpdk-test -l 0-1 --file-prefix=hash_autotest --- stdout --- RTE>>hash_autotest --- stderr --- EAL: Detected CPU lcores: 2 EAL: Detected NUMA nodes: 1 EAL: Detected shared linkage of DPDK EAL: WARNING! Base virtual address hint (0x100005000 != 0x7fa4a7cda000) not respected! EAL: This may cause issues with mapping memory into secondary processes EAL: Multi-process socket /var/run/dpdk/hash_autotest/mp_socket EAL: Selected IOVA mode 'PA' EAL: No available 1048576 kB hugepages reported EAL: VFIO support initialized EAL: WARNING! Base virtual address hint (0x10000b000 != 0x7fa49688f000) not respected! EAL: This may cause issues with mapping memory into secondary processes EAL: WARNING! Base virtual address hint (0x100011000 != 0x7fa49682e000) not respected! EAL: This may cause issues with mapping memory into secondary processes EAL: WARNING! Base virtual address hint (0x100a12000 != 0x7fa094a00000) not respected! EAL: This may cause issues with mapping memory into secondary processes EAL: WARNING! Base virtual address hint (0x100c17000 != 0x7fa49669f000) not respected! EAL: This may cause issues with mapping memory into secondary processes EAL: WARNING! Base virtual address hint (0x101618000 != 0x7f9c94800000) not respected! EAL: This may cause issues with mapping memory into secondary processes EAL: WARNING! Base virtual address hint (0x10181d000 != 0x7fa49663e000) not respected! EAL: This may cause issues with mapping memory into secondary processes EAL: WARNING! Base virtual address hint (0x10221e000 != 0x7f9894600000) not respected! EAL: This may cause issues with mapping memory into secondary processes EAL: WARNING! Base virtual address hint (0x102423000 != 0x7fa49649f000) not respected! EAL: This may cause issues with mapping memory into secondary processes EAL: WARNING! Base virtual address hint (0x102e24000 != 0x7f9494400000) not respected! EAL: This may cause issues with mapping memory into secondary processes APP: HPET is not enabled, using TSC as default timer ================================================================= ==26840==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000372e3e0 at pc 0x0000014b0eb8 bp 0x7fff80e49990 sp 0x7fff80e49988 READ of size 4 at 0x00000372e3e0 thread T0 #0 0x14b0eb7 in __rte_jhash_2hashes /home/runner/work/dpdk/dpdk/build/../lib/hash/rte_jhash.h:137:9 #1 0x14b0130 in rte_jhash_2hashes /home/runner/work/dpdk/dpdk/build/../lib/hash/rte_jhash.h:238:2 #2 0x14b0051 in rte_jhash /home/runner/work/dpdk/dpdk/build/../lib/hash/rte_jhash.h:284:2 #3 0x7fa4a38c7627 in rte_hash_hash /home/runner/work/dpdk/dpdk/build/../lib/hash/rte_cuckoo_hash.c:538:9 #4 0x7fa4a38d6672 in rte_hash_add_key /home/runner/work/dpdk/dpdk/build/../lib/hash/rte_cuckoo_hash.c:1212:46 #5 0x14a06db in test_five_keys /home/runner/work/dpdk/dpdk/build/../app/test/test_hash.c:715:12 #6 0x149deda in test_hash /home/runner/work/dpdk/dpdk/build/../app/test/test_hash.c:2207:6 #7 0x4d61f6 in cmd_autotest_parsed /home/runner/work/dpdk/dpdk/build/../app/test/commands.c:71:10 #8 0x7fa4a44356c5 in cmdline_parse /home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_parse.c:290:3 #9 0x7fa4a442e8d5 in cmdline_valid_buffer /home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:26:8 #10 0x7fa4a443ff07 in rdline_char_in /home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline_rdline.c:421:5 #11 0x7fa4a442f03f in cmdline_in /home/runner/work/dpdk/dpdk/build/../lib/cmdline/cmdline.c:149:9 #12 0x5ac71e in main /home/runner/work/dpdk/dpdk/build/../app/test/test.c:214:8 #13 0x7fa49ca42bf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310 #14 0x42eaa9 in _start (/home/runner/work/dpdk/dpdk/build/app/test/dpdk-test+0x42eaa9) 0x00000372e3e1 is located 0 bytes to the right of global variable 'keys' defined in '../app/test/test_hash.c:115:24' (0x372e3a0) of size 65 SUMMARY: AddressSanitizer: global-buffer-overflow /home/runner/work/dpdk/dpdk/build/../lib/hash/rte_jhash.h:137:9 in __rte_jhash_2hashes Shadow bytes around the buggy address: 0x0000806ddc20: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000806ddc30: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000806ddc40: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000806ddc50: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 0x0000806ddc60: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 =>0x0000806ddc70: f9 f9 f9 f9 00 00 00 00 00 00 00 00[01]f9 f9 f9 0x0000806ddc80: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 0x0000806ddc90: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 0x0000806ddca0: 00 00 00 00 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9 0x0000806ddcb0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000806ddcc0: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==26840==ABORTING ------- -- David Marchand