From: Thomas Monjalon <thomas@monjalon.net>
To: Rahul Bhansali <rbhansali@marvell.com>
Cc: dev@dpdk.org, david.marchand@redhat.com,
Conor Walsh <conor.walsh@intel.com>
Subject: Re: [PATCH] examples/l3fwd: resolve stack buffer overflow issue
Date: Tue, 08 Mar 2022 12:20:54 +0100 [thread overview]
Message-ID: <4698000.9Mp67QZiUf@thomas> (raw)
In-Reply-To: <20220111125005.554635-1-rbhansali@marvell.com>
11/01/2022 13:50, Rahul Bhansali:
> This patch fixes the stack buffer overflow error reported
> from AddressSanitizer.
> Function send_packetsx4() tries to access out of bound data
> from rte_mbuf and fill it into TX buffer even in the case
> where no pending packets (len = 0).
> Performance impact:- No
>
> ASAN error report:-
> ==819==ERROR: AddressSanitizer: stack-buffer-overflow on address
> 0xffffe2c0dcf0 at pc 0x0000005e791c bp 0xffffe2c0d7e0 sp 0xffffe2c0d800
> READ of size 8 at 0xffffe2c0dcf0 thread T0
> #0 0x5e7918 in send_packetsx4 ../examples/l3fwd/l3fwd_common.h:251
> #1 0x5e7918 in send_packets_multi ../examples/l3fwd/l3fwd_neon.h:226
This code comes from below commit, so these tags are missing:
Fixes: 96ff445371e0 ("examples/l3fwd: reorganise and optimize LPM code path")
Cc: stable@dpdk.org
> Signed-off-by: Rahul Bhansali <rbhansali@marvell.com>
> ---
> examples/l3fwd/l3fwd_common.h | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/examples/l3fwd/l3fwd_common.h b/examples/l3fwd/l3fwd_common.h
> index 7d83ff641a..de77711f88 100644
> --- a/examples/l3fwd/l3fwd_common.h
> +++ b/examples/l3fwd/l3fwd_common.h
> @@ -236,6 +236,9 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[],
>
> /* copy rest of the packets into the TX buffer. */
> len = num - n;
> + if (len == 0)
> + goto exit;
> +
I don't understand how it can fix something.
There is already "while (j < len)" with j and len being 0,
the loop should not be effective in this case.
> j = 0;
> switch (len % FWDSTEP) {
> while (j < len) {
> @@ -258,6 +261,7 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[],
> }
> }
>
> +exit:
> qconf->tx_mbufs[port].len = len;
> }
next prev parent reply other threads:[~2022-03-08 11:21 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-11 12:50 [PATCH] examples/l3fwd: resolve stack buffer overflow issue Rahul Bhansali
2022-03-07 4:27 ` Rahul Bhansali
2022-03-07 6:45 ` Rahul Bhansali
2022-03-07 10:46 ` Walsh, Conor
2022-03-08 11:20 ` Thomas Monjalon [this message]
2022-03-09 15:24 ` [EXT] " Rahul Bhansali
2022-03-09 19:07 ` Thomas Monjalon
2022-03-10 9:38 ` Rahul Bhansali
2022-03-09 15:57 ` Ananyev, Konstantin
2022-03-14 22:16 ` Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4698000.9Mp67QZiUf@thomas \
--to=thomas@monjalon.net \
--cc=conor.walsh@intel.com \
--cc=david.marchand@redhat.com \
--cc=dev@dpdk.org \
--cc=rbhansali@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.