This series improves defensive programming by adding proper string length
validation and overflow checking throughout DPDK libraries. The goal is
to eliminate silent truncation of names and paths, provide meaningful
error feedback, and enable compiler format overflow warnings.
Motivation
----------
Many DPDK APIs accept name parameters with defined maximum lengths
(e.g., RTE_LPM_NAMESIZE, RTE_HASH_NAMESIZE). Previously, names exceeding
these limits were silently truncated via snprintf/strlcpy, potentially
causing subtle bugs like duplicate names or unexpected behavior. This
series addresses these issues systematically.
Changes Overview
----------------
The patches fall into several categories:
1. API input validation (patches 1-2, 6, 12, 16):
- Add explicit length checks for name parameters in lpm, hash, efd,
tailq, and cfgfile APIs
- Return ENAMETOOLONG when names exceed limits
- Document new error conditions in API headers
- Add corresponding unit tests
2. Internal buffer overflow detection (patches 3-5, 8-9, 14-15):
- Check snprintf/strlcpy return values for truncation
- Log warnings when internal string operations truncate
- Increase buffer sizes where they were too small
- Use dynamic allocation (asprintf) where appropriate
3. Path handling improvements (patches 7, 10-11, 13):
- Use standard C library routines (getmntent) for parsing /proc/mounts
- Enforce UNIX_PATH_MAX for socket paths to fail early
- Handle arbitrarily long shared library paths
4. Error message improvements (patches 1-2, 6):
- Include rte_strerror() in failure messages
- Provide more context when operations fail
5. Enable compiler warnings (patch 17):
- Remove -Wno-format-truncation flag
- All preceding patches fix the warnings this would trigger
API Changes
-----------
The following APIs now return ENAMETOOLONG for oversized names:
- rte_lpm_create()
- rte_hash_create()
- rte_fbk_hash_create()
- rte_efd_create()
- rte_eal_tailq_create()
- rte_cfgfile_add_section()
- rte_cfgfile_add_entry()
These are documented in the release notes and header files.
Testing
-------
- Existing unit tests pass
- New test cases added for hash name length validation
- Build tested with format overflow warnings enabled
v12:
- Fix build if strlcpy is mapped to snprintf (no libbsd)
- Drop redundant "eal: add check for sysfs path overflow" patch;
the sysfs path handling is now consolidated in the hugefile
path overflow patch using asprintf
- Fix hash unit test to use SOCKET_ID_ANY instead of invalid
socket ID when testing name length validation
- Remove extraneous blank line in cfgfile patch
v11:
- Rebase and address review feedback
Stephen Hemminger (17):
lpm: restrict name size
hash: add checks for hash name length
graph: avoid overflowing comment buffer
latencystats: add check for string overflow
telemetry: check for path overflow
efd: handle possible name truncation
eal: use C library to parse filesystem table
eal: warn if thread name is truncated
eal: avoid format overflow when handling addresses
eal: limit maximum runtime directory and socket paths
eal: check for hugefile path overflow
eal: check tailq length
eal: handle long shared library path
ethdev: avoid possible overflow in xstat names
vhost: check for overflow in xstat name
cfgfile: add length checks and increase line buffer
lib: enable format overflow warnings
app/test/test_hash.c | 21 ++++++
doc/guides/rel_notes/release_26_03.rst | 13 ++++
lib/cfgfile/rte_cfgfile.c | 42 +++++++++---
lib/cfgfile/rte_cfgfile.h | 6 +-
lib/eal/common/eal_common_config.c | 6 +-
lib/eal/common/eal_common_memory.c | 3 +-
lib/eal/common/eal_common_options.c | 17 +++--
lib/eal/common/eal_common_proc.c | 85 +++++++++++++++---------
lib/eal/common/eal_common_tailqs.c | 13 +++-
lib/eal/common/eal_filesystem.h | 27 ++++++--
lib/eal/freebsd/eal.c | 6 +-
lib/eal/linux/eal.c | 6 +-
lib/eal/linux/eal_hugepage_info.c | 90 ++++++++++++--------------
lib/eal/linux/eal_memalloc.c | 11 ++-
lib/eal/linux/eal_memory.c | 9 ++-
lib/eal/windows/eal.c | 6 +-
lib/efd/rte_efd.c | 18 +++--
lib/ethdev/rte_ethdev.c | 35 +++++++---
lib/graph/graph_pcap.c | 9 ++-
lib/hash/rte_cuckoo_hash.c | 41 ++++++++----
lib/hash/rte_fbk_hash.c | 12 +++-
lib/hash/rte_fbk_hash.h | 1 +
lib/latencystats/rte_latencystats.c | 9 ++-
lib/lpm/rte_lpm.c | 16 +++--
lib/lpm/rte_lpm.h | 1 +
lib/meson.build | 4 --
lib/telemetry/telemetry_legacy.c | 7 +-
lib/vhost/vhost.c | 14 ++--
28 files changed, 352 insertions(+), 166 deletions(-)
--
2.51.0
Stephen Hemminger (17):
lpm: restrict name size
hash: add checks for hash name length
graph: avoid overflowing comment buffer
latencystats: add check for string overflow
telemetry: check for path overflow
efd: handle possible name truncation
eal: use C library to parse filesystem table
eal: warn if thread name is truncated
eal: avoid format overflow when handling addresses
eal: limit maximum runtime directory and socket paths
eal: check for hugefile path overflow
eal: check tailq length
eal: handle long shared library path
ethdev: avoid possible overflow in xstat names
vhost: check for overflow in xstat name
cfgfile: add length checks and increase line buffer
lib: enable format overflow warnings
app/test/test_hash.c | 21 +++++
doc/guides/rel_notes/release_26_03.rst | 13 +++
lib/cfgfile/rte_cfgfile.c | 42 ++++++++--
lib/cfgfile/rte_cfgfile.h | 6 +-
lib/eal/common/eal_common_config.c | 6 +-
lib/eal/common/eal_common_memory.c | 3 +-
lib/eal/common/eal_common_options.c | 17 +++-
lib/eal/common/eal_common_proc.c | 85 ++++++++++++-------
lib/eal/common/eal_common_tailqs.c | 13 ++-
lib/eal/common/eal_filesystem.h | 27 ++++--
lib/eal/freebsd/eal.c | 6 +-
lib/eal/linux/eal.c | 6 +-
lib/eal/linux/eal_hugepage_info.c | 112 ++++++++++++-------------
lib/eal/linux/eal_memalloc.c | 11 ++-
lib/eal/linux/eal_memory.c | 9 +-
lib/eal/windows/eal.c | 6 +-
lib/efd/rte_efd.c | 18 +++-
lib/ethdev/rte_ethdev.c | 35 +++++---
lib/graph/graph_pcap.c | 9 +-
lib/hash/rte_cuckoo_hash.c | 41 ++++++---
lib/hash/rte_fbk_hash.c | 12 ++-
lib/hash/rte_fbk_hash.h | 1 +
lib/latencystats/rte_latencystats.c | 9 +-
lib/lpm/rte_lpm.c | 16 +++-
lib/lpm/rte_lpm.h | 1 +
lib/meson.build | 4 -
lib/telemetry/telemetry_legacy.c | 7 +-
lib/vhost/vhost.c | 14 +++-
28 files changed, 380 insertions(+), 170 deletions(-)
--
2.51.0
