From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>
Subject: [PATCH 0/8] telemetry: thread-safe and bounded parameter parsing
Date: Fri, 5 Jun 2026 13:50:57 -0700 [thread overview]
Message-ID: <20260605205253.520196-1-stephen@networkplumber.org> (raw)
While looking into extending telemetry for other uses, I noticed a
pattern of unsafe string handling in the command handlers. They run one
thread per client connection but parse parameters with non-reentrant
strtok(), and convert ids with atoi()/unchecked strtoul() that silently
truncate or alias out-of-range values; in eth_rx the strtok()
continuation chain can also dereference freed memory.
This series covers the library code (telemetry, ethdev, dmadev, security,
eventdev, eth_rx, timer). A follow-up is needed for the same strtok()
use in drivers.
They are marked for stable: the races and the use-after-free are real and
the changes are low-risk to backport. But severity is low since telemetry is
not a remote interface, but these are the kind of issues likely to
be found by AI security scanning tools.
In future, atoi() and strtok() look worth adding to the forbidden
tokens list in devtools/checkpatches.sh.
Stephen Hemminger (8):
telemetry: fix thread-unsafe command parsing
ethdev: make telemetry parameter parsing thread-safe
dmadev: validate telemetry parameters
security: harden telemetry parameter parsing
eventdev: remove strtok from telemetry handlers
eventdev/eth_rx: fix thread-unsafe telemetry parsing
eventdev/eth_rx: reject out-of-range telemetry adapter ID
eventdev/timer: reject out-of-range ID
lib/dmadev/rte_dmadev.c | 44 +++++---
lib/ethdev/rte_ethdev_telemetry.c | 12 ++-
lib/eventdev/rte_event_eth_rx_adapter.c | 97 ++++++++---------
lib/eventdev/rte_event_timer_adapter.c | 22 ++--
lib/eventdev/rte_eventdev.c | 136 +++++++++++-------------
lib/security/rte_security.c | 41 ++++---
lib/telemetry/telemetry.c | 5 +-
7 files changed, 186 insertions(+), 171 deletions(-)
--
2.53.0
next reply other threads:[~2026-06-05 20:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-05 20:50 Stephen Hemminger [this message]
2026-06-05 20:50 ` [PATCH 1/8] telemetry: fix thread-unsafe command parsing Stephen Hemminger
2026-06-05 20:50 ` [PATCH 2/8] ethdev: make telemetry parameter parsing thread-safe Stephen Hemminger
2026-06-05 20:51 ` [PATCH 3/8] dmadev: validate telemetry parameters Stephen Hemminger
2026-06-05 20:51 ` [PATCH 4/8] security: harden telemetry parameter parsing Stephen Hemminger
2026-06-05 20:51 ` [PATCH 5/8] eventdev: remove strtok from telemetry handlers Stephen Hemminger
2026-06-05 20:51 ` [PATCH 6/8] eventdev/eth_rx: fix thread-unsafe telemetry parsing Stephen Hemminger
2026-06-05 20:51 ` [PATCH 7/8] eventdev/eth_rx: reject out-of-range telemetry adapter ID Stephen Hemminger
2026-06-05 20:51 ` [PATCH 8/8] eventdev/timer: reject out-of-range ID Stephen Hemminger
2026-06-06 6:08 ` [PATCH 0/8] telemetry: thread-safe and bounded parameter parsing Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260605205253.520196-1-stephen@networkplumber.org \
--to=stephen@networkplumber.org \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox