[PATCH v14 00/17] lib: improve string overflow safety

David Marchand david.marchand at redhat.com
Thu Feb 5 11:57:59 CET 2026

Previous message (by thread): [PATCH v2 10/10] net/cpfl: permit secondary process Tx path selection
Next message (by thread): [PATCH] net/mlx5: fix IPv6 SHR flex node header length definition
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

On Thu, 29 Jan 2026 at 02:43, Stephen Hemminger
<stephen at networkplumber.org> wrote:
>
> This series improves defensive programming by adding proper string length
> validation and overflow checking throughout DPDK libraries. The goal is
> to eliminate silent truncation of names and paths, provide meaningful
> error feedback, and enable compiler format overflow warnings.
>
> Motivation
> ----------
> Many DPDK APIs accept name parameters with defined maximum lengths
> (e.g., RTE_LPM_NAMESIZE, RTE_HASH_NAMESIZE). Previously, names exceeding
> these limits were silently truncated via snprintf/strlcpy, potentially
> causing subtle bugs like duplicate names or unexpected behavior. This
> series addresses these issues systematically.
>
> Changes Overview
> ----------------
> The patches fall into several categories:
>
> 1. API input validation (patches 1-2, 6, 12, 16):
>    - Add explicit length checks for name parameters in lpm, hash, efd,
>      tailq, and cfgfile APIs
>    - Return ENAMETOOLONG when names exceed limits
>    - Document new error conditions in API headers
>    - Add corresponding unit tests
>
> 2. Internal buffer overflow detection (patches 3-5, 8-9, 14-15):
>    - Check snprintf/strlcpy return values for truncation
>    - Log warnings when internal string operations truncate
>    - Increase buffer sizes where they were too small
>    - Use dynamic allocation (asprintf) where appropriate
>
> 3. Path handling improvements (patches 7, 10-11, 13):
>    - Use standard C library routines (getmntent) for parsing /proc/mounts
>    - Enforce UNIX_PATH_MAX for socket paths to fail early
>    - Handle arbitrarily long shared library paths
>
> 4. Error message improvements (patches 1-2, 6):
>    - Include rte_strerror() in failure messages
>    - Provide more context when operations fail
>
> 5. Enable compiler warnings (patch 17):
>    - Remove -Wno-format-truncation flag
>    - All preceding patches fix the warnings this would trigger
>
> API Changes
> -----------
> The following APIs now return ENAMETOOLONG for oversized names:
>   - rte_lpm_create()
>   - rte_hash_create()
>   - rte_fbk_hash_create()
>   - rte_efd_create()
>   - rte_eal_tailq_create()
>   - rte_cfgfile_add_section()
>   - rte_cfgfile_add_entry()
>
> These are documented in the release notes and header files.
>
> Testing
> -------
> - Existing unit tests pass
> - New test cases added for hash name length validation
> - Build tested with format overflow warnings enabled
>
>
> v14 - fix build on 32 bit Ubuntu
>     - reword commit messages for clarity
>
> v13 - fix and cleanup get_hugefile code
>       optimize using statfs() and no string handling needed.
>       reword commit messages
>
>
> Stephen Hemminger (17):
>   lpm: reject names that exceed maximum length
>   hash: reject names that exceed maximum length
>   graph: avoid overflowing comment buffer
>   latencystats: add check for string overflow
>   telemetry: check for path overflow
>   efd: handle possible name truncation
>   eal: use C library to parse filesystem table
>   eal: warn if thread name is truncated
>   eal: avoid format overflow when handling addresses
>   eal: limit maximum runtime directory and socket paths
>   eal: check for hugefile path overflow
>   eal: check tailq length
>   eal: handle long shared library path
>   ethdev: avoid possible overflow in xstat names
>   vhost: check for overflow in xstat name
>   cfgfile: add length checks and increase line buffer
>   lib: enable format overflow warnings
>
>  app/test/test_hash.c                   |  21 ++++
>  doc/guides/rel_notes/release_26_03.rst |  13 +++
>  lib/cfgfile/rte_cfgfile.c              |  42 ++++++--
>  lib/cfgfile/rte_cfgfile.h              |   6 +-
>  lib/eal/common/eal_common_config.c     |   6 +-
>  lib/eal/common/eal_common_memory.c     |   3 +-
>  lib/eal/common/eal_common_options.c    |  17 ++-
>  lib/eal/common/eal_common_proc.c       |  85 +++++++++------
>  lib/eal/common/eal_common_tailqs.c     |  13 ++-
>  lib/eal/common/eal_filesystem.h        |  27 ++++-
>  lib/eal/freebsd/eal.c                  |   6 +-
>  lib/eal/linux/eal.c                    |   6 +-
>  lib/eal/linux/eal_hugepage_info.c      | 138 ++++++++++---------------
>  lib/eal/linux/eal_memalloc.c           |  11 +-
>  lib/eal/linux/eal_memory.c             |   9 +-
>  lib/eal/windows/eal.c                  |   6 +-
>  lib/efd/rte_efd.c                      |  18 +++-
>  lib/ethdev/rte_ethdev.c                |  35 +++++--
>  lib/graph/graph_pcap.c                 |   9 +-
>  lib/hash/rte_cuckoo_hash.c             |  41 +++++---
>  lib/hash/rte_fbk_hash.c                |  12 ++-
>  lib/hash/rte_fbk_hash.h                |   1 +
>  lib/latencystats/rte_latencystats.c    |   9 +-
>  lib/lpm/rte_lpm.c                      |  17 ++-
>  lib/lpm/rte_lpm.h                      |   1 +
>  lib/meson.build                        |   4 -
>  lib/telemetry/telemetry_legacy.c       |   7 +-
>  lib/vhost/vhost.c                      |  14 ++-
>  28 files changed, 377 insertions(+), 200 deletions(-)

Series applied, thanks.


-- 
David Marchand

Previous message (by thread): [PATCH v2 10/10] net/cpfl: permit secondary process Tx path selection
Next message (by thread): [PATCH] net/mlx5: fix IPv6 SHR flex node header length definition
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list