From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [Bug 1162] [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error.
Date: Fri, 17 Feb 2023 06:57:58 +0000 [thread overview]
Message-ID: <bug-1162-3@http.bugs.dpdk.org/> (raw)
[-- Attachment #1: Type: text/plain, Size: 6290 bytes --]
https://bugs.dpdk.org/show_bug.cgi?id=1162
Bug ID: 1162
Summary: [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz
as global-buffer-overflow error.
Product: DPDK
Version: 23.03
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: ethdev
Assignee: dev@dpdk.org
Reporter: weiyuanx.li@intel.com
Target Milestone: ---
[Environment]
DPDK version: Use make showversion or for a non-released version: git remote -v
&& git show-ref --heads
dpdk22.03 8a3ef4b89e6dd0247355fdf3a77ff7ec1db28d8d
Other software versions: name/version for QEMU, OVS, etc. Repeat as required.
OS: Ubuntu 22.04.1 LTS (Jammy Jellyfish)/5.15.0-57-generic
Compiler: gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0
Hardware platform: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
NIC hardware: Ethernet Controller XXV710 for 25GbE SFP28 158b.
NIC firmware:
driver: i40e
version: 5.15.0-57-generic
firmware-version: 9.10 0x8000d02b 1.3179.0
[Test Setup]
Steps to reproduce
1. Use the following command to build DPDK:
CC=clang meson -Denable_kmods=True -Dlibdir=lib --default-library=static
-Dbuildtype=debug -Db_lundef=false -Db_sanitize=address
x86_64-native-linuxapp-clang
ninja -C x86_64-native-linuxapp-clang/ -j 70
2. Execute the following command in the dpdk directory.
x86_64-native-linuxapp-clang/app/dpdk-fuzz
[Show the output from the previous commands]
~/dpdk# x86_64-native-linuxapp-clang/app/dpdk-fuzz /tmp/fuzz_seed/hash_seed/ --
-ignore_remaining_args=1 -l 1 -n 4 --no-pci
=================================================================
==483867==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55daec41adb8 at pc 0x55dadb105100 bp 0x7ffc03906630 sp 0x7ffc03906628
READ of size 8 at 0x55daec41adb8 thread T0
#0 0x55dadb1050ff in rte_eth_trace_find_next_of
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1
#1 0x55dadb2e9d26 in __rte_trace_point_register
/root/dpdk/x86_64-native-linuxapp-clang/../lib/eal/common/eal_common_trace.c:477:2
#2 0x55dadb104fed in rte_eth_trace_find_next_of_init
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace_points.c:52:1
#3 0x7f2f75a3deba in call_init csu/../csu/libc-start.c:145:3
#4 0x7f2f75a3deba in __libc_start_main csu/../csu/libc-start.c:379:5
#5 0x55dada308b84 in _start
(/root/dpdk/x86_64-native-linuxapp-clang/app/dpdk-fuzz+0x872b84) (BuildId:
5671e4355ef645c73952e41f5b7b4c1f86ae12bc)
0x55daec41adb8 is located 40 bytes to the left of global variable
'__rte_eth_trace_find_next_sibling_name' defined in
'../lib/ethdev/ethdev_trace_points.c:55:1' (0x55daec41ade0) of size 29
'__rte_eth_trace_find_next_sibling_name' is ascii string
'lib.ethdev.find_next_sibling'
0x55daec41adb8 is located 0 bytes to the right of global variable
'__rte_eth_trace_find_next_of_name' defined in
'../lib/ethdev/ethdev_trace_points.c:52:1' (0x55daec41ada0) of size 24
'__rte_eth_trace_find_next_of_name' is ascii string 'lib.ethdev.find_next_of'
SUMMARY: AddressSanitizer: global-buffer-overflow
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1 in
rte_eth_trace_find_next_of
Shadow bytes around the buggy address:
0x0abbdd87b560: 00 00 01 f9 f9 f9 f9 f9 00 00 f9 f9 00 00 01 f9
0x0abbdd87b570: f9 f9 f9 f9 00 00 04 f9 f9 f9 f9 f9 00 00 04 f9
0x0abbdd87b580: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 00 00 00 05
0x0abbdd87b590: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 01
0x0abbdd87b5a0: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 00 05 f9
=>0x0abbdd87b5b0: f9 f9 f9 f9 00 00 00[f9]f9 f9 f9 f9 00 00 00 05
0x0abbdd87b5c0: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 06
0x0abbdd87b5d0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9
0x0abbdd87b5e0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 00 f9
0x0abbdd87b5f0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9
0x0abbdd87b600: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 07 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==483867==ABORTING
[Expected Result]
Launch dpdk-fuzz successfully.
[Regression]
Is this issue a regression: (Y/N) Y
~/dpdk# git bisect good
6679cf21d6083710bef2e5a4e4a7b42eee5be3aa is the first bad commit
commit 6679cf21d6083710bef2e5a4e4a7b42eee5be3aa
Author: Ankur Dwivedi <adwivedi@marvell.com>
Date: Wed Feb 8 22:42:11 2023 +0530
ethdev: add trace points
Adds trace points for ethdev functions.
The rte_ethdev_trace.h is removed. The file ethdev_trace.h is added as
an internal header. ethdev_trace.h contains internal slow path and
fast path tracepoints. The public fast path tracepoints are present in
rte_ethdev_trace_fp.h header.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Sunil Kumar Kori <skori@marvell.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@amd.com>
lib/ethdev/ethdev_private.c | 7 +
lib/ethdev/ethdev_trace.h | 1512 ++++++++++++++++++++++++++++++++++++++
lib/ethdev/ethdev_trace_points.c | 447 ++++++++++-
lib/ethdev/meson.build | 2 +-
lib/ethdev/rte_ethdev.c | 872 ++++++++++++++++++----
lib/ethdev/rte_ethdev_cman.c | 29 +-
lib/ethdev/rte_ethdev_trace.h | 95 ---
lib/ethdev/rte_ethdev_trace_fp.h | 36 +
8 files changed, 2761 insertions(+), 239 deletions(-)
create mode 100644 lib/ethdev/ethdev_trace.h
delete mode 100644 lib/ethdev/rte_ethdev_trace.h
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #2: Type: text/html, Size: 8420 bytes --]
next reply other threads:[~2023-02-17 6:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-17 6:57 bugzilla [this message]
2023-03-10 8:28 ` [Bug 1162] [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error bugzilla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-1162-3@http.bugs.dpdk.org/ \
--to=bugzilla@dpdk.org \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.