Re: [dpdk-dev] [RFC v2] porting AddressSanitizer feature to DPDK

[Stephen Hemminger <stephen@networkplumber.org>]

On Tue, 6 Jul 2021 13:40:56 -0700
David Christensen <drc@linux.vnet.ibm.com> wrote:

> On 6/15/21 1:12 AM, zhihongx.peng@intel.com wrote:
> > From: Zhihong Peng <zhihongx.peng@intel.com>
> > 
> > AddressSanitizer (ASan) is a google memory error detect
> > standard tool. It could help to detect use-after-free and
> > {heap,stack,global}-buffer overflow bugs in C/C++ programs,
> > print detailed error information when error happens, large
> > improve debug efficiency.
> > 
> > By referring to its implementation algorithm
> > (https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm),
> > ported heap-buffer-overflow and use-after-freefunctions to dpdk.
> > 
> > Here is an example of heap-buffer-overflow bug:
> > 	......
> >          char *p = rte_zmalloc(NULL, 7, 0);
> >          p[7] = 'a';
> > 	......
> > 
> > Here is an example of use-after-free bug:
> > 	......
> >          char *p = rte_zmalloc(NULL, 7, 0);
> >          rte_free(p);
> >          *p = 'a';
> > 	......
> > 
> > If you want to use this feature,
> > you need to use the following compilation options:
> > -Db_lundef=false -Db_sanitize=address  
> 
> Any library dependencies here that might be architecture specific?  I 
> applied the patch to a POWER9 system with RHEL 8.3 and observed a SEGV:
> 
> sudo /home/drc/src/dpdk/build/app/dpdk-testpmd -l 64-71 
> --vdev=net_memif0,role=server,id=0 --vdev=net_memif1,role=client,id=0 
> --no-pci -- -i --numa --port-numa-config=0,8,1,8 
> --ring-numa-config=0,3,8,1,3,8 --socket-num=8
> EAL: Detected 128 lcore(s)
> EAL: Detected 2 NUMA nodes
> EAL: Detected static linkage of DPDK
> EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
> EAL: Selected IOVA mode 'VA'
> EAL: No available 1048576 kB hugepages reported
> EAL: VFIO support initialized
> AddressSanitizer:DEADLYSIGNAL
> =================================================================
> ==3011526==ERROR: AddressSanitizer: SEGV on unknown address 
> 0x0002a0177bd0 (pc 0x000011411ce0 bp 0x7fffccd738b0 sp 0x7fffccd738b0 T0)
> ==3011526==The signal is caused by a UNKNOWN memory access.
>      #0 0x11411cdc in asan_set_shadow.constprop.4 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11411cdc)
>      #1 0x114131ec in malloc_elem_alloc 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x114131ec)
>      #2 0x11416adc in heap_alloc.isra.1 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11416adc)
>      #3 0x11419570 in malloc_heap_alloc_on_heap_id.isra.5 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11419570)
>      #4 0x1141977c in malloc_heap_alloc 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x1141977c)
>      #5 0x11421794 in rte_malloc_socket 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11421794)
>      #6 0x11421e14 in rte_zmalloc_socket 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11421e14)
>      #7 0x11422250 in rte_zmalloc 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11422250)
>      #8 0x114222f4 in rte_calloc 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x114222f4)
>      #9 0x11428fa4 in rte_service_init 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11428fa4)
>      #10 0x11433680 in rte_eal_init 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11433680)
>      #11 0x1039a734 in main 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x1039a734)
>      #12 0x7fffa3664074 in generic_start_main ../csu/libc-start.c:308
>      #13 0x7fffa3664260 in __libc_start_main 
> ../sysdeps/unix/sysv/linux/powerpc/libc-start.c:102
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV 
> (/home/drc/src/dpdk/build/app/dpdk-testpmd+0x11411cdc) in 
> asan_set_shadow.constprop.4
> ==3011526==ABORTING
> 
> Dave

ASAN says you should use -fno-omit-frame-pointer to get reasonable backtrace.