Hello Vladimir,
On Fri, Oct 8, 2021 at 11:29 PM Vladimir Medvedkin
<vladimir.medved...@intel.com> wrote:
>
> This patch fixes buffer overflow reported by ASAN,
> please reference https://bugs.dpdk.org/show_bug.cgi?id=819
>
> The rte_lpm6 keeps routing information for control plane purpose
> inside the rte_hash table which uses rte_jhash() as a hash function.
> From the rte_jhash() documentation: If input key is not aligned to
> four byte boundaries or a multiple of four bytes in length,
> the memory region just after may be read (but not used in the
> computation).
> rte_lpm6 uses 17 bytes keys consisting of IPv6 address (16 bytes) +
> depth (1 byte).
>
> This patch increases the size of the depth field up to uint32_t
> and sets the alignment to 4 bytes.
>
> Bugzilla ID: 819
> Fixes: 86b3b21952a8 ("lpm6: store rules in hash table")
> Cc: a...@therouter.net
> Cc: sta...@dpdk.org
This change should be internal, and not breaking ABI, but are we sure
we want to backport it?
>
> Signed-off-by: Vladimir Medvedkin <vladimir.medved...@intel.com>
> ---
> lib/lpm/rte_lpm6.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lib/lpm/rte_lpm6.c b/lib/lpm/rte_lpm6.c
> index 37baabb..d5e0918 100644
> --- a/lib/lpm/rte_lpm6.c
> +++ b/lib/lpm/rte_lpm6.c
> @@ -80,8 +80,8 @@ struct rte_lpm6_rule {
> /** Rules tbl entry key. */
> struct rte_lpm6_rule_key {
> uint8_t ip[RTE_LPM6_IPV6_ADDR_SIZE]; /**< Rule IP address. */
> - uint8_t depth; /**< Rule depth. */
> -};
> + uint32_t depth; /**< Rule depth. */
> +} __rte_aligned(sizeof(uint32_t));
I would recommend doing the same than for hash tests: keep growing
depth to 32bits, but no enforcement of alignment and add build check
on structure size being sizeof(uin32_t) aligned.
>
> /* Header of tbl8 */
> struct rte_lpm_tbl8_hdr {
> --
> 2.7.4
>
--
David Marchand
