patch 'examples/l3fwd: fix buffer overflow in Tx' has been queued to stable release 19.11.12

christian.ehrhardt at canonical.com christian.ehrhardt at canonical.com
Thu Mar 17 15:17:42 CET 2022 

Hi,

FYI, your patch has been queued to stable release 19.11.12

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/19/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/d3847ac2c5d194e9bcae34f613796332c38ec511

Thanks.

Christian Ehrhardt <christian.ehrhardt at canonical.com>

---
>From d3847ac2c5d194e9bcae34f613796332c38ec511 Mon Sep 17 00:00:00 2001
From: Rahul Bhansali <rbhansali at marvell.com>
Date: Tue, 11 Jan 2022 18:20:05 +0530
Subject: [PATCH] examples/l3fwd: fix buffer overflow in Tx

[ upstream commit 0490d69d58d9d75c37e780966c837a062658f528 ]

This patch fixes the stack buffer overflow error reported
from AddressSanitizer.
Function send_packetsx4() tries to access out of bound data
from rte_mbuf and fill it into TX buffer even in the case
where no pending packets (len = 0).
Performance impact:- No

ASAN error report:-
==819==ERROR: AddressSanitizer: stack-buffer-overflow on address
0xffffe2c0dcf0 at pc 0x0000005e791c bp 0xffffe2c0d7e0 sp 0xffffe2c0d800
READ of size 8 at 0xffffe2c0dcf0 thread T0
 #0 0x5e7918 in send_packetsx4 ../examples/l3fwd/l3fwd_common.h:251
 #1 0x5e7918 in send_packets_multi ../examples/l3fwd/l3fwd_neon.h:226

Fixes: 96ff445371e0 ("examples/l3fwd: reorganise and optimize LPM code path")

Signed-off-by: Rahul Bhansali <rbhansali at marvell.com>
Reviewed-by: Conor Walsh <conor.walsh at intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
---
 examples/l3fwd/l3fwd_common.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/examples/l3fwd/l3fwd_common.h b/examples/l3fwd/l3fwd_common.h
index 7d83ff641a..de77711f88 100644
--- a/examples/l3fwd/l3fwd_common.h
+++ b/examples/l3fwd/l3fwd_common.h
@@ -236,6 +236,9 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[],
 
 		/* copy rest of the packets into the TX buffer. */
 		len = num - n;
+		if (len == 0)
+			goto exit;
+
 		j = 0;
 		switch (len % FWDSTEP) {
 		while (j < len) {
@@ -258,6 +261,7 @@ send_packetsx4(struct lcore_conf *qconf, uint16_t port, struct rte_mbuf *m[],
 		}
 	}
 
+exit:
 	qconf->tx_mbufs[port].len = len;
 }
 
-- 
2.35.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-03-17 14:33:42.139334109 +0100
+++ 0004-examples-l3fwd-fix-buffer-overflow-in-Tx.patch	2022-03-17 14:33:41.872623036 +0100
@@ -1 +1 @@
-From 0490d69d58d9d75c37e780966c837a062658f528 Mon Sep 17 00:00:00 2001
+From d3847ac2c5d194e9bcae34f613796332c38ec511 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 0490d69d58d9d75c37e780966c837a062658f528 ]
+
@@ -21 +22,0 @@
-Cc: stable at dpdk.org
@@ -31 +32 @@
-index cbaab79f5b..8e4c27218f 100644
+index 7d83ff641a..de77711f88 100644

More information about the stable mailing list