patch 'graph: fix unaligned access in stats' has been queued to stable release 23.11.6

[Shani Peretz]

Hi,

FYI, your patch has been queued to stable release 23.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 12/26/25. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/shanipr/dpdk-stable

This queued commit can be viewed at:
https://github.com/shanipr/dpdk-stable/commit/4a3753e107816c12d19f906f4c06863da27144c8

Thanks.

Shani

---
>From 4a3753e107816c12d19f906f4c06863da27144c8 Mon Sep 17 00:00:00 2001
From: David Marchand <david.marchand at redhat.com>
Date: Fri, 4 Jul 2025 11:15:03 +0200
Subject: [PATCH] graph: fix unaligned access in stats

[ upstream commit 826af93a68f358f8eb4f363e42d114b93fde0d69 ]

UBSan reports:

    ../lib/graph/graph_stats.c:208:13: runtime error:
            member access within misaligned address 0x000054742c50
            for type 'struct rte_graph_cluster_stats',
            which requires 64 byte alignment

    ../lib/graph/graph_stats.c:257:12: runtime error:
            member access within misaligned address 0x00002219fd30
            for type 'struct rte_graph_cluster_stats',
            which requires 64 byte alignment

The current code goes into various complex (non aligned) reallocations /
memset / memcpy.

Simplify this by computing how many nodes are present in the
cluster of graphes.
Then directly call rte_malloc for the whole stats object.

As a bonus, this change also fixes leaks:
- if any error occurred before call to rte_malloc, since the xstats
  objects stored in the glibc allocated stats object were not freed,
- if an allocation failure occurs, with constructs using
  ptr = realloc(ptr, sz), since the original ptr is lost,

Fixes: af1ae8b6a32c ("graph: implement stats")

Signed-off-by: David Marchand <david.marchand at redhat.com>
Acked-by: Kiran Kumar K <kirankumark at marvell.com>
---
 lib/graph/graph_stats.c | 96 +++++++++++++++++++++++------------------
 1 file changed, 55 insertions(+), 41 deletions(-)

diff --git a/lib/graph/graph_stats.c b/lib/graph/graph_stats.c
index e99e8cf68a..b94ae8fb29 100644
--- a/lib/graph/graph_stats.c
+++ b/lib/graph/graph_stats.c
@@ -36,7 +36,6 @@ struct rte_graph_cluster_stats {
 	int socket_id;
 	bool dispatch;
 	void *cookie;
-	size_t sz;
 
 	struct cluster_node clusters[];
 } __rte_cache_aligned;
@@ -155,15 +154,55 @@ graph_cluster_stats_cb_dispatch(bool is_first, bool is_last, void *cookie,
 	return graph_cluster_stats_cb(true, is_first, is_last, cookie, stat);
 };
 
+static uint32_t
+cluster_count_nodes(const struct cluster *cluster)
+{
+	rte_node_t *nodes = NULL;
+	uint32_t max_nodes = 0;
+
+	for (unsigned int i = 0; i < cluster->nb_graphs; i++) {
+		struct graph_node *graph_node;
+
+		STAILQ_FOREACH(graph_node, &cluster->graphs[i]->node_list, next) {
+			rte_node_t *new_nodes;
+			unsigned int n;
+
+			for (n = 0; n < max_nodes; n++) {
+				if (nodes[n] != graph_node->node->id)
+					continue;
+				break;
+			}
+			if (n != max_nodes)
+				continue;
+
+			max_nodes++;
+			new_nodes = realloc(nodes, max_nodes * sizeof(nodes[0]));
+			if (new_nodes == NULL) {
+				free(nodes);
+				return 0;
+			}
+			nodes = new_nodes;
+			nodes[n] = graph_node->node->id;
+		}
+	}
+	free(nodes);
+
+	return max_nodes;
+}
+
 static struct rte_graph_cluster_stats *
 stats_mem_init(struct cluster *cluster,
 	       const struct rte_graph_cluster_stats_param *prm)
 {
-	size_t sz = sizeof(struct rte_graph_cluster_stats);
 	struct rte_graph_cluster_stats *stats;
 	rte_graph_cluster_stats_cb_t fn;
 	int socket_id = prm->socket_id;
 	uint32_t cluster_node_size;
+	uint32_t max_nodes;
+
+	max_nodes = cluster_count_nodes(cluster);
+	if (max_nodes == 0)
+		return NULL;
 
 	/* Fix up callback */
 	fn = prm->fn;
@@ -180,25 +219,23 @@ stats_mem_init(struct cluster *cluster,
 	cluster_node_size += cluster->nb_graphs * sizeof(struct rte_node *);
 	cluster_node_size = RTE_ALIGN(cluster_node_size, RTE_CACHE_LINE_SIZE);
 
