Hello Vladimir, On Fri, Oct 8, 2021 at 11:29 PM Vladimir Medvedkin <vladimir.medved...@intel.com> wrote: > > This patch fixes buffer overflow reported by ASAN, > please reference https://bugs.dpdk.org/show_bug.cgi?id=819 > > The rte_lpm6 keeps routing information for control plane purpose > inside the rte_hash table which uses rte_jhash() as a hash function. > From the rte_jhash() documentation: If input key is not aligned to > four byte boundaries or a multiple of four bytes in length, > the memory region just after may be read (but not used in the > computation). > rte_lpm6 uses 17 bytes keys consisting of IPv6 address (16 bytes) + > depth (1 byte). > > This patch increases the size of the depth field up to uint32_t > and sets the alignment to 4 bytes. > > Bugzilla ID: 819 > Fixes: 86b3b21952a8 ("lpm6: store rules in hash table") > Cc: a...@therouter.net > Cc: sta...@dpdk.org
This change should be internal, and not breaking ABI, but are we sure we want to backport it? > > Signed-off-by: Vladimir Medvedkin <vladimir.medved...@intel.com> > --- > lib/lpm/rte_lpm6.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lib/lpm/rte_lpm6.c b/lib/lpm/rte_lpm6.c > index 37baabb..d5e0918 100644 > --- a/lib/lpm/rte_lpm6.c > +++ b/lib/lpm/rte_lpm6.c > @@ -80,8 +80,8 @@ struct rte_lpm6_rule { > /** Rules tbl entry key. */ > struct rte_lpm6_rule_key { > uint8_t ip[RTE_LPM6_IPV6_ADDR_SIZE]; /**< Rule IP address. */ > - uint8_t depth; /**< Rule depth. */ > -}; > + uint32_t depth; /**< Rule depth. */ > +} __rte_aligned(sizeof(uint32_t)); I would recommend doing the same than for hash tests: keep growing depth to 32bits, but no enforcement of alignment and add build check on structure size being sizeof(uin32_t) aligned. > > /* Header of tbl8 */ > struct rte_lpm_tbl8_hdr { > -- > 2.7.4 > -- David Marchand