<html>
    <head>
      <base href="https://bugs.dpdk.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8" class="bz_new_table">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_UNCONFIRMED "
   title="UNCONFIRMED - [dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error."
   href="https://bugs.dpdk.org/show_bug.cgi?id=1162">1162</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>[dpdk23.03] [fuzzing test] fuzzing/*: launch dpdk-fuzz as global-buffer-overflow error.
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>DPDK
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>23.03
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>UNCONFIRMED
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>ethdev
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>dev@dpdk.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>weiyuanx.li@intel.com
          </td>
        </tr>

        <tr>
          <th>Target Milestone</th>
          <td>---
          </td>
        </tr></table>
      <p>
        <div class="bz_comment_block">
          <pre class="bz_comment_text">[Environment]

DPDK version: Use make showversion or for a non-released version: git remote -v
&& git show-ref --heads
dpdk22.03 8a3ef4b89e6dd0247355fdf3a77ff7ec1db28d8d
Other software versions: name/version for QEMU, OVS, etc. Repeat as required.
OS: Ubuntu 22.04.1 LTS (Jammy Jellyfish)/5.15.0-57-generic
Compiler: gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0

Hardware platform: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
NIC hardware: Ethernet Controller XXV710 for 25GbE SFP28 158b.
NIC firmware: 
driver: i40e
version: 5.15.0-57-generic
firmware-version:  9.10 0x8000d02b 1.3179.0

[Test Setup]
Steps to reproduce
1. Use the following command to build DPDK: 
CC=clang meson -Denable_kmods=True -Dlibdir=lib  --default-library=static
-Dbuildtype=debug -Db_lundef=false -Db_sanitize=address
x86_64-native-linuxapp-clang
ninja -C x86_64-native-linuxapp-clang/ -j 70

2. Execute the following command in the dpdk directory.  
x86_64-native-linuxapp-clang/app/dpdk-fuzz

[Show the output from the previous commands]
~/dpdk# x86_64-native-linuxapp-clang/app/dpdk-fuzz /tmp/fuzz_seed/hash_seed/ --
-ignore_remaining_args=1 -l 1 -n 4 --no-pci
=================================================================
==483867==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55daec41adb8 at pc 0x55dadb105100 bp 0x7ffc03906630 sp 0x7ffc03906628
READ of size 8 at 0x55daec41adb8 thread T0
    #0 0x55dadb1050ff in rte_eth_trace_find_next_of
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1
    #1 0x55dadb2e9d26 in __rte_trace_point_register
/root/dpdk/x86_64-native-linuxapp-clang/../lib/eal/common/eal_common_trace.c:477:2
    #2 0x55dadb104fed in rte_eth_trace_find_next_of_init
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace_points.c:52:1
    #3 0x7f2f75a3deba in call_init csu/../csu/libc-start.c:145:3
    #4 0x7f2f75a3deba in __libc_start_main csu/../csu/libc-start.c:379:5
    #5 0x55dada308b84 in _start
(/root/dpdk/x86_64-native-linuxapp-clang/app/dpdk-fuzz+0x872b84) (BuildId:
5671e4355ef645c73952e41f5b7b4c1f86ae12bc)

0x55daec41adb8 is located 40 bytes to the left of global variable
'__rte_eth_trace_find_next_sibling_name' defined in
'../lib/ethdev/ethdev_trace_points.c:55:1' (0x55daec41ade0) of size 29
  '__rte_eth_trace_find_next_sibling_name' is ascii string
'lib.ethdev.find_next_sibling'
0x55daec41adb8 is located 0 bytes to the right of global variable
'__rte_eth_trace_find_next_of_name' defined in
'../lib/ethdev/ethdev_trace_points.c:52:1' (0x55daec41ada0) of size 24
  '__rte_eth_trace_find_next_of_name' is ascii string 'lib.ethdev.find_next_of'
SUMMARY: AddressSanitizer: global-buffer-overflow
/root/dpdk/x86_64-native-linuxapp-clang/../lib/ethdev/ethdev_trace.h:372:1 in
rte_eth_trace_find_next_of
Shadow bytes around the buggy address:
  0x0abbdd87b560: 00 00 01 f9 f9 f9 f9 f9 00 00 f9 f9 00 00 01 f9
  0x0abbdd87b570: f9 f9 f9 f9 00 00 04 f9 f9 f9 f9 f9 00 00 04 f9
  0x0abbdd87b580: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 00 00 00 05
  0x0abbdd87b590: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 01
  0x0abbdd87b5a0: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 00 05 f9
=>0x0abbdd87b5b0: f9 f9 f9 f9 00 00 00[f9]f9 f9 f9 f9 00 00 00 05
  0x0abbdd87b5c0: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 00 00 00 06
  0x0abbdd87b5d0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9
  0x0abbdd87b5e0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 00 f9
  0x0abbdd87b5f0: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 05 f9
  0x0abbdd87b600: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 00 07 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==483867==ABORTING

[Expected Result]
Launch dpdk-fuzz successfully.

[Regression]
Is this issue a regression: (Y/N) Y
~/dpdk# git bisect good
6679cf21d6083710bef2e5a4e4a7b42eee5be3aa is the first bad commit
commit 6679cf21d6083710bef2e5a4e4a7b42eee5be3aa
Author: Ankur Dwivedi <<a href="mailto:adwivedi@marvell.com">adwivedi@marvell.com</a>>
Date:   Wed Feb 8 22:42:11 2023 +0530

    ethdev: add trace points

    Adds trace points for ethdev functions.

    The rte_ethdev_trace.h is removed. The file ethdev_trace.h is added as
    an internal header. ethdev_trace.h contains internal slow path and
    fast path tracepoints. The public fast path tracepoints are present in
    rte_ethdev_trace_fp.h header.

    Signed-off-by: Ankur Dwivedi <<a href="mailto:adwivedi@marvell.com">adwivedi@marvell.com</a>>
    Acked-by: Sunil Kumar Kori <<a href="mailto:skori@marvell.com">skori@marvell.com</a>>
    Reviewed-by: Ferruh Yigit <<a href="mailto:ferruh.yigit@amd.com">ferruh.yigit@amd.com</a>>

 lib/ethdev/ethdev_private.c      |    7 +
 lib/ethdev/ethdev_trace.h        | 1512 ++++++++++++++++++++++++++++++++++++++
 lib/ethdev/ethdev_trace_points.c |  447 ++++++++++-
 lib/ethdev/meson.build           |    2 +-
 lib/ethdev/rte_ethdev.c          |  872 ++++++++++++++++++----
 lib/ethdev/rte_ethdev_cman.c     |   29 +-
 lib/ethdev/rte_ethdev_trace.h    |   95 ---
 lib/ethdev/rte_ethdev_trace_fp.h |   36 +
 8 files changed, 2761 insertions(+), 239 deletions(-)
 create mode 100644 lib/ethdev/ethdev_trace.h
 delete mode 100644 lib/ethdev/rte_ethdev_trace.h
          </pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
      <div itemscope itemtype="http://schema.org/EmailMessage">
        <div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
          
          <link itemprop="url" href="https://bugs.dpdk.org/show_bug.cgi?id=1162">
          <meta itemprop="name" content="View bug">
        </div>
        <meta itemprop="description" content="Bugzilla bug update notification">
      </div>
    </body>
</html>