Skip to content

fix: Verify MemoryShm::byte_size inside shared memory boundary #406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 7, 2025
Merged

fix: Verify MemoryShm::byte_size inside shared memory boundary #406

merged 2 commits into from
Jul 7, 2025

Conversation

yinggeh
Copy link
Contributor

@yinggeh yinggeh commented Jul 2, 2025
edited
Loading

What does the PR do?

When attacker registers the same shm created by python backend, they can overwrite MemoryShm::byte_size data with a very large value. Identity model will read a large chunk of sensitive data (e.g. glibc.so) as input tensor, copy to the output tensor and send back to the client.

Checklist

  • PR title reflects the change and is of format <commit_type>: <Title>
  • Changes are described in the pull request.
  • Related issues are referenced.
  • Populated github labels field
  • Added test plan and verified test passes.
  • Verified that the PR passes existing CI.
  • Verified copyright is correct on all changed files.
  • Added succinct git squash message before merging ref.
  • All template sections are filled out.
  • Optional: Additional screenshots for behavior/output changes with before/after.

Commit Type:

  • fix

Related PRs:

Where should the reviewer start?

Test plan:

  • CI Pipeline ID:
    31182731

Caveats:

Background

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

  • closes GitHub issue: #xxx

@yinggeh yinggeh self-assigned this Jul 2, 2025
@yinggeh yinggeh added the bug Something isn't working label Jul 2, 2025
@yinggeh
Copy link
Contributor Author

yinggeh commented Jul 2, 2025

No unit test because triton-inference-server/server#8273 makes the exploitation impossible.

@yinggeh yinggeh requested a review from Tabrizian July 2, 2025 23:47
pskiran1
pskiran1 approved these changes Jul 3, 2025
View reviewed changes
Copy link
Member

@pskiran1 pskiran1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yinggeh
Copy link
Contributor Author

yinggeh commented Jul 7, 2025

@Tabrizian @tanmayv25 @pskiran1 I pushed a new commit 595a488 to fix the CI. Somehow the setting of this repo does not enforce re-approval. Please add an emoji if the change looks good. Thanks.

@yinggeh yinggeh merged commit 7d1333e into main Jul 7, 2025
3 checks passed
mc-nv pushed a commit that referenced this pull request Jul 23, 2025
@yinggeh @mc-nv
fix: Verify MemoryShm::byte_size within CPU shm boundary (#406)
6af1426
mc-nv added a commit that referenced this pull request Jul 23, 2025
@mc-nv @yinggeh
fix: Verify MemoryShm::byte_size within CPU shm boundary (#406) (#411)
a65e735 
Co-authored-by: Yingge He <[email protected]>
@yinggeh yinggeh deleted the yinggeh-DLIS-8377-shm-boundary-check branch July 28, 2025 21:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tabrizian Tabrizian Tabrizian approved these changes

@tanmayv25 tanmayv25 tanmayv25 approved these changes

@pskiran1 pskiran1 pskiran1 approved these changes

@kthui kthui Awaiting requested review from kthui

@krishung5 krishung5 Awaiting requested review from krishung5

@mattwittwer mattwittwer Awaiting requested review from mattwittwer

Assignees

@yinggeh yinggeh

Labels
bug Something isn't working DLIS-8377 TPRD-1628
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@yinggeh @Tabrizian @tanmayv25 @pskiran1 @mc-nv