From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id CE81B43894;
	Thu, 11 Jan 2024 17:29:56 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 0A8AA40689;
	Thu, 11 Jan 2024 17:29:56 +0100 (CET)
Received: from shelob.oktetlabs.ru (shelob.oktetlabs.ru [91.220.146.113])
 by mails.dpdk.org (Postfix) with ESMTP id A42F740266;
 Thu, 11 Jan 2024 17:29:54 +0100 (CET)
Received: from [192.168.38.17] (aros.oktetlabs.ru [192.168.38.17])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by shelob.oktetlabs.ru (Postfix) with ESMTPSA id 921A35A;
 Thu, 11 Jan 2024 19:29:52 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 shelob.oktetlabs.ru 921A35A
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=oktetlabs.ru;
 s=default; t=1704990592;
 bh=lSy/bRC8p42344Nv/lKoo5hxcO2Gsnl+ztACabCDUOY=;
 h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
 b=rnqAPrY/4LwU558k/5ZFK8S/+9tZz/Aj9voymQrMAdBjSM0U/IfQUriPVMdn6Ibc/
 RAEunJkx85uZN0RWITMb7eCK0AqxI+dRVYsC23Erz514IBDAxwtxzXC6W9xBXHQlvh
 N40FYGhRwUH6FjOEgEwN+eFmEyLSCWi9RmF/eHSI=
Message-ID: <4175b75b-d9d0-47c8-be76-11c7412a8d24@oktetlabs.ru>
Date: Thu, 11 Jan 2024 19:29:51 +0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [dpdk-dev v4 2/2] net/tap: fix buffer overflow for ptypes list
 through driver API update
Content-Language: en-US
To: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>,
 Igor Russkikh <irusskikh@marvell.com>,
 Selwin Sebastian <selwin.sebastian@amd.com>,
 Ajit Khaparde <ajit.khaparde@broadcom.com>,
 Somnath Kotur <somnath.kotur@broadcom.com>,
 Nithin Dabilpuram <ndabilpuram@marvell.com>,
 Kiran Kumar K <kirankumark@marvell.com>, Sunil Kumar Kori
 <skori@marvell.com>, Satha Rao <skoteshwar@marvell.com>,
 Yuying Zhang <yuying.zhang@intel.com>, Beilei Xing <beilei.xing@intel.com>,
 Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>,
 Hemant Agrawal <hemant.agrawal@nxp.com>,
 Sachin Saxena <sachin.saxena@nxp.com>, Simei Su <simei.su@intel.com>,
 Wenjun Wu <wenjun1.wu@intel.com>, Gagandeep Singh <g.singh@nxp.com>,
 John Daley <johndale@cisco.com>, Hyong Youb Kim <hyonkim@cisco.com>,
 Gaetan Rivet <grive@u256.net>, Qi Zhang <qi.z.zhang@intel.com>,
 Xiao Wang <xiao.w.wang@intel.com>, Jie Hai <haijie1@huawei.com>,
 Yisen Zhuang <yisen.zhuang@huawei.com>, Jingjing Wu <jingjing.wu@intel.com>,
 Qiming Yang <qiming.yang@intel.com>, Junfeng Guo <junfeng.guo@intel.com>,
 Andrew Boyer <andrew.boyer@amd.com>, Long Li <longli@microsoft.com>,
 Matan Azrad <matan@nvidia.com>, Viacheslav Ovsiienko
 <viacheslavo@nvidia.com>, Dariusz Sosnowski <dsosnowski@nvidia.com>,
 Ori Kam <orika@nvidia.com>, Suanming Mou <suanmingm@nvidia.com>,
 Zyta Szpak <zr@semihalf.com>, Liron Himi <lironh@marvell.com>,
 Chaoyong He <chaoyong.he@corigine.com>, Jiawen Wu <jiawenwu@trustnetic.com>,
 Harman Kalra <hkalra@marvell.com>,
 Devendra Singh Rawat <dsinghrawat@marvell.com>,
 Alok Prasad <palok@marvell.com>, Jerin Jacob <jerinj@marvell.com>,
 Maciej Czekaj <mczekaj@marvell.com>, Jian Wang <jianwang@trustnetic.com>,
 Jochen Behrens <jbehrens@vmware.com>, Thomas Monjalon <thomas@monjalon.net>,
 Ferruh Yigit <ferruh.yigit@amd.com>
Cc: dev@dpdk.org, stable@dpdk.org, ferruh.yigit@intel.com
References: <20231221184001.928922-1-venkatx.sivaramakrishnan@intel.com>
 <20240104175111.2190075-1-venkatx.sivaramakrishnan@intel.com>
 <20240104175111.2190075-3-venkatx.sivaramakrishnan@intel.com>
From: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
Organization: OKTET Labs
In-Reply-To: <20240104175111.2190075-3-venkatx.sivaramakrishnan@intel.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

On 1/4/24 20:51, Sivaramakrishnan Venkat wrote:
> Incorrect ptypes list causes buffer overflow for Address Sanitizer
> run. Previously, the last element in the ptypes lists to be
> "RTE_PTYPE_UNKNOWN" for rte_eth_dev_get_supported_ptypes(), but this was
> not clearly documented and many PMDs did not follow this implementation.
> Instead, the dev_supported_ptypes_get() function pointer now returns the
> number of elements to eliminate the need for "RTE_PTYPE_UNKNOWN"
> as the last item.
> 
> Fixes: 47909357a069 ("ethdev: make device operations struct private")
> Cc: ferruh.yigit@intel.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>

[snip]

> @@ -3956,7 +3958,7 @@ rte_eth_dev_set_ptypes(uint16_t port_id, uint32_t ptype_mask,
>   	 * set_ptypes array is insufficient fill it partially.
>   	 */
>   	for (i = 0, j = 0; set_ptypes != NULL &&
> -				(all_ptypes[i] != RTE_PTYPE_UNKNOWN); ++i) {
> +				(all_ptypes[i] < no_of_elements); ++i) {

condition here looks wrong, it should be i < no_of_elements

>   		if (ptype_mask & all_ptypes[i]) {
>   			if (j < num - 1) {
>   				set_ptypes[j] = all_ptypes[i];