[dpdk-dev] [RFC v2] porting AddressSanitizer feature to DPDK
Stephen Hemminger
stephen at networkplumber.org
Wed Jul 7 01:12:13 CEST 2021
On Tue, 6 Jul 2021 13:40:56 -0700
David Christensen <drc at linux.vnet.ibm.com> wrote:
> On 6/15/21 1:12 AM, zhihongx.peng at intel.com wrote:
> > From: Zhihong Peng <zhihongx.peng at intel.com>
> >
> > AddressSanitizer (ASan) is a google memory error detect
> > standard tool. It could help to detect use-after-free and
> > {heap,stack,global}-buffer overflow bugs in C/C++ programs,
> > print detailed error information when error happens, large
> > improve debug efficiency.
> >
> > By referring to its implementation algorithm
> > (https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm),
> > ported heap-buffer-overflow and use-after-freefunctions to dpdk.
> >
> > Here is an example of heap-buffer-overflow bug:
> > ......
> > char *p = rte_zmalloc(NULL, 7, 0);
> > p[7] = 'a';
> > ......
> >
> > Here is an example of use-after-free bug:
> > ......
> > char *p = rte_zmalloc(NULL, 7, 0);
> > rte_free(p);
> > *p = 'a';
> > ......
> >
> > If you want to use this feature,
> > you need to use the following compilation options:
> > -Db_lundef=false -Db_sanitize=address
>
> Any library dependencies here that might be architecture specific? I
> applied the patch to a POWER9 system with RHEL 8.3 and observed a SEGV:
>
> sudo /home/drc/src/dpdk/build/app/dpdk-testpmd -l 64-71
> --vdev=net_memif0,role=server,id=0 --vdev=net_memif1,role=client,id=0
> --no-pci -- -i --numa --port-numa-config=0,8,1,8
> --ring-numa-config=0,3,8,1,3,8 --socket-num=8
> EAL: Detected 128 lcore(s)
> EAL: Detected 2 NUMA nodes
> EAL: Detected static linkage of DPDK
> EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
> EAL: Selected IOVA mode 'VA'
> EAL: No available 1048576 kB hugepages reported
> EAL: VFIO support initialized
> AddressSanitizer:DEADLYSIGNAL
> =================================================================
> ==3011526==ERROR: AddressSanitizer: SEGV on unknown address
> 0x0002a0177bd0 (pc 0x000011411ce0 bp 0x7fffccd738b0 sp 0x7fffccd738b0 T0)
> ==3011526==The signal is caused by a UNKNOWN memory access.
> #0 0x11411cdc in asan_set_shadow.constprop.4
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11411cdc)
> #1 0x114131ec in malloc_elem_alloc
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x114131ec)
> #2 0x11416adc in heap_alloc.isra.1
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11416adc)
> #3 0x11419570 in malloc_heap_alloc_on_heap_id.isra.5
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11419570)
> #4 0x1141977c in malloc_heap_alloc
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x1141977c)
> #5 0x11421794 in rte_malloc_socket
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11421794)
> #6 0x11421e14 in rte_zmalloc_socket
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11421e14)
> #7 0x11422250 in rte_zmalloc
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11422250)
> #8 0x114222f4 in rte_calloc
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x114222f4)
> #9 0x11428fa4 in rte_service_init
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11428fa4)
> #10 0x11433680 in rte_eal_init
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11433680)
> #11 0x1039a734 in main
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x1039a734)
> #12 0x7fffa3664074 in generic_start_main ../csu/libc-start.c:308
> #13 0x7fffa3664260 in __libc_start_main
> ../sysdeps/unix/sysv/linux/powerpc/libc-start.c:102
>
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11411cdc) in
> asan_set_shadow.constprop.4
> ==3011526==ABORTING
>
> Dave
ASAN says you should use -fno-omit-frame-pointer to get reasonable backtrace.
More information about the dev
mailing list