Skip to content

fix: Verify MemoryShm::byte_size inside shared memory boundary#406

Merged
yinggeh merged 2 commits intomainfrom
yinggeh-DLIS-8377-shm-boundary-check
Jul 7, 2025
Merged

fix: Verify MemoryShm::byte_size inside shared memory boundary#406
yinggeh merged 2 commits intomainfrom
yinggeh-DLIS-8377-shm-boundary-check

Conversation

@yinggeh
Copy link
Contributor

@yinggeh yinggeh commented Jul 2, 2025
edited
Loading

What does the PR do?

When attacker registers the same shm created by python backend, they can overwrite MemoryShm::byte_size data with a very large value. Identity model will read a large chunk of sensitive data (e.g. glibc.so) as input tensor, copy to the output tensor and send back to the client.

Checklist

  • PR title reflects the change and is of format <commit_type>: <Title>
  • Changes are described in the pull request.
  • Related issues are referenced.
  • Populated github labels field
  • Added test plan and verified test passes.
  • Verified that the PR passes existing CI.
  • Verified copyright is correct on all changed files.
  • Added succinct git squash message before merging ref.
  • All template sections are filled out.
  • Optional: Additional screenshots for behavior/output changes with before/after.

Commit Type:

  • fix

Related PRs:

Where should the reviewer start?

Test plan:

  • CI Pipeline ID:
    31182731

Caveats:

Background

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

  • closes GitHub issue: #xxx

@yinggeh yinggeh self-assigned this Jul 2, 2025
@yinggeh yinggeh added the bug Something isn't working label Jul 2, 2025
@yinggeh
Copy link
Contributor Author

yinggeh commented Jul 2, 2025

No unit test because triton-inference-server/server#8273 makes the exploitation impossible.

@yinggeh yinggeh requested a review from Tabrizian July 2, 2025 23:47
pskiran1
pskiran1 approved these changes Jul 3, 2025
View reviewed changes
Copy link
Member

@pskiran1 pskiran1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yinggeh
Copy link
Contributor Author

yinggeh commented Jul 7, 2025

@Tabrizian @tanmayv25 @pskiran1 I pushed a new commit 595a488 to fix the CI. Somehow the setting of this repo does not enforce re-approval. Please add an emoji if the change looks good. Thanks.

@yinggeh yinggeh merged commit 7d1333e into main Jul 7, 2025
3 checks passed
mc-nv pushed a commit that referenced this pull request Jul 23, 2025
@yinggeh @mc-nv
fix: Verify MemoryShm::byte_size within CPU shm boundary (#406)
6af1426
mc-nv added a commit that referenced this pull request Jul 23, 2025
@mc-nv @yinggeh
fix: Verify MemoryShm::byte_size within CPU shm boundary (#406) (#411)
a65e735 
Co-authored-by: Yingge He <157551214+yinggeh@users.noreply.github.com>
@yinggeh yinggeh deleted the yinggeh-DLIS-8377-shm-boundary-check branch July 28, 2025 21:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Tabrizian Tabrizian Tabrizian approved these changes

@tanmayv25 tanmayv25 tanmayv25 approved these changes

@pskiran1 pskiran1 pskiran1 approved these changes

@kthui kthui Awaiting requested review from kthui

@krishung5 krishung5 Awaiting requested review from krishung5

@mattwittwer mattwittwer Awaiting requested review from mattwittwer

Assignees

@yinggeh yinggeh

Labels

bug Something isn't working DLIS-8377 TPRD-1628

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@yinggeh @Tabrizian @tanmayv25 @pskiran1 @mc-nv