DPDK patches and discussions
 help / color / mirror / Atom feed
* [Bug 1162] [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error.
@ 2023-02-17  6:57 bugzilla
  2023-03-10  8:28 ` bugzilla
  0 siblings, 1 reply; 2+ messages in thread
From: bugzilla @ 2023-02-17  6:57 UTC (permalink / raw)
  To: dev

[-- Attachment #1: Type: text/plain, Size: 6290 bytes --]

https://bugs.dpdk.org/show_bug.cgi?id=1162

            Bug ID: 1162
           Summary: [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz
                    as global-buffer-overflow error.
           Product: DPDK
           Version: 23.03
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: ethdev
          Assignee: dev@dpdk.org
          Reporter: weiyuanx.li@intel.com
  Target Milestone: ---

[Environment]

DPDK version: Use make showversion or for a non-released version: git remote -v
&& git show-ref --heads
dpdk22.03 8a3ef4b89e6dd0247355fdf3a77ff7ec1db28d8d
Other software versions: name/version for QEMU, OVS, etc. Repeat as required.
OS: Ubuntu 22.04.1 LTS (Jammy Jellyfish)/5.15.0-57-generic
Compiler: gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0

Hardware platform: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
NIC hardware: Ethernet Controller XXV710 for 25GbE SFP28 158b.
NIC firmware: 
driver: i40e
version: 5.15.0-57-generic
firmware-version:  9.10 0x8000d02b 1.3179.0

[Test Setup]
Steps to reproduce
1. Use the following command to build DPDK: 
CC=clang meson -Denable_kmods=True -Dlibdir=lib  --default-library=static
-Dbuildtype=debug -Db_lundef=false -Db_sanitize=address
x86_64-native-linuxapp-clang
ninja -C x86_64-native-linuxapp-clang/ -j 70

2. Execute the following command in the dpdk directory.  
x86_64-native-linuxapp-clang/app/dpdk-fuzz

[Show the output from the previous commands]
~/dpdk# x86_64-native-linuxapp-clang/app/dpdk-fuzz /tmp/fuzz_seed/hash_seed/ --
-ignore_remaining_args=1 -l 1 -n 4 --no-pci
=================================================================
==483867==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55daec41adb8 at pc 0x55dadb105100 bp 0x7ffc03906630 sp 0x7ffc03906628
READ of size 8 at 0x55daec41adb8 thread T0
    #0 0x55dadb1050ff in rte_eth_trace_find_next_of
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1
    #1 0x55dadb2e9d26 in __rte_trace_point_register
/root/dpdk/x86_64-native-linuxapp-clang/../lib/eal/common/eal_common_trace.c:477:2
    #2 0x55dadb104fed in rte_eth_trace_find_next_of_init
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace_points.c:52:1
    #3 0x7f2f75a3deba in call_init csu/../csu/libc-start.c:145:3
    #4 0x7f2f75a3deba in __libc_start_main csu/../csu/libc-start.c:379:5
    #5 0x55dada308b84 in _start
(/root/dpdk/x86_64-native-linuxapp-clang/app/dpdk-fuzz+0x872b84) (BuildId:
5671e4355ef645c73952e41f5b7b4c1f86ae12bc)