-	stats = realloc(NULL, sz);
+	stats = rte_zmalloc_socket(NULL, sizeof(struct rte_graph_cluster_stats) +
+		max_nodes * cluster_node_size, 0, socket_id);
 	if (stats) {
-		memset(stats, 0, sz);
 		stats->fn = fn;
 		stats->cluster_node_size = cluster_node_size;
 		stats->max_nodes = 0;
 		stats->socket_id = socket_id;
 		stats->cookie = prm->cookie;
-		stats->sz = sz;
 	}
 
 	return stats;
 }
 
 static int
-stats_mem_populate(struct rte_graph_cluster_stats **stats_in,
+stats_mem_populate(struct rte_graph_cluster_stats *stats,
 		   struct rte_graph *graph, struct graph_node *graph_node)
 {
-	struct rte_graph_cluster_stats *stats = *stats_in;
 	rte_node_t id = graph_node->node->id;
 	struct cluster_node *cluster;
 	struct rte_node *node;
@@ -223,41 +260,22 @@ stats_mem_populate(struct rte_graph_cluster_stats **stats_in,
 		cluster = RTE_PTR_ADD(cluster, stats->cluster_node_size);
 	}
 
-	/* Hey, it is a new node, allocate space for it in the reel */
-	stats = realloc(stats, stats->sz + stats->cluster_node_size);
-	if (stats == NULL)
-		SET_ERR_JMP(ENOMEM, err, "Realloc failed");
-	*stats_in = NULL;
-
-	/* Clear the new struct cluster_node area */
-	cluster = RTE_PTR_ADD(stats, stats->sz),
-	memset(cluster, 0, stats->cluster_node_size);
 	memcpy(cluster->stat.name, graph_node->node->name, RTE_NODE_NAMESIZE);
 	cluster->stat.id = graph_node->node->id;
 	cluster->stat.hz = rte_get_timer_hz();
 	node = graph_node_id_to_ptr(graph, id);
 	if (node == NULL)
-		SET_ERR_JMP(ENOENT, free, "Failed to find node %s in graph %s",
+		SET_ERR_JMP(ENOENT, err, "Failed to find node %s in graph %s",
 			    graph_node->node->name, graph->name);
 	cluster->nodes[cluster->nb_nodes++] = node;
 
-	stats->sz += stats->cluster_node_size;
 	stats->max_nodes++;
-	*stats_in = stats;
 
 	return 0;
-free:
-	free(stats);
 err:
 	return -rte_errno;
 }
 
-static void
-stats_mem_fini(struct rte_graph_cluster_stats *stats)
-{
-	free(stats);
-}
-
 static void
 cluster_init(struct cluster *cluster)
 {
@@ -326,10 +344,7 @@ struct rte_graph_cluster_stats *
 rte_graph_cluster_stats_create(const struct rte_graph_cluster_stats_param *prm)
 {
 	struct rte_graph_cluster_stats *stats, *rc = NULL;
-	struct graph_node *graph_node;
 	struct cluster cluster;
-	struct graph *graph;
-	const char *pattern;
 	rte_graph_t i;
 
 	/* Sanity checks */
@@ -347,37 +362,36 @@ rte_graph_cluster_stats_create(const struct rte_graph_cluster_stats_param *prm)
 	graph_spinlock_lock();
 	/* Expand graph pattern and add the graph to the cluster */
 	for (i = 0; i < prm->nb_graph_patterns; i++) {
-		pattern = prm->graph_patterns[i];
-		if (expand_pattern_to_cluster(&cluster, pattern))
+		if (expand_pattern_to_cluster(&cluster, prm->graph_patterns[i]))
 			goto bad_pattern;
 	}
 
 	/* Alloc the stats memory */
 	stats = stats_mem_init(&cluster, prm);
 	if (stats == NULL)
-		SET_ERR_JMP(ENOMEM, bad_pattern, "Failed alloc stats memory");
+		SET_ERR_JMP(ENOMEM, bad_pattern, "Failed rte_malloc for stats memory");
 
 	/* Iterate over M(Graph) x N (Nodes in graph) */
 	for (i = 0; i < cluster.nb_graphs; i++) {
+		struct graph_node *graph_node;
+		struct graph *graph;
+
 		graph = cluster.graphs[i];
 		STAILQ_FOREACH(graph_node, &graph->node_list, next) {
 			struct rte_graph *graph_fp = graph->graph;
-			if (stats_mem_populate(&stats, graph_fp, graph_node))
+			if (stats_mem_populate(stats, graph_fp, graph_node))
 				goto realloc_fail;
 		}
 		if (graph->graph->model == RTE_GRAPH_MODEL_MCORE_DISPATCH)
 			stats->dispatch = true;
 	}
 
