From: Jakub Grajciar <jgrajcia@cisco.com>
To: <dev@dpdk.org>
Cc: Jakub Grajciar <jgrajcia@cisco.com>, <stephen@networkplumber.org>
Subject: [dpdk-dev] [PATCH v2] net/memif: fix invalid unix domain address length
Date: Wed, 23 Oct 2019 10:07:32 +0200 [thread overview]
Message-ID: <20191023080732.2706-1-jgrajcia@cisco.com> (raw)
In-Reply-To: <20191022160829.21664-1-jgrajcia@cisco.com>
Define MEMIF_SOCKET_UN_SIZE to size of unix domain socket address.
Report error in case of longer path.
Fixes: b923866c6974 ("net/memif: allow for full key size in socket name")
Cc: stephen@networkplumber.org
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
---
doc/guides/nics/memif.rst | 2 +-
drivers/net/memif/memif_socket.c | 27 +++++++++++----------------
drivers/net/memif/memif_socket.h | 6 ++++--
drivers/net/memif/rte_eth_memif.c | 5 +++++
4 files changed, 21 insertions(+), 19 deletions(-)
v2:
- fix coding style
- fix socket path length check
diff --git a/doc/guides/nics/memif.rst b/doc/guides/nics/memif.rst
index de2d481eb..9a568455e 100644
--- a/doc/guides/nics/memif.rst
+++ b/doc/guides/nics/memif.rst
@@ -42,7 +42,7 @@ client.
"role=master", "Set memif role", "slave", "master|slave"
"bsize=1024", "Size of single packet buffer", "2048", "uint16_t"
"rsize=11", "Log2 of ring size. If rsize is 10, actual ring size is 1024", "10", "1-14"
- "socket=/tmp/memif.sock", "Socket filename", "/tmp/memif.sock", "string len 256"
+ "socket=/tmp/memif.sock", "Socket filename", "/tmp/memif.sock", "string len 108"
"mac=01:23:45:ab:cd:ef", "Mac address", "01:ab:23:cd:45:ef", ""
"secret=abc123", "Secret is an optional security option, which if specified, must be matched by peer", "", "string len 24"
"zero-copy=yes", "Enable/disable zero-copy slave mode", "no", "yes|no"
diff --git a/drivers/net/memif/memif_socket.c b/drivers/net/memif/memif_socket.c
index 0c71f6c45..4efa68e1a 100644
--- a/drivers/net/memif/memif_socket.c
+++ b/drivers/net/memif/memif_socket.c
@@ -7,7 +7,6 @@
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
-#include <sys/un.h>
#include <sys/ioctl.h>
#include <errno.h>
@@ -860,16 +859,12 @@ memif_listener_handler(void *arg)
rte_free(cc);
}
-#define MEMIF_SOCKET_UN_SIZE \
- (offsetof(struct sockaddr_un, sun_path) + MEMIF_SOCKET_KEY_LEN)
-
static struct memif_socket *
memif_socket_create(struct pmd_internals *pmd,
const char *key, uint8_t listener)
{
struct memif_socket *sock;
- struct sockaddr_un *un;
- char un_buf[MEMIF_SOCKET_UN_SIZE];
+ struct sockaddr_un un;
int sockfd;
int ret;
int on = 1;
@@ -881,7 +876,7 @@ memif_socket_create(struct pmd_internals *pmd,
}
sock->listener = listener;
- strlcpy(sock->filename, key, MEMIF_SOCKET_KEY_LEN);
+ strlcpy(sock->filename, key, MEMIF_SOCKET_UN_SIZE);
TAILQ_INIT(&sock->dev_queue);
if (listener != 0) {
@@ -889,18 +884,18 @@ memif_socket_create(struct pmd_internals *pmd,
if (sockfd < 0)
goto error;
- memset(un_buf, 0, sizeof(un_buf));
- un = (struct sockaddr_un *)un_buf;
- un->sun_family = AF_UNIX;
- strlcpy(un->sun_path, sock->filename, MEMIF_SOCKET_KEY_LEN);
+ un.sun_family = AF_UNIX;
+ strlcpy(un.sun_path, sock->filename, MEMIF_SOCKET_UN_SIZE);
ret = setsockopt(sockfd, SOL_SOCKET, SO_PASSCRED, &on,
sizeof(on));
if (ret < 0)
goto error;
