This series improves defensive programming by adding proper string length
validation and overflow checking throughout DPDK libraries. The goal is
to eliminate silent truncation of names and paths, provide meaningful
error feedback, and enable compiler format overflow warnings.
Motivation
----------
Many DPDK APIs accept name parameters with defined maximum lengths
(e.g., RTE_LPM_NAMESIZE, RTE_HASH_NAMESIZE). Previously, names exceeding
these limits were silently truncated via snprintf/strlcpy, potentially
causing subtle bugs like duplicate names or unexpected behavior. This
series addresses these issues systematically.
Changes Overview
----------------
The patches fall into several categories:
1. API input validation (patches 1-2, 6, 13, 17):
- Add explicit length checks for name parameters in lpm, hash, efd,
tailq, and cfgfile APIs
- Return ENAMETOOLONG when names exceed limits
- Document new error conditions in API headers
- Add corresponding unit tests
2. Internal buffer overflow detection (patches 3-5, 8-10, 12, 15-16):
- Check snprintf/strlcpy return values for truncation
- Log warnings when internal string operations truncate
- Increase buffer sizes where they were too small
- Use dynamic allocation (asprintf) where appropriate
3. Path handling improvements (patches 7, 11, 14):
- Use standard C library routines (getmntent) for parsing /proc/mounts
- Enforce UNIX_PATH_MAX for socket paths to fail early
- Handle arbitrarily long shared library paths
4. Error message improvements (patches 1-2, 6):
- Include rte_strerror() in failure messages
- Provide more context when operations fail
5. Enable compiler warnings (patch 18):
- Remove -Wno-format-truncation flag
- All preceding patches fix the warnings this would trigger
API Changes
-----------
The following APIs now return ENAMETOOLONG for oversized names:
- rte_lpm_create()
- rte_hash_create()
- rte_fbk_hash_create()
- rte_efd_create()
- rte_eal_tailq_create()
- rte_cfgfile_add_section()
- rte_cfgfile_add_entry()
These are documented in the release notes and header files.
Testing
-------
- Existing unit tests pass
- New test cases added for hash name length validation
- Build tested with format overflow warnings enabled
Stephen Hemminger (18):
lpm: restrict name size
hash: add checks for hash name length
graph: avoid overflowing comment buffer
latencystats: add check for string overflow
telemetry: check for path overflow
efd: handle possible name truncation
eal: use C library to parse filesystem table
eal: warn if thread name is truncated
eal: avoid format overflow when handling addresses
eal: add check for sysfs path overflow
eal: limit maximum runtime directory and socket paths
eal: check for hugefile path overflow
eal: check tailq length
eal: handle long shared library path
ethdev: avoid possible overflow in xstat names
vhost: check for overflow in xstat name
cfgfile: add length checks and increase line buffer
lib: enable format overflow warnings
app/test/test_hash.c | 21 ++++++
doc/guides/rel_notes/release_26_03.rst | 13 ++++
lib/cfgfile/rte_cfgfile.c | 43 +++++++++---
lib/cfgfile/rte_cfgfile.h | 6 +-
lib/eal/common/eal_common_config.c | 6 +-
lib/eal/common/eal_common_memory.c | 3 +-
lib/eal/common/eal_common_options.c | 17 +++--
lib/eal/common/eal_common_proc.c | 85 +++++++++++++++---------
lib/eal/common/eal_common_tailqs.c | 13 +++-
lib/eal/common/eal_filesystem.h | 27 ++++++--
lib/eal/freebsd/eal.c | 6 +-
lib/eal/linux/eal.c | 6 +-
lib/eal/linux/eal_hugepage_info.c | 92 ++++++++++++--------------
lib/eal/linux/eal_memalloc.c | 11 ++-
lib/eal/linux/eal_memory.c | 9 ++-
lib/eal/windows/eal.c | 6 +-
lib/efd/rte_efd.c | 18 +++--
lib/ethdev/rte_ethdev.c | 35 +++++++---
lib/graph/graph_pcap.c | 9 ++-
lib/hash/rte_cuckoo_hash.c | 41 ++++++++----
lib/hash/rte_fbk_hash.c | 12 +++-
lib/hash/rte_fbk_hash.h | 1 +
lib/latencystats/rte_latencystats.c | 9 ++-
lib/lpm/rte_lpm.c | 16 +++--
lib/lpm/rte_lpm.h | 1 +
lib/meson.build | 4 --
lib/telemetry/telemetry_legacy.c | 7 +-
lib/vhost/vhost.c | 14 ++--
28 files changed, 366 insertions(+), 165 deletions(-)
--
2.51.0
