> From: Scott Mitchell <[email protected]> > > The __rte_alloc_size(1) attribute on rte_lcore_var_alloc() is > semantically incorrect and causes false positives with FORTIFY_SOURCE > runtime checks. > > The attribute tells the compiler that the function returns a pointer > to 'size' bytes of usable memory. However, rte_lcore_var_alloc() > actually returns a handle to a per-lcore variable scheme. The > allocator internally allocates 'size' bytes per lcore > (size * RTE_MAX_LCORE total), partitioned into per-lcore sections. > The handle points to lcore 0's copy, and accessed via > RTE_LCORE_VAR_LCORE(lcore_id, handle) which computes: > handle + (lcore_id * RTE_MAX_LCORE_VAR). Access is expected > beyond 'size' bytes beyond the returned pointer when 'lcore_id != 0' > but FORTIFY_SOURCE may terminate the program due to out of bounds > access. > > This can be observed on CI with gcc 13.3.0 in lcore_var_autotest with > '*** buffer overflow detected ***: terminated' if pointer provenance > is preserved (e.g. if offsets avoid casting to uintptr_t). > > Fixes: 5bce9bed67ad ("eal: add static per-lcore memory allocation > facility") > Cc: [email protected] > Cc: [email protected] > > Signed-off-by: Scott Mitchell <[email protected]> > --- > lib/eal/include/rte_lcore_var.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/eal/include/rte_lcore_var.h > b/lib/eal/include/rte_lcore_var.h > index ca31dff6fd..48b022e84e 100644 > --- a/lib/eal/include/rte_lcore_var.h > +++ b/lib/eal/include/rte_lcore_var.h > @@ -202,7 +202,7 @@ rte_lcore_var_lcore(unsigned int lcore_id, void > *handle) > __rte_experimental > void * > rte_lcore_var_alloc(size_t size, size_t align) > - __rte_alloc_size(1) __rte_alloc_align(2); > + __rte_alloc_align(2); > > #ifdef __cplusplus > } > -- > 2.39.5 (Apple Git-154)
This patch could be separated from the RTE_PTR_ADD/SUB series. Acked-by: Morten Brørup <[email protected]> NB: Please keep this ACK for any new versions of this patch if the essence of the patch doesn't change.
