[RFC 2/8] hash: fix possible ring name overflow
Stephen Hemminger
stephen at networkplumber.org
Tue Dec 2 18:24:28 CET 2025
The maximum possible hash parameter name will cause the generated
ring names to overlow in snprintf(). Potentially causing conflicting
ring names and trouble.
For reference:
RTE_MEMPOOL_NAMESIZE = 32
RTE_RING_NAMESIZE = 29
RTE_HASH_NAMESIZE = 32
The hash name is concatenated with a prefix like "HT_RCU_"
the hash name string needs to be enforced as having space
for the resulting string (ie 22).
Since the NAMESIZE's are part of ABI they can't change.
Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
---
lib/hash/rte_cuckoo_hash.c | 33 ++++++++++++++++++++++++++-------
1 file changed, 26 insertions(+), 7 deletions(-)
diff --git a/lib/hash/rte_cuckoo_hash.c b/lib/hash/rte_cuckoo_hash.c
index 2c92c51624..3a521a1a1e 100644
--- a/lib/hash/rte_cuckoo_hash.c
+++ b/lib/hash/rte_cuckoo_hash.c
@@ -77,6 +77,11 @@ struct __rte_hash_rcu_dq_entry {
uint32_t ext_bkt_idx;
};
+#define HASH_QSBR_PREFIX "HT_RCU_"
+#define HASH_EXT_PREFIX "HT_EXT_"
+#define HASH_RING_PREFIX "HT_"
+
+
RTE_EXPORT_SYMBOL(rte_hash_find_existing)
struct rte_hash *
rte_hash_find_existing(const char *name)
@@ -231,6 +236,20 @@ rte_hash_create(const struct rte_hash_parameters *params)
return NULL;
}
+ /*
+ * The API for hash allows 32 characters but maximimu length
+ * would overflow ring name which is limited to 29 characters (RTE_RING_NAMESIZE).
+ * To avoid breaking ABI, enforce limit of 25 characters on
+ * the hash table name.
+ */
+ if (strnlen(params->name, RTE_HASH_NAMESIZE)
+ > RTE_RING_NAMESIZE - sizeof(HASH_QSBR_PREFIX)) {
+ rte_errno = EINVAL;
+ HASH_LOG(ERR, "%s: hash name too long to fit in qsbr ring name",
+ __func__);
+ return NULL;
+ }
+
/* Check extra flags field to check extra options. */
if (params->extra_flag & RTE_HASH_EXTRA_FLAGS_TRANS_MEM_SUPPORT)
hw_trans_mem_support = 1;
@@ -272,7 +291,7 @@ rte_hash_create(const struct rte_hash_parameters *params)
else
num_key_slots = params->entries + 1;
- snprintf(ring_name, sizeof(ring_name), "HT_%s", params->name);
+ snprintf(ring_name, sizeof(ring_name), HASH_RING_PREFIX "%s", params->name);
/* Create ring (Dummy slot index is not enqueued) */
r = rte_ring_create_elem(ring_name, sizeof(uint32_t),
rte_align32pow2(num_key_slots), params->socket_id, 0);
@@ -286,8 +305,8 @@ rte_hash_create(const struct rte_hash_parameters *params)
/* Create ring for extendable buckets. */
if (ext_table_support) {
- snprintf(ext_ring_name, sizeof(ext_ring_name), "HT_EXT_%s",
- params->name);
+ snprintf(ext_ring_name, sizeof(ext_ring_name),
+ HASH_EXT_PREFIX "%s", params->name);
r_ext = rte_ring_create_elem(ext_ring_name, sizeof(uint32_t),
rte_align32pow2(num_buckets + 1),
params->socket_id, 0);
@@ -299,7 +318,7 @@ rte_hash_create(const struct rte_hash_parameters *params)
}
}
- snprintf(hash_name, sizeof(hash_name), "HT_%s", params->name);
+ snprintf(hash_name, sizeof(hash_name), HASH_RING_PREFIX "%s", params->name);
rte_mcfg_tailq_write_lock();
@@ -1582,7 +1601,8 @@ rte_hash_rcu_qsbr_add(struct rte_hash *h, struct rte_hash_rcu_config *cfg)
char rcu_dq_name[RTE_RCU_QSBR_DQ_NAMESIZE];
struct rte_hash_rcu_config *hash_rcu_cfg = NULL;
- if (h == NULL || cfg == NULL || cfg->v == NULL) {
+ if (h == NULL || cfg == NULL || cfg->v == NULL ||
+ strlen(h->name) > RTE_RCU_QSBR_DQ_NAMESIZE - sizeof(HASH_QSBR_PREFIX)) {
rte_errno = EINVAL;
return 1;
}
@@ -1606,8 +1626,7 @@ rte_hash_rcu_qsbr_add(struct rte_hash *h, struct rte_hash_rcu_config *cfg)
/* No other things to do. */
} else if (cfg->mode == RTE_HASH_QSBR_MODE_DQ) {
/* Init QSBR defer queue. */
- snprintf(rcu_dq_name, sizeof(rcu_dq_name),
- "HASH_RCU_%s", h->name);
+ snprintf(rcu_dq_name, sizeof(rcu_dq_name), HASH_QSBR_PREFIX "%s", h->name);
params.name = rcu_dq_name;
params.size = cfg->dq_size;
if (params.size == 0)
--
2.51.0
More information about the dev
mailing list