From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0F7A1A04DD for ; Wed, 18 Nov 2020 17:36:27 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id BB273160; Wed, 18 Nov 2020 17:36:26 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by dpdk.org (Postfix) with ESMTP id 2B879160 for ; Wed, 18 Nov 2020 17:36:24 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1605717382; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P2Uc0VFXZ74ig60EixMBitQ7qrAGNu2P2sYRLqssANQ=; b=hN/n3QDHsuD2IENkX6ImV+5jRIX9QC5mNfUT5ui2tuo0XKCh7w06e53CUb6ZfQhoON81zu 4PsymSvtXdJTc7/YL57taZv9W0qh7v7ieaaV6kmFDkocp8AeKXMzjkmHSvWUf031tl6Hq5 Q46cFfSJpEQkrnwdsaBxTQeT5FEKhxQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-349-fauB_UjhPbyR4ncl_n8AXQ-1; Wed, 18 Nov 2020 11:36:17 -0500 X-MC-Unique: fauB_UjhPbyR4ncl_n8AXQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5F53084A5F8; Wed, 18 Nov 2020 16:36:16 +0000 (UTC) Received: from rh.redhat.com (ovpn-113-249.ams2.redhat.com [10.36.113.249]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0FF6E4D740; Wed, 18 Nov 2020 16:36:14 +0000 (UTC) From: Kevin Traynor To: Stephen Hemminger Cc: Nan Chen , Long Li , dpdk stable Date: Wed, 18 Nov 2020 16:34:47 +0000 Message-Id: <20201118163558.1101823-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Subject: [dpdk-stable] patch 'net/netvsc: check for overflow on packet info from host' has been queued to LTS release 18.11.11 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.11 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/24/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable-queue This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable-queue/commit/1f6666d4fc36792e4cf1892a9fa6bcb95d720dd9 Thanks. Kevin. --- >From 1f6666d4fc36792e4cf1892a9fa6bcb95d720dd9 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 10 Aug 2020 19:33:14 -0700 Subject: [PATCH] net/netvsc: check for overflow on packet info from host The data from the host is trusted but checked by the driver. One check that is missing is that the packet offset and length might cause wraparound. Cc: stable@dpdk.org Reported-by: Nan Chen Signed-off-by: Stephen Hemminger Signed-off-by: Long Li (cherry picked from commit 7838d3a6ae7a4ae8b3e994efe0d7d9f814941841) --- drivers/net/netvsc/hn_rxtx.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/netvsc/hn_rxtx.c b/drivers/net/netvsc/hn_rxtx.c index cc8bb7ed95..fba08b166b 100644 --- a/drivers/net/netvsc/hn_rxtx.c +++ b/drivers/net/netvsc/hn_rxtx.c @@ -621,5 +621,6 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq, void *data, uint32_t dlen) { - unsigned int data_off, data_len, pktinfo_off, pktinfo_len; + unsigned int data_off, data_len, total_len; + unsigned int pktinfo_off, pktinfo_len; const struct rndis_packet_msg *pkt = data; struct hn_rxinfo info = { @@ -666,5 +667,6 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq, } - if (unlikely(data_off + data_len > pkt->len)) + if (__builtin_add_overflow(data_off, data_len, &total_len) || + total_len > pkt->len) goto error; -- 2.26.2