From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [Bug 1162] [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error.
Date: Fri, 17 Feb 2023 06:57:58 +0000 [thread overview]
Message-ID: <bug-1162-3@http.bugs.dpdk.org/> (raw)
[-- Attachment #1: Type: text/plain, Size: 6290 bytes --]
https://bugs.dpdk.org/show_bug.cgi?id=1162
Bug ID: 1162
Summary: [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz
as global-buffer-overflow error.
Product: DPDK
Version: 23.03
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: ethdev
Assignee: dev@dpdk.org
Reporter: weiyuanx.li@intel.com
Target Milestone: ---
[Environment]
DPDK version: Use make showversion or for a non-released version: git remote -v
&& git show-ref --heads
dpdk22.03 8a3ef4b89e6dd0247355fdf3a77ff7ec1db28d8d
Other software versions: name/version for QEMU, OVS, etc. Repeat as required.
OS: Ubuntu 22.04.1 LTS (Jammy Jellyfish)/5.15.0-57-generic
Compiler: gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0
Hardware platform: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
NIC hardware: Ethernet Controller XXV710 for 25GbE SFP28 158b.
NIC firmware:
driver: i40e
version: 5.15.0-57-generic
firmware-version: 9.10 0x8000d02b 1.3179.0
[Test Setup]
Steps to reproduce
1. Use the following command to build DPDK:
CC=clang meson -Denable_kmods=True -Dlibdir=lib --default-library=static
-Dbuildtype=debug -Db_lundef=false -Db_sanitize=address
x86_64-native-linuxapp-clang
ninja -C x86_64-native-linuxapp-clang/ -j 70
2. Execute the following command in the dpdk directory.
x86_64-native-linuxapp-clang/app/dpdk-fuzz
[Show the output from the previous commands]
~/dpdk# x86_64-native-linuxapp-clang/app/dpdk-fuzz /tmp/fuzz_seed/hash_seed/ --
-ignore_remaining_args=1 -l 1 -n 4 --no-pci
=================================================================
==483867==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55daec41adb8 at pc 0x55dadb105100 bp 0x7ffc03906630 sp 0x7ffc03906628
READ of size 8 at 0x55daec41adb8 thread T0
#0 0x55dadb1050ff in rte_eth_trace_find_next_of
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1
#1 0x55dadb2e9d26 in __rte_trace_point_register
/root/dpdk/x86_64-native-linuxapp-clang/../lib/eal/common/eal_common_trace.c:477:2
#2 0x55dadb104fed in rte_eth_trace_find_next_of_init
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace_points.c:52:1
#3 0x7f2f75a3deba in call_init csu/../csu/libc-start.c:145:3
#4 0x7f2f75a3deba in __libc_start_main csu/../csu/libc-start.c:379:5
#5 0x55dada308b84 in _start
(/root/dpdk/x86_64-native-linuxapp-clang/app/dpdk-fuzz+0x872b84) (BuildId:
5671e4355ef645c73952e41f5b7b4c1f86ae12bc)
0x55daec41adb8 is located 40 bytes to the left of global variable
'__rte_eth_trace_find_next_sibling_name' defined in
'../lib/ethdev/ethdev_trace_points.c:55:1' (0x55daec41ade0) of size 29
'__rte_eth_trace_find_next_sibling_name' is ascii string
'lib.ethdev.find_next_sibling'
0x55daec41adb8 is located 0 bytes to the right of global variable
'__rte_eth_trace_find_next_of_name' defined in
'../lib/ethdev/ethdev_trace_points.c:52:1' (0x55daec41ada0) of size 24
'__rte_eth_trace_find_next_of_name' is ascii string 'lib.ethdev.find_next_of'
SUMMARY: AddressSanitizer: global-buffer-overflow
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1 in
rte_eth_trace_find_next_of
Shadow bytes around the buggy address:
0x0abbdd87b560: 00 00 01 f9 f9 f9 f9 f9 00 00 f9 f9 00 00 01 f9
0x0abbdd87b570: f9 f9 f9 f9 00 00 04 f9 f9 f9 f9 f9 00 00 04 f9
0x0abbdd87b580: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 00 00 00 05
0x0abbdd87b590: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 01
0x0abbdd87b5a0: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 00 05 f9
=>0x0abbdd87b5b0: f9 f9 f9 f9 00 00 00[f9]f9 f9 f9 f9 00 00 00 05
0x0abbdd87b5c0: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 06
0x0abbdd87b5d0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9
0x0abbdd87b5e0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 00 f9
0x0abbdd87b5f0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9
0x0abbdd87b600: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 07 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==483867==ABORTING
[Expected Result]
Launch dpdk-fuzz successfully.
[Regression]
Is this issue a regression: (Y/N) Y
~/dpdk# git bisect good
6679cf21d6083710bef2e5a4e4a7b42eee5be3aa is the first bad commit
commit 6679cf21d6083710bef2e5a4e4a7b42eee5be3aa
Author: Ankur Dwivedi <adwivedi@marvell.com>
Date: Wed Feb 8 22:42:11 2023 +0530
ethdev: add trace points
Adds trace points for ethdev functions.
The rte_ethdev_trace.h is removed. The file ethdev_trace.h is added as
an internal header. ethdev_trace.h contains internal slow path and
fast path tracepoints. The public fast path tracepoints are present in
rte_ethdev_trace_fp.h header.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Sunil Kumar Kori <skori@marvell.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@amd.com>
lib/ethdev/ethdev_private.c | 7 +
lib/ethdev/ethdev_trace.h | 1512 ++++++++++++++++++++++++++++++++++++++
lib/ethdev/ethdev_trace_points.c | 447 ++++++++++-
lib/ethdev/meson.build | 2 +-
lib/ethdev/rte_ethdev.c | 872 ++++++++++++++++++----
lib/ethdev/rte_ethdev_cman.c | 29 +-
lib/ethdev/rte_ethdev_trace.h | 95 ---
lib/ethdev/rte_ethdev_trace_fp.h | 36 +
8 files changed, 2761 insertions(+), 239 deletions(-)
create mode 100644 lib/ethdev/ethdev_trace.h
delete mode 100644 lib/ethdev/rte_ethdev_trace.h
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #2: Type: text/html, Size: 8420 bytes --]
next reply other threads:[~2023-02-17 6:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-17 6:57 bugzilla [this message]
2023-03-10 8:28 ` bugzilla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-1162-3@http.bugs.dpdk.org/ \
--to=bugzilla@dpdk.org \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).