0x55daec41adb8 is located 40 bytes to the left of global variable
'__rte_eth_trace_find_next_sibling_name' defined in
'../lib/ethdev/ethdev_trace_points.c:55:1' (0x55daec41ade0) of size 29
  '__rte_eth_trace_find_next_sibling_name' is ascii string
'lib.ethdev.find_next_sibling'
0x55daec41adb8 is located 0 bytes to the right of global variable
'__rte_eth_trace_find_next_of_name' defined in
'../lib/ethdev/ethdev_trace_points.c:52:1' (0x55daec41ada0) of size 24
  '__rte_eth_trace_find_next_of_name' is ascii string 'lib.ethdev.find_next_of'
SUMMARY: AddressSanitizer: global-buffer-overflow
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1 in
rte_eth_trace_find_next_of
Shadow bytes around the buggy address:
  0x0abbdd87b560: 00 00 01 f9 f9 f9 f9 f9 00 00 f9 f9 00 00 01 f9
  0x0abbdd87b570: f9 f9 f9 f9 00 00 04 f9 f9 f9 f9 f9 00 00 04 f9
  0x0abbdd87b580: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 00 00 00 05
  0x0abbdd87b590: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 01
  0x0abbdd87b5a0: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 00 05 f9
=>0x0abbdd87b5b0: f9 f9 f9 f9 00 00 00[f9]f9 f9 f9 f9 00 00 00 05
  0x0abbdd87b5c0: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 06
  0x0abbdd87b5d0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9
  0x0abbdd87b5e0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 00 f9
  0x0abbdd87b5f0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9
  0x0abbdd87b600: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 07 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==483867==ABORTING

[Expected Result]
Launch dpdk-fuzz successfully.

[Regression]
Is this issue a regression: (Y/N) Y
~/dpdk# git bisect good
6679cf21d6083710bef2e5a4e4a7b42eee5be3aa is the first bad commit
commit 6679cf21d6083710bef2e5a4e4a7b42eee5be3aa
Author: Ankur Dwivedi <adwivedi@marvell.com>
Date:   Wed Feb 8 22:42:11 2023 +0530

    ethdev: add trace points

    Adds trace points for ethdev functions.

    The rte_ethdev_trace.h is removed. The file ethdev_trace.h is added as
    an internal header. ethdev_trace.h contains internal slow path and
    fast path tracepoints. The public fast path tracepoints are present in
    rte_ethdev_trace_fp.h header.

    Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
    Acked-by: Sunil Kumar Kori <skori@marvell.com>
    Reviewed-by: Ferruh Yigit <ferruh.yigit@amd.com>

 lib/ethdev/ethdev_private.c      |    7 +
 lib/ethdev/ethdev_trace.h        | 1512 ++++++++++++++++++++++++++++++++++++++
 lib/ethdev/ethdev_trace_points.c |  447 ++++++++++-
 lib/ethdev/meson.build           |    2 +-
 lib/ethdev/rte_ethdev.c          |  872 ++++++++++++++++++----
 lib/ethdev/rte_ethdev_cman.c     |   29 +-
 lib/ethdev/rte_ethdev_trace.h    |   95 ---
 lib/ethdev/rte_ethdev_trace_fp.h |   36 +
 8 files changed, 2761 insertions(+), 239 deletions(-)
 create mode 100644 lib/ethdev/ethdev_trace.h
 delete mode 100644 lib/ethdev/rte_ethdev_trace.h

-- 
You are receiving this mail because:
You are the assignee for the bug.

[-- Attachment #2: Type: text/html, Size: 8420 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug 1162] [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error.
  2023-02-17  6:57 [Bug 1162] [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error bugzilla
@ 2023-03-10  8:28 ` bugzilla
  0 siblings, 0 replies; 2+ messages in thread
From: bugzilla @ 2023-03-10  8:28 UTC (permalink / raw)
  To: dev

[-- Attachment #1: Type: text/plain, Size: 561 bytes --]

https://bugs.dpdk.org/show_bug.cgi?id=1162

jiang,yu (yux.jiang@intel.com) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|IN_PROGRESS                 |RESOLVED
         Resolution|---                         |FIXED

--- Comment #11 from jiang,yu (yux.jiang@intel.com) ---
Verify dpdk23.03 main commit 902e37f29a8057cb3641acf1b87fd9748e32b33b,
Test passed.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[-- Attachment #2: Type: text/html, Size: 2670 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-03-10  8:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-17  6:57 [Bug 1162] [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error bugzilla
2023-03-10  8:28 ` bugzilla

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).