From: Kevin Traynor <ktraynor@redhat.com>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: Nan Chen <whutchennan@gmail.com>, Long Li <longli@microsoft.com>,
dpdk stable <stable@dpdk.org>
Subject: [dpdk-stable] patch 'net/netvsc: check for overflow on packet info from host' has been queued to LTS release 18.11.11
Date: Wed, 18 Nov 2020 16:34:47 +0000 [thread overview]
Message-ID: <20201118163558.1101823-1-ktraynor@redhat.com> (raw)
Hi,
FYI, your patch has been queued to LTS release 18.11.11
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/24/20. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue
This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/1f6666d4fc36792e4cf1892a9fa6bcb95d720dd9
Thanks.
Kevin.
---
From 1f6666d4fc36792e4cf1892a9fa6bcb95d720dd9 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 10 Aug 2020 19:33:14 -0700
Subject: [PATCH] net/netvsc: check for overflow on packet info from host
The data from the host is trusted but checked by the driver.
One check that is missing is that the packet offset and length
might cause wraparound.
Cc: stable@dpdk.org
Reported-by: Nan Chen <whutchennan@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Long Li <longli@microsoft.com>
(cherry picked from commit 7838d3a6ae7a4ae8b3e994efe0d7d9f814941841)
---
drivers/net/netvsc/hn_rxtx.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/netvsc/hn_rxtx.c b/drivers/net/netvsc/hn_rxtx.c
index cc8bb7ed95..fba08b166b 100644
--- a/drivers/net/netvsc/hn_rxtx.c
+++ b/drivers/net/netvsc/hn_rxtx.c
@@ -621,5 +621,6 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq,
void *data, uint32_t dlen)
{
- unsigned int data_off, data_len, pktinfo_off, pktinfo_len;
+ unsigned int data_off, data_len, total_len;
+ unsigned int pktinfo_off, pktinfo_len;
const struct rndis_packet_msg *pkt = data;
struct hn_rxinfo info = {
@@ -666,5 +667,6 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq,
}
- if (unlikely(data_off + data_len > pkt->len))
+ if (__builtin_add_overflow(data_off, data_len, &total_len) ||
+ total_len > pkt->len)
goto error;
--
2.26.2
next reply other threads:[~2020-11-18 16:36 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-18 16:34 Kevin Traynor [this message]
2020-11-18 16:34 ` [dpdk-stable] patch 'net/netvsc: replace compiler builtin overflow check' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'eventdev: check allocation in Tx adapter' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'event/dpaa2: fix dereference before null check' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'eventdev: fix adapter leak in error path' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'test/event: fix function arguments for crypto adapter' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'eal/x86: fix memcpy AVX-512 enablement' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'vhost: fix virtio-net header length with packed ring' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'net/netvsc: fix Tx queue leak in error path' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'net/bonding: fix possible unbalanced packet receiving' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'net/bonding: fix Rx queue conversion' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'net/failsafe: fix state synchro cleanup' " Kevin Traynor
2020-11-18 16:34 ` [dpdk-stable] patch 'net/ring: check internal arguments' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'doc: fix EF10 Rx mode name in sfc guide' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'doc: fix typo in pcap " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/bnx2x: add QLogic vendor id for BCM57840' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'ethdev: fix memory ordering for callback functions' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'distributor: fix handshake synchronization' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'distributor: fix handshake deadlock' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'distributor: fix buffer use after free' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'distributor: handle worker shutdown in burst mode' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'test/distributor: fix shutdown of busy worker' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'distributor: fix return pkt calls in single mode' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'test/distributor: fix freeing mbufs' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'test/distributor: fix lcores statistics' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'test/distributor: collect return mbufs' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'distributor: fix API documentation' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'test/distributor: fix race conditions on shutdown' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'distributor: fix scalar matching' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'distributor: fix flushing in flight packets' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'distributor: fix clearing returns buffer' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'test/distributor: fix quitting workers in burst mode' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'test/distributor: fix mbuf leak on failure' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'doc: add SPDX license tag header to meson guide' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'app: fix missing dependencies' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'examples/l2fwd-crypto: fix missing dependency' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'bus/pci: remove unused scan by address' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'eal/linux: fix memory leak in uevent handling' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'efd: fix tailq entry leak in error path' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'eal: fix leak on device event callback unregister' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'mem: fix config name in error logs' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'examples/vm_power: fix build on Ubuntu 20.04' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'examples/multi_process: " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'examples/performance-thread: fix build with low core count' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'baseband/turbo_sw: fix memory leak in error path' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'examples/fips_validation: fix missed version line' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'crypto/dpaa2_sec: remove dead code' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'common/qat: add missing kmod dependency info' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'app/testpmd: fix bonding xmit balance policy command' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/i40e: fix virtual channel conflict' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/ixgbe: check switch domain allocation result' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/i40e: fix QinQ flow pattern to allow non full mask' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/ixgbe: fix vector Rx' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/i40e: " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/fm10k: " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/vhost: fix xstats after clearing stats' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'vhost: fix virtqueues metadata allocation' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'vhost: validate index in available entries API' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'vhost: validate index in guest notification " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/ena: remove unused macro' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/mvpp2: fix memory leak in error path' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/netvsc: allocate contiguous physical memory for RNDIS' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'app/testpmd: fix RSS key for flow API RSS rule' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/i40e: fix flow director for eth + VLAN pattern' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/bnxt: fix resetting mbuf data offset' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/vdev_netvsc: fix device probing error flow' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'net/thunderx: fix memory leak on rbdr desc ring failure' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'app/testpmd: do not allow dynamic change of core number' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'ethdev: fix data type for port id' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'fix spellings that Lintian complains about' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'doc: fix typo in KNI guide' " Kevin Traynor
2020-11-18 16:35 ` [dpdk-stable] patch 'ethdev: move non-offload capabilities' " Kevin Traynor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201118163558.1101823-1-ktraynor@redhat.com \
--to=ktraynor@redhat.com \
--cc=longli@microsoft.com \
--cc=stable@dpdk.org \
--cc=stephen@networkplumber.org \
--cc=whutchennan@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).