Enhance bound check for shm offset #6914
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
kthui
force-pushed
the
jacky-shm-offset
branch
from
04eb351 to
7bd6a29
Compare
kthui
force-pushed
the
jacky-shm-offset
branch
from
7bd6a29 to
e544dff
Compare
This scope is exactly the next ticket after this one. We can address it in a different PR, unless you think both fixes must be committed at the same time. |
|
This is increasing the scope by a little bit but could you provide an improvement to the shared memory manager where we check that the offset provided by the user is a multiple of the host's page size? You could probably test for this if |
|
@nv-kmcgill53 if I understand correctly, you are talking about an improved bound check when registering a shm region, not when inferencing with a shm region? The next next ticket after this one is about improving checks when registering a shm region. Maybe we can add this check on a separate PR, unless you think the shm registration bound check improvement and this one must be committed together? |
| @@ -346,12 +346,26 @@ SharedMemoryManager::GetMemoryInfo( | |||
| std::string("Unable to find shared memory region: '" + name + "'") | |||
| .c_str()); | |||
| } | |||
|
|
|||
| // populate 'shm_mapped_addr' | |||
| size_t max_offset = 0; | |||
There was a problem hiding this comment.
Small suggestion - what if we refactored to set the offsets, check them, and then only set the shm variable? I think one thing was a little odd was seeing the address set and then the offsets checked.
By setting the variables you can also keep a single place to set the address - just a thought.
size_t max_offset = 0;
if (it->second->byte_size_ > 0) {
max_offset = it->second->byte_size_ - 1;
}
if (it->second->kind_ == TRITONSERVER_MEMORY_CPU) {
offset += it->second->offset;
max_offset += it -> second-> offset;
}
if (offset > max_offset) {
*shm_mapped_addr = nullptr;
return TRITONSERVER_ErrorNew(
TRITONSERVER_ERROR_INVALID_ARG,
std::string("Invalid offset for shared memory region: '" + name + "'")
.c_str());
}
*shm_mapped_addr = (void*)((uint8_t*)it->second->mapped_addr_ + offset);
There was a problem hiding this comment.
Yes, if there is other work slated for improvement on the registering of shared memory then, yes, that change should go in there. |
Sure. Linked this conversation in that ticket. |
…nds (#7083) Validate that memory offset and byte size requested is not out of bounds of registered memory. Previously in #6914 we checked out of bounds offset for shared memory requests. This PR also adds more testing to verify the block of memory is in fact in bounds. Client change: triton-inference-server/client#565
…nds (#7083) Validate that memory offset and byte size requested is not out of bounds of registered memory. Previously in #6914 we checked out of bounds offset for shared memory requests. This PR also adds more testing to verify the block of memory is in fact in bounds. Client change: triton-inference-server/client#565
…nds (#7083) (#7111) Validate that memory offset and byte size requested is not out of bounds of registered memory. Previously in #6914 we checked out of bounds offset for shared memory requests. This PR also adds more testing to verify the block of memory is in fact in bounds. Client change: triton-inference-server/client#565
Enhance shared memory bound checking during inference to make sure the offset supplied by the user cannot go beyond the shared memory region when the region was registered.