- ret = bind(sockfd, (struct sockaddr *)un, MEMIF_SOCKET_UN_SIZE);
+
+ ret = bind(sockfd, (struct sockaddr *)&un, sizeof(un));
if (ret < 0)
goto error;
+
ret = listen(sockfd, 1);
if (ret < 0)
goto error;
@@ -940,7 +935,7 @@ memif_create_socket_hash(void)
params.name = MEMIF_SOCKET_HASH_NAME;
params.entries = 256;
- params.key_len = MEMIF_SOCKET_KEY_LEN;
+ params.key_len = MEMIF_SOCKET_UN_SIZE;
params.hash_func = rte_jhash;
params.hash_func_init_val = 0;
return rte_hash_create(¶ms);
@@ -955,7 +950,7 @@ memif_socket_init(struct rte_eth_dev *dev, const char *socket_filename)
struct pmd_internals *tmp_pmd;
struct rte_hash *hash;
int ret;
- char key[MEMIF_SOCKET_KEY_LEN];
+ char key[MEMIF_SOCKET_UN_SIZE];
hash = rte_hash_find_existing(MEMIF_SOCKET_HASH_NAME);
if (hash == NULL) {
@@ -966,8 +961,8 @@ memif_socket_init(struct rte_eth_dev *dev, const char *socket_filename)
}
}
- memset(key, 0, MEMIF_SOCKET_KEY_LEN);
- strlcpy(key, socket_filename, MEMIF_SOCKET_KEY_LEN);
+ memset(key, 0, MEMIF_SOCKET_UN_SIZE);
+ strlcpy(key, socket_filename, MEMIF_SOCKET_UN_SIZE);
ret = rte_hash_lookup_data(hash, key, (void **)&socket);
if (ret < 0) {
socket = memif_socket_create(pmd, key,
diff --git a/drivers/net/memif/memif_socket.h b/drivers/net/memif/memif_socket.h
index 9f40f8d13..5c49ec24e 100644
--- a/drivers/net/memif/memif_socket.h
+++ b/drivers/net/memif/memif_socket.h
@@ -6,6 +6,7 @@
#define _MEMIF_SOCKET_H_
#include <sys/queue.h>
+#include <sys/un.h>
/**
* Remove device from socket device list. If no device is left on the socket,
@@ -79,11 +80,12 @@ struct memif_socket_dev_list_elt {
};
#define MEMIF_SOCKET_HASH_NAME "memif-sh"
-#define MEMIF_SOCKET_KEY_LEN 256
+#define MEMIF_SOCKET_UN_SIZE \
+ (sizeof(struct sockaddr_un) - offsetof(struct sockaddr_un, sun_path))
struct memif_socket {
struct rte_intr_handle intr_handle; /**< interrupt handle */
- char filename[MEMIF_SOCKET_KEY_LEN]; /**< socket filename */
+ char filename[MEMIF_SOCKET_UN_SIZE]; /**< socket filename */
TAILQ_HEAD(, memif_socket_dev_list_elt) dev_queue;
/**< Queue of devices using this socket */
diff --git a/drivers/net/memif/rte_eth_memif.c b/drivers/net/memif/rte_eth_memif.c
index a347e27bd..d52db91ed 100644
--- a/drivers/net/memif/rte_eth_memif.c
+++ b/drivers/net/memif/rte_eth_memif.c
@@ -1192,6 +1192,11 @@ memif_check_socket_filename(const char *filename)
uint32_t idx;
int ret = 0;
+ if (strlen(filename) >= MEMIF_SOCKET_UN_SIZE) {
+ MIF_LOG(ERR, "Unix socket address too long (max 108).");
+ return -1;
+ }
+
tmp = strrchr(filename, '/');
if (tmp != NULL) {
idx = tmp - filename;
--
2.17.1
next prev parent reply other threads:[~2019-10-23 8:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-22 16:08 [dpdk-dev] [PATCH] " Jakub Grajciar
2019-10-22 16:32 ` Ferruh Yigit
2019-10-22 16:35 ` Jakub Grajciar -X (jgrajcia - PANTHEON TECHNOLOGIES at Cisco)
2019-10-22 16:37 ` Stephen Hemminger
2019-10-22 16:50 ` Jakub Grajciar -X (jgrajcia - PANTHEON TECHNOLOGIES at Cisco)
2019-10-22 17:37 ` Stephen Hemminger
2019-10-23 8:07 ` Jakub Grajciar [this message]
2019-10-23 17:42 ` [dpdk-dev] [PATCH v2] " Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191023080732.2706-1-jgrajcia@cisco.com \
--to=jgrajcia@cisco.com \
--cc=dev@dpdk.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).