-	/* Finally copy to hugepage memory to avoid pressure on rte_realloc */
-	rc = rte_malloc_socket(NULL, stats->sz, 0, stats->socket_id);
-	if (rc)
-		rte_memcpy(rc, stats, stats->sz);
-	else
-		SET_ERR_JMP(ENOMEM, realloc_fail, "rte_malloc failed");
+	rc = stats;
+	stats = NULL;
 
 realloc_fail:
-	stats_mem_fini(stats);
+	if (stats != NULL)
+		rte_graph_cluster_stats_destroy(stats);
 bad_pattern:
 	graph_spinlock_unlock();
 	cluster_fini(&cluster);
-- 
2.43.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2025-12-21 16:54:17.765773798 +0200
+++ 0007-graph-fix-unaligned-access-in-stats.patch	2025-12-21 16:54:16.645028000 +0200
@@ -1 +1 @@
-From 826af93a68f358f8eb4f363e42d114b93fde0d69 Mon Sep 17 00:00:00 2001
+From 4a3753e107816c12d19f906f4c06863da27144c8 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 826af93a68f358f8eb4f363e42d114b93fde0d69 ]
+
@@ -32 +33,0 @@
-Cc: stable at dpdk.org
@@ -37,2 +38,2 @@
- lib/graph/graph_stats.c | 102 +++++++++++++++++++++++-----------------
- 1 file changed, 58 insertions(+), 44 deletions(-)
+ lib/graph/graph_stats.c | 96 +++++++++++++++++++++++------------------
+ 1 file changed, 55 insertions(+), 41 deletions(-)
@@ -41 +42 @@
-index 583ad8dbd5..e0fc8fd25c 100644
+index e99e8cf68a..b94ae8fb29 100644
@@ -44 +45 @@
-@@ -37,7 +37,6 @@ struct __rte_cache_aligned rte_graph_cluster_stats {
+@@ -36,7 +36,6 @@ struct rte_graph_cluster_stats {
@@ -51,2 +52,2 @@
- };
-@@ -178,15 +177,55 @@ graph_cluster_stats_cb_dispatch(bool is_first, bool is_last, void *cookie,
+ } __rte_cache_aligned;
+@@ -155,15 +154,55 @@ graph_cluster_stats_cb_dispatch(bool is_first, bool is_last, void *cookie,
@@ -109 +110 @@
-@@ -203,25 +242,23 @@ stats_mem_init(struct cluster *cluster,
+@@ -180,25 +219,23 @@ stats_mem_init(struct cluster *cluster,
@@ -138 +139 @@
-@@ -247,21 +284,12 @@ stats_mem_populate(struct rte_graph_cluster_stats **stats_in,
+@@ -223,41 +260,22 @@ stats_mem_populate(struct rte_graph_cluster_stats **stats_in,
@@ -160,30 +160,0 @@
- 	if (graph_node->node->xstats) {
-@@ -270,7 +298,7 @@ stats_mem_populate(struct rte_graph_cluster_stats **stats_in,
- 			sizeof(uint64_t) * graph_node->node->xstats->nb_xstats,
- 			RTE_CACHE_LINE_SIZE, stats->socket_id);
- 		if (cluster->stat.xstat_count == NULL)
--			SET_ERR_JMP(ENOMEM, free, "Failed to allocate memory node %s graph %s",
-+			SET_ERR_JMP(ENOMEM, err, "Failed to allocate memory node %s graph %s",
- 				    graph_node->node->name, graph->name);
- 
- 		cluster->stat.xstat_desc = rte_zmalloc_socket(NULL,
-@@ -278,7 +306,7 @@ stats_mem_populate(struct rte_graph_cluster_stats **stats_in,
- 			RTE_CACHE_LINE_SIZE, stats->socket_id);
- 		if (cluster->stat.xstat_desc == NULL) {
- 			rte_free(cluster->stat.xstat_count);
--			SET_ERR_JMP(ENOMEM, free, "Failed to allocate memory node %s graph %s",
-+			SET_ERR_JMP(ENOMEM, err, "Failed to allocate memory node %s graph %s",
- 				    graph_node->node->name, graph->name);
- 		}
- 
-@@ -288,30 +316,20 @@ stats_mem_populate(struct rte_graph_cluster_stats **stats_in,
- 					RTE_NODE_XSTAT_DESC_SIZE) < 0) {
- 				rte_free(cluster->stat.xstat_count);
- 				rte_free(cluster->stat.xstat_desc);
--				SET_ERR_JMP(E2BIG, free,
-+				SET_ERR_JMP(E2BIG, err,
- 					    "Error description overflow node %s graph %s",
- 					    graph_node->node->name, graph->name);
- 			}
- 		}
- 	}
@@ -211 +182 @@
-@@ -381,10 +399,7 @@ struct rte_graph_cluster_stats *
+@@ -326,10 +344,7 @@ struct rte_graph_cluster_stats *
@@ -222 +193 @@
-@@ -402,37 +417,36 @@ rte_graph_cluster_stats_create(const struct rte_graph_cluster_stats_param *prm)
+@@ -347,37 +362,36 @@ rte_graph_cluster_stats_create(const struct rte_graph_cluster_stats_param *prm)