On Tue, 30 Jul 2024 13:22:34 +0100
Konstantin Ananyev <konstantin.v.anan...@yandex.ru> wrote:
> From: Konstantin Ananyev <konstantin.anan...@huawei.com>
>
> ASAN report:
> ERROR: AddressSanitizer: unknown-crash on address 0x7ffffef92e32 at pc
> 0x00000053d1e9 bp 0x7ffffef92c00 sp 0x7ffffef92bf8
> READ of size 16 at 0x7ffffef92e32 thread T0
> #0 0x53d1e8 in _mm_loadu_si128
> /usr/lib64/gcc/x86_64-suse-linux/11/include/emmintrin.h:703
> #1 0x53d1e8 in send_packets_multi ../examples/l3fwd/l3fwd_sse.h:125
> #2 0x53d1e8 in acl_send_packets ../examples/l3fwd/l3fwd_acl.c:1048
> #3 0x53ec18 in acl_main_loop ../examples/l3fwd/l3fwd_acl.c:1127
> #4 0x12151eb in rte_eal_mp_remote_launch
> ../lib/eal/common/eal_common_launch.c:83
> #5 0x5bf2df in main ../examples/l3fwd/main.c:1647
> #6 0x7f6d42a0d2bc in __libc_start_main (/lib64/libc.so.6+0x352bc)
> #7 0x527499 in _start
> (/home/kananyev/dpdk-l3fwd-acl/x86_64-native-linuxapp-gcc-dbg-b1/examples/dpdk-l3fwd+0x527499)
>
> Reason for that is that send_packets_multi() uses 16B loads to access
> input dst_port[]and might read beyond array boundaries.
> Right now, it doesn't cause any real issue - junk values are ignored, also
> inside l3fwd we always allocate dst_port[] array on the stack, so
> memory beyond it is always available.
> Anyway, it probably need to be fixed.
> The patch below simply allocates extra space for dst_port[], so
> send_packets_multi() will never read beyond its boundaries.
>
> Probably a better fix would be to change send_packets_multi()
> itself to avoid access beyond 'nb_rx' entries.
>
> Bugzilla ID: 1502
> Fixes: 94c54b4158d5 ("examples/l3fwd: rework exact-match")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Konstantin Ananyev <konstantin.anan...@huawei.com>
Acked-by: Stephen Hemminger <step...@networkplumber.